LexisNexis Legal & Professional confirmed a data breach where hackers accessed its AWS infrastructure via the React2Shell vulnerability. The breach resulted in the exposure of legacy data, including information related to U.S. government employees.

A sophisticated campaign has been identified where threat actors impersonate IT support to deploy the Havoc C2 framework, leading to potential data exfiltration or ransomware attacks.

CISA has added two vulnerabilities, CVE-2026-21385 and CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.

A critical command injection vulnerability, CVE-2026-22719, in VMware Aria Operations has been exploited in the wild. This flaw allows unauthenticated attackers to execute arbitrary commands, potentially leading to remote code execution.

AkzoNobel, a leading paint and coatings company, has confirmed a cyberattack on one of its U.S. sites by the Anubis ransomware gang. The intrusion has been contained, and the impact is limited.

Attackers can manipulate process objects and hide malicious activity, rendering the endpoint defenseless despite the presence of security software. This allows for encryption, credential theft, and lateral movement without interference.

A trojanized version of the open-source FTP client FileZilla 3.69.5 has been discovered, circulating online with a malicious `version.dll`. This attack is part of a growing trend where trusted software is used to distribute malware.

A ransomware attack by the Rhysida group targeted the local government of Southold, NY, disrupting critical systems and demanding a ransom of 10 bitcoin. The attack was announced on November 24, 2025, with recovery efforts ongoing as of mid-January.

The University of Hawaii Cancer Center experienced a ransomware attack, leading to a data breach affecting up to 1.2 million individuals. The breach involved data from the Multiethnic Cohort Study and three other epidemiological studies.

Google has released a security update addressing 129 vulnerabilities in Android devices, including an actively exploited zero-day vulnerability, CVE-2026-21385, affecting Qualcomm components.