Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 20, 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked as CVE‑2026‑21962. An unauthenticated remote threat actor can exploit this flaw to gain unauthorized creation, deletion, or modification access to critical data. The issue stems from improper handling of incoming requests by the WebLogic Server Proxy Plug‑ins for Apache HTTP Server and Microsoft IIS.

Seemplicity’s Year in Review is a product feature that provides each customer with a year-end view of how risk and exposure moved through their own environment. This post walks through the metrics included in the latest experience and what they help teams reflect on as they refine their exposure management processes.

On January 21, 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper input validation of user-supplied data in HTTP requests to the web-based management interface of affected devices.

In January 2026, the GNU telnetd service from GNU InetUtils was found to be vulnerable to authentication-bypass by Simon Josefsson. Tracked as CVE-2026-24061, this flaw allows an attacker to establish a Telnet session without providing valid credentials, granting unauthorized access to the target system. The vulnerability exists all the way up to version 2.7-2 of the GNU telnetd service and, as indicated by Simon, looks like it was taken right out of the 90s.

Starting on January 15, 2026, Arctic Wolf began observing a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. This activity involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations.

Most large organizations rely on multiple vulnerability and exposure scanning tools out of necessity. Infrastructure scanners, cloud security platforms, application security testing tools, container scanners, and attack surface management solutions all play a role. Each one is designed to answer a specific question. But when it comes to understanding the risk of the vulnerabilities and exposures they detect, each tool has its own approach to quantifying it.

This week, I am joining global policymakers and innovators in Davos for the World Economic Forum. The theme for 2026 is "A Spirit of Dialogue", a recognition that our toughest challenges require shared understanding and cooperation. As we gather to discuss the future of the global economy, we have an opportunity to lead an urgent conversation. It centers on the reality of artificial intelligence (AI), not the hype about what it might do, but on what it is already doing in our enterprises.