Today’s roundup
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
SmarterTools patches critical SmarterMail flaw allowing code execution
SolarWinds addressed four critical Web Help Desk flaws
Cyberattack on large Russian bread factory disrupts supply deliveries
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Marquis blames ransomware breach on SonicWall cloud backup hack
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
Hugging Face abused to spread thousands of Android malware variants
Google targets IPIDEA in crackdown on global residential proxy networks
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Ivanti Endpoint Manager Mobile (EPMM) zero-day, CVE-2026-1281 (CVSS 9.8), to its Known Exploited Vulnerabilities catalog. This code injection flaw enables unauthenticated remote code execution and is actively exploited, mandating federal agencies to patch by February 2, 2026.
SmarterTools patched multiple critical SmarterMail flaws, including an unauthenticated RCE (CVE-2026-24423, CVSS 9.3) and an actively exploited authentication bypass (CVE-2026-23760, CVSS 9.3) added to CISA's KEV catalog, with over 6,000 servers potentially vulnerable.
SolarWinds has issued security updates for six vulnerabilities in its Web Help Desk software, with four critical flaws (CVE-2025-40551, -40552, -40553, -40554) enabling unauthenticated remote code execution or authentication bypass, all carrying a CVSS score of 9.8.
The Vladimir Bread Factory, a major bakery producer in Russia, reported a cyberattack that disrupted its internal digital systems, including office computers, servers, and electronic document management tools. The incident, occurring overnight on Sunday, has led to disruptions in supply deliveries.
Match Group, parent company of popular online dating services including Tinder, Match.com, OkCupid, and Hinge, has confirmed a cybersecurity incident. The breach resulted in the compromise of user data across its various platforms.
Marquis Software Solutions, a financial services provider, attributed an August 2025 ransomware attack affecting dozens of U.S. banks and credit unions to a security breach reported by SonicWall a month prior, impacting its cloud backup systems.
A joint investigation by SentinelOne SentinelLABS and Censys revealed approximately 175,000 unique Ollama AI hosts across 130 countries are publicly exposed and unmanaged. This exposes a vast layer of insecure AI compute infrastructure operating outside typical security controls.
A new Android malware campaign is leveraging the Hugging Face platform as a repository for thousands of APK payload variants. These malicious applications are designed to collect credentials for popular financial and payment services.
Google, with partners, significantly disrupted the IPIDEA residential proxy network through legal takedowns, ecosystem enforcement, and Play Protect actions against embedded SDKs. This extensive operation degraded the network, impacting millions of devices used by threat actors.
The Aisuru/Kimwolf botnet launched a massive distributed denial of service (DDoS) attack in December 2025, reaching a new record peak of 31.4 terabits per second (Tbps) and 200 million requests per second.
Want to dig deeper?
Vulnerabilities
Cyber Groups
Malware Families