Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:07)
These are the cybersecurity headlines for Tuesday, January 27, 2026. I'm Sarah Lane. Microsoft patches office zero day vulnerability Microsoft pushed an emergency out of band patch for a high severity Office Zero day that attackers are actively exploiting. The flaw lets local unauthenticated attackers bypass security features with low complexity user interaction attacks by getting someone to open a malicious Office file. Office 2021 and Microsoft 365 received fixes immediately, but patches for Office 2016 and 2019 are not ready, with Microsoft offering temporary registry mitigations in the meantime. Indian users targeted by Black Moon Researchers at E Center's Threat Response Unit say a phishing campaign impersonating India's income tax department is delivering a multi stage backdoor to local users. The attackers use fake tax notices to drop a modified Black Moon Banking Trojan along with a Chinese made remote monitoring tool called SyncFuture TSM, turning it into an espionage platform for persistence, surveillance and data theft. The malware chain includes DLL side loading, UAC bypass, antivirus evasion and privilege escalation. Connie Targets Blockchain Developers Checkpoint Research says the Democratic People's Republic of Korea linked. Connie is targeting blockchain developers in Japan, Australia and India with phishing lures disguised as project docks to compromise development environments and access wallet credentials and crypto. The campaign uses an AI generated PowerShell backdoor with unusually clean structure, pointing to a shift towards longer term persistence beyond Connie's traditional South Korea focused operations. CISA releases new Cryptography Categories CISA published an initial list of hardware and software product categories that already support or are transitioning to post quantum cryptography. Developed with NSA under a 2025 executive order, the list is meant to guide procurement as quantum computing threatens current public key crypto categories include cloud services, browsers, messaging, endpoint security and networking, with PQC used for key establishment and digital signatures. CISA says future purchases in these categories should be PQC capable to prepare for Quantum era encryption risks Huge thanks to our sponsor Conveyor. True Story an infosec team had to give customers MapQuest style directions just to navigate their Trust center spoiler. It didn't reduce follow up questions and created even more work for everyone involved. With Conveyor's new Trust Center AI agent, customers get answers instantly and can even upload questionnaires for the agent to complete. This way customers find what they need and keep it pushing without your team needing to intervene. Let's learn more@conveyor.com Cloudflare misconfig behind BGP route leak Cloudflare says a recent 25 minute IPv6 BGP route leak that caused congestion, packet loss and roughly 12 gigabits per second of dropped traffic was triggered by a router policy misconfiguration in Miami, Florida. This appeared to accidentally redistribute internal IPv6 prefixes to external peers, violating Valley Free routing rules. Engineers detected the issue, then reverted the config, paused automation and restored normal routing access System Flaws unlock doors at Euro firms SEC Consult found more than 20 vulnerabilities in dormakaba's exospaced finished physical access control systems used by major European enterprises. Flaws included hard coded credentials and weak crypto and command injection and path traversal, potentially letting attackers remotely unlock doors, harvest pins or pivot inside networks. Dormakaba patch the issues over the past 18 months and says exploitation would typically require internal network access, though researchers identified Internet exposed systems that could be opened directly. Malware Guarantees phishing extensions on Chrome Web Store Varonis Researchers uncovered a new malware as a service dubbed Stanley that sells malicious Chrome extensions designed to pass Google's Web Store review. They overlay full screen phishing iframes while preserving the real URL bar and support silent installs on Chrome, Edge and Brave. Stanley offers subscription tiers up to a Lux plan that includes publishing support plus C2 polling, geotargeting and notification lures. New Phishing Attacks break into SSO accounts Cybercrime groups appear to be running a new wave of real time voice phishing attacks against single sign on accounts using spoofed SSO domains and live phone calls to sync and MFA prompts and steal credentials. Mandiant and Okta report that actors identifying as shiny hunters are breaking into software as a service environments, exfiltrating data and issuing extortion demands with some victims, including SoundCloud and Betterment. Researchers say there's no vendor vulnerability involved, just social engineering with more convincing tooling. Every CISO is going to tell you that resilience is the goal of any security program. But how can we be resilient when every organization is beholden to a bevy of third party providers, each with their own degrees of resilience. That is one of the questions we're trying to answer on this week's episode of the CISO Series podcast. Look for the episode. I'll show you our resilience plan once our cloud storage is back online. Wherever you get your podcasts, if you have thoughts on the news from today or about the show in general Be sure to reach out to us@feedbacksoseries.com we'd really like to hear from you. I am Sarah Lane reporting for the CISO series. You stay safe and even safer out there.