CyberNews: 26/01/2026 Edition

Published by Dunateo on 2026-01-26

Today’s roundup

  • CISA says critical VMware RCE flaw now actively exploited
  • 1Password adds pop-up warnings for suspected phishing sites
  • Winning Against AI-Based Attacks Requires a Combined Defensive Approach
  • Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
  • Okta Flags Customised, Reactive Vishing Attacks Which Bypass MFA
  • North Korea–linked KONNI uses AI to build stealthy malware tooling
  • Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

    • Summary

    The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical VMware vCenter Server remote code execution (RCE) vulnerability that is now being actively exploited. U.S. federal agencies have been mandated to patch their affected servers within a three-week timeframe to mitigate the threat.

    1Password, a digital vault and password manager, has enhanced its security features by incorporating built-in protection against phishing URLs. The new functionality provides users with pop-up warnings when navigating to suspected malicious websites, aiming to prevent credential compromise by threat actors.

    Google's Threat Intelligence Group has highlighted the growing sophistication of AI-based attacks, noting adversaries leverage Large Language Models (LLMs) to conceal code and generate malicious scripts in real-time. This allows malware to rapidly adapt and evade detection, underscoring the necessity of a combined defensive strategy to counter these evolving threats.

    The U.S. law firm Hagens Berman is initiating a class action lawsuit against Coupang, alleging security failures that contributed to a data breach in June 2025. The firm is investigating the extent of the impact and potential liabilities stemming from the incident.

    Okta has detected sophisticated, customized, and reactive vishing attacks designed to bypass multi-factor authentication (MFA). Threat actors impersonate IT support teams and employ phishing kits to dynamically generate fake login pages in real-time, tricking victims into divulging their credentials.

    Check Point Research has detailed an active phishing campaign by the North Korea-linked KONNI APT group, which is now deploying AI-generated PowerShell malware. This campaign specifically targets blockchain developers and engineering teams across Japan, Australia, and India, utilizing Discord-hosted ZIP files with LNK and PDF lures to initiate an infection chain that deploys a stealthy, AI-assisted backdoor.

    ESET has attributed a destructive cyberattack attempt on Poland's energy sector on December 29, 2025, to the Russia-linked Sandworm APT group. The incident involved the deployment of a wiper malware, identified as DynoWiper (Win32/KillFiles.NMO), which showed clear destructive intent. While no successful disruption of the power grid was confirmed, the attack coincided with the tenth anniversary of Sandworm's 2015 cyberattack on Ukraine's power grid.

    Want to dig deeper?

    Malware Families

    Konni