Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

outpost 24

The 2026 Cybersecurity Threat Landscape: Persistent Adversaries, Repeatable Playbooks

Jan 19, 2026 By Lidia López Sanz In Outpost 24
As a threat intelligence team, our job is to separate noise from persistence in the cybersecurity threat landscape. In this article, we assess the threats most likely to remain and evolve through 2026 based on the threat actors, campaigns, and malware we have tracked and researched during the last year. Our work centers on tracking adversaries with a strong footprint in the underground ecosystem: forums, Telegram channels, data leak sites, and marketplaces where cybercriminals operate.
Read Post
indusface

CodeBreach: Critical AWS CodeBuild Misconfiguration Enabling Supply Chain Repository Takeover

Jan 16, 2026 By Aayush Vishnoi In Indusface
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed attackers to gain complete control over GitHub repositories used in AWS CI/CD pipelines, including the widely used AWS JavaScript SDK, introducing a severe software supply chain risk. This vulnerability, codenamed CodeBreach, stemmed from insufficiently restrictive CI pipeline configurations, build triggers, and webhook filters.
Read Post
indusface

Critical Node.js Vulnerabilities Expose Uninitialized Memory (CVE-2025-55131)

Jan 16, 2026 By Aayush Vishnoi In Indusface
CVE-2025-55131 is a high-severity buffer allocation race condition vulnerability in Node.js that can lead to uninitialized memory exposure when using the vm module with execution timeouts. This vulnerability is part of a coordinated Node.js security update addressing eight vulnerabilities across all active release lines.
Read Post
Arctic Wolf

CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability

Jan 15, 2026 By Andres Ramos In Arctic Wolf
On January 13, 2025, Fortinet released fixes for a critical-severity FortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within the phMonitor service (TCP/7900). An unauthenticated, remote threat actor can exploit this vulnerability via crafted TCP requests to execute unauthorized code or commands on affected systems.
Read Post
outpost 24

New attack analysis: What you need to know about the Endesa data breach

Jan 15, 2026 By Lydia Atienza In Outpost 24
Following the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers, Outpost24’s threat intelligence team has compiled a comprehensive analysis of the incident based on publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements.
Read Post
Why One-Time Vulnerability Scans Aren't Enough

Why One-Time Vulnerability Scans Aren't Enough

Jan 15, 2026 By SecuritySenses In SecuritySenses
A single vulnerability scan provides a tempting snapshot of security health. Too many companies rely on such periodic checks for compliance and some semblance of risk assessment. This, however, leads to an extremely dangerous illusion of security. Modern digital environments, as well as threat actors, move at speeds that are much too high for a static, point-in-time evaluation. Treating cybersecurity as an exercise in box-ticking leaves gaps that adversaries can use.
Read Post
jfrog

Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

Jan 14, 2026 By Ori Hollander In JFrog
A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may potentially lead to remote code execution”.
Read Post
Snyk

ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

Jan 14, 2026 By Stephen Thoemmes In Snyk
The recent disclosure of what security researchers are calling "the most severe AI-driven vulnerability uncovered to date" in ServiceNow's platform serves as a stark reminder: securing agentic AI isn't just about new AI-specific controls; it requires getting the fundamentals right first.
Read Post

Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & BlackCat insiders [281]

Jan 14, 2026 By LimaCharlie In LimaCharlie
A newly disclosed vulnerability in the workflow automation platform n8n, tracked as CVE-2026-21858 and rated CVSS 10.0, allows unauthenticated remote attackers to fully compromise exposed instances. Two malicious Chrome extensions impersonating a legitimate product from AITOPIA were found exfiltrating sensitive user data, including full AI chat histories, according to a report from OX Security. The recent U.S. military operation in Venezuela that led to the capture of President Nicolás Maduro may have included cyber operations, but official confirmation of cyber’s role remains ambiguous.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.