🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
20 JanCVE-2026-20818 Windows Kernel Information Disclosure VulnerabilityUpdated the build numbers. This is an informational update only.MSRC.MICROSOFT.COM
20 JanCVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution VulnerabilityUpdated FAQ information. This is an informational change only.MSRC.MICROSOFT.COM
20 JanCVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityUpdated the build numbers. This is an informational update only.MSRC.MICROSOFT.COM
20 JanCVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityUpdated the build numbers. This is an informational update only.MSRC.MICROSOFT.COM
20 JanCVE-2026-20848 Windows SMB Server Elevation of Privilege VulnerabilityUpdated the build numbers. This is an informational update only.MSRC.MICROSOFT.COM
20 JanVU#481830: Libheif uncompressed codec lacks bounds check leading to application crashOverview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of…KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 3[−]
20 Jan169: MoDLegion of Doom, step aside. There’s a new elite hacker group in town, and they’re calling themselves Masters of Deception (MoD). With tactics that are grittier and more sophisticated than those of the LoD, MoD has targeted high-profile entities and left an indelible mark on the i…DARKNETDIARIES.COM
20 JanEVerest security auditQuarkslab performed the first public security audit of EVerest , an open-source project for EV charging stations hosted by LF Energy . The audit was mandated by the Open Source Technology Improvement Fund, Inc. .QUARKSLAB.COM
20 JanAI-supported vulnerability triage with the GitHub Security Lab Taskflow AgentLearn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects. The post AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent appeared first on The GitHub Blog…GITHUB.BLOG
🔥 INCIDENT REPORTING 1[−]
20 JanKimwolf Botnet Lurking in Corporate, Govt. NetworksA new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local…KREBSONSECURITY.COM
📡 INFOSEC NEWS 2[−]
20 JanOld habits die hard: 2025’s most common passwords were as predictable as everOnce again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and wellWELIVESECURITY.COM
20 JanLLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations TeamsLLM cybersecurity benchmarks fail to measure what defenders need: faster detection, reduced containment time, and better decisions under pressure.SENTINELONE.COM