⚠️ Microsoft’s first Patch Tuesday of 2026 fixes 114 Windows flaws, including one exploited in the wild.

CVE-2026-20805 is a local info-leak in Desktop Window Manager that can expose memory addresses and weaken ASLR.

🔗 Read → https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html

Here's a summary of the most important world, technology, and cybersecurity news from the last 24-48 hours:

World: A train crash in Thailand killed at least 22 people (Jan 14). US President Trump warned Iran amid protests and reaffirmed his desire to acquire Greenland (Jan 14).

Technology: Big Tech companies are heavily investing in energy infrastructure to power their AI ambitions amidst growing backlash over resource usage (Jan 14). Apple's status as a tech visionary is being questioned amidst the rapid AI advancements (Jan 14).

Cybersecurity: CISA and Microsoft patched an actively exploited Windows information disclosure vulnerability (CVE-2026-20805) (Jan 13-14). The World Economic Forum's 2026 outlook highlights enterprise security facing a "three-front war" from cybercrime, AI misuse, and supply chain attacks (Jan 13).

#News #Anonymous #AnonNews_irc

📰 CISA Mandates Patch for Exploited Windows Zero-Day Used in Attack Chains

🚨 CISA adds actively exploited Windows zero-day CVE-2026-20805 to its KEV catalog! The info-disclosure flaw in Desktop Window Manager is used to bypass ASLR in attack chains. Federal agencies must patch by Feb 3. ⚠️ #Windows #ZeroDay #Infosec

🔗 https://cyber.netsecops.io/articles/cisa-mandates-patch-for-actively-exploited-windows-zero-day-cve-2026-20805/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

📰 Microsoft's January 2026 Patch Tuesday Fixes 114 Flaws, Including One Exploited Zero-Day

Microsoft's January 2026 Patch Tuesday is massive, fixing 114 vulnerabilities! 💻 The update includes 8 critical RCE flaws and one actively exploited zero-day (CVE-2026-20805). Prioritize patching now! #PatchTuesday #Microsoft #Cybersecurity

🔗 https://cyber.netsecops.io/articles/microsoft-january-2026-patch-tuesday-fixes-114-vulnerabilities/?utm_source=mastodon&utm_medium=social…

Microsoft patched an actively exploited Windows DWM flaw (CVE-2026-20805) in January Patch Tuesday.

CISA added it to the KEV list within hours, warning of real-world attacks.
Patch now. Medium severity, high impact when chained.

#Windows #PatchTuesday #CyberSecurity #CVE

Microsoft Flickentag 2026-01

Zum Beginn des Jahres bringt Microsoft (MS) Flicken für 113 Sicherheitslücken - eine ganze Menge. Von denen wird eine (CVE-2026-20805) bereits für Angriffe ausgenutzt (Zero-Day); eine andere (CVE-2026-21265) war schon lange bekannt, aber wird (noch) nicht für Angriffe genutzt. Von den jetzt geflickten Sicherheitslücken stuft MS 8 als kritisch ein, 5 von denen stecken in Komponenten von MS-Office. Die bereits ausgenutzte CVE-2026-20805 stuft MS nur als wichtig (nicht als kritisch) ein, das verstehe wer will. Die CISA hat diese Lücke in den KEV (Known Exploited Vulnerabilities) Katalog aufgenommen und eine Order erlassen, nach der Behörden

https://www.pc-fluesterer.info/wordpress/2026/01/14/microsoft-flickentag-2026-01/

#Warnung #0day #exploits #Microsoft #office #sicherheit #UnplugTrump #windows #zahlen #zeroday

Cyber Threat Intelligence Briefing – Jan. 14, 2026

Incident: Microsoft Windows users impacted by CVE-2026-20805 causing memory information disclosure

Date of Incident (ET): Unknown

Date of Disclosure (ET): Jan. 13, 2026

Summary: Microsoft addressed a zero-day vulnerability in Desktop Window Manager actively exploited to leak sensitive memory addresses. CISA added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by Feb. 3.

Source: https://www.theregister.com/2026/01/14/patch_tuesday_january_2026/

Incident: Nissan Motor Corporation impacted by Everest ransomware causing data extortion threat

Date of Incident (ET): Jan. 10, 2026

Date of Disclosure (ET): Jan. 13, 2026

Summary: The Everest ransomware group listed Nissan on its leak site, claiming the theft of 900 gigabytes of data. The group has threatened to release dealership orders, sales records, and internal business communications if demands are unmet.

Source: https://www.scworld.com/brief/everest-ransomware-group-claims-nissan-breach-demands-response

Incident: Polish power system impacted by Russian-linked actor causing attempted disruption

Date of Incident (ET): December 2025

Date of Disclosure (ET): Jan. 13, 2026

Summary: Poland's energy minister confirmed the country repelled a massive cyberattack targeting communications between renewable installations and distribution operators. Officials attributed the failed attempt to disrupt critical infrastructure to Russian military intelligence actors.

Source: https://www.straitstimes.com/world/europe/massive-cyberattack-on-polish-power-system-in-december-failed-minister-says

Incident: Gogs repository service impacted by CVE-2025-8110 causing remote code execution

Date of Incident (ET): Unknown

Date of Disclosure (ET): Jan. 13, 2026

Summary: CISA warned of active exploitation of a high-severity path traversal flaw in the Gogs Git service. The vulnerability allows attackers to overwrite sensitive files and achieve code execution; approximately 700 instances have been compromised.

Source: https://thehackernews.com/2026/01/cisa-warns-of-active-exploitation-of.html

Incident: Betterment customers impacted by social engineering causing unauthorized PII access

Date of Incident (ET): Jan. 9, 2026

Date of Disclosure (ET): Jan. 12, 2026

Summary: Fintech firm Betterment confirmed a breach of third-party marketing systems via social engineering. Attackers accessed customer names and contact details to distribute fraudulent cryptocurrency scam notifications to users, though core accounts remained secure.

Source: https://techcrunch.com/2026/01/12/fintech-firm-betterment-confirms-data-breach-after-hackers-send-fake-crypto-scam-notification-to-users/

‼️CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution

Exploit/PoC: https://github.com/horizon3ai/CVE-2025-64155

CVSS: 9.4
Published: Jan 13, 2026

Writeup: https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-772

🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM which may allow an unauthenticated attacker to execute unauthorised code or commands via crafted TCP requests. (CVSS 9.8)

I've created a vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-64155.yaml

Patches are strongly advised. If you are unable to patch it is recommended that you limit access to the phMonitor port (7900) as per Fortinet's advisory:
https://fortiguard.fortinet.com/psirt/FG-IR-25-772

Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 https://www.it-connect.fr/fortinet-fortisiem-cve-2025-64155/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

There's the DoS.

CVSS-BT: 7.7 / CVSS-B: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:M/U:Amber)

https://security.paloaltonetworks.com/CVE-2026-0227

@cR0w cve-2026-0227 seems spicy

DoS-Schwachstelle in PAN-OS bedroht GlobalProtect-Infrastruktur

Palo Alto Networks hat eine kritische Sicherheitslücke in seiner Firewall-Software PAN-OS behoben. Die als CVE-2026-0227 klassifizierte Schwachstelle erlaubt es Angreifern ohne Authentifizierung, Denial-of-Service-Attacken gegen GlobalProtect-Komponenten durchzuführen und betroffene Systeme in den Wartungsmodus zu zwingen.

https://www.all-about-security.de/dos-schwachstelle-in-pan-os-bedroht-globalprotect-infrastruktur/

#PaloAltoNetworks #DoS #PANOS #firewall

Serveur WDS – CVE-2026-0386 : le correctif va impacter les fichiers de réponse https://www.it-connect.fr/serveur-wds-cve-2026-0386-le-correctif-va-impacter-les-fichiers-de-reponse/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #WDS

Haven't seen a cypher injection for a while. This one is in Apache Camel-Neo4j.

https://camel.apache.org/security/CVE-2025-66169.html

❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition

PoC/Exploit: https://github.com/nu1lptr0/CVE-2025-53136

CVSS: 5.5
CVE Published: Aug 12th, 2025

I'm not concerned about this as a security concern, but I know people around here like their AQI monitors so this might be handy for folks trying to hack theirs for other functionality.

https://github.com/rupeshsurve04/CVE-2025-67399/blob/main/AIRTH_SMART_HOME_AQI_MONITOR_CVE-2025-67399.pdf

Still no fix in BIG-IP DNS for CVE-2025-8677.

https://my.f5.com/manage/s/article/K000157317