Daily Security Briefing #135

January 15, 2026 | Read Online

Cal.com critical auth bypass, HPE OneView active exploit, Modular DS WordPress admin takeover headlines today…

Executive Summary

Today’s cybersecurity landscape underscores ongoing risks from legacy protocols, urgent patching needs, and persistent phishing trends. The release of Net-NTLMv1 rainbow tables demonstrates the continued threat from outdated authentication methods still prevalent in many environments. Active exploitation campaigns target critical HPE OneView and WordPress Modular DS plugin vulnerabilities, both allowing remote code execution or privilege escalation leading to full system compromise. Cloud security concerns arise from AWS CodeBuild misconfigurations impacting GitHub repositories, while enterprises face growing phishing attacks primarily impersonating brands like Microsoft. Finally, data sovereignty drives Amazon’s launch of its new European Sovereign Cloud, addressing regulatory demands.

Top Articles

Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
Mandiant has released a comprehensive dataset of rainbow tables targeting the Net-NTLMv1 protocol to spotlight the critical need for organizations to retire this outdated legacy authentication standard. Despite being insecure for over 20 years, Net-NTLMv1 remains actively used, exposing systems to trivial credential theft. The release aims to accelerate widespread migration to safer protocols.
BLOG.GOOGLE.COM

Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability
Check Point Research uncovered active and large-scale exploitation of a critical remote code execution vulnerability (CVE-2025-37164) in HPE OneView. The RondoDox botnet launched tens of thousands of automated attacks, underscoring the severity of the flaw. Organizations are urged to patch immediately as attacks continue to escalate rapidly.
BLOG.CHECKPOINT.COM

Microsoft Remains the Most Imitated Brand in Phishing Attacks in Q4 2025
Microsoft topped the list as the most impersonated brand in phishing campaigns, accounting for 22% of recorded attempts in late 2025, followed by Google and Amazon. Attackers increasingly exploit trusted brands to harvest credentials and breach enterprise environments. Vigilance and enhanced phishing defenses remain critical.
BLOG.CHECKPOINT.COM

Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack Any User Account
A critical authentication bypass vulnerability (GHSA-7hg4-x4pr-3hrg) in Cal.com allowed attackers to fully compromise user accounts simply by knowing an email address, bypassing all authentication, including MFA. The issue affected versions 3.1.6 through 6.0.6 and has been addressed in version 6.0.7. Hosted deployments reportedly patched immediately after discovery.
GBHACKERS.COM | CYBERPRESS.ORG

BreachLock Expands Adversarial Exposure Validation (AEV) to Web Applications
BreachLock announced enhancements to its Adversarial Exposure Validation platform, enabling autonomous red teaming at the web application layer. Building on its previous network-layer focus, the AI-powered system simulates real-world attacks to identify vulnerabilities more comprehensively in application environments.
GBHACKERS.COM

Amazon Launches AWS Sovereign Cloud in Europe to Address Data Sovereignty Concerns
In response to European regulatory demands for data residency, Amazon Web Services unveiled its AWS Sovereign Cloud tailored for Europe. This platform ensures strict compliance with data sovereignty and jurisdictional control requirements, aiming to strengthen trust among European organizations managing sensitive data.
CYBERPRESS.ORG

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A significant misconfiguration in AWS CodeBuild services exposed critical GitHub repositories—including the AWS JavaScript SDK—to takeovers, potentially compromising numerous cloud environments. Discovered and reported responsibly, the flaw, dubbed “CodeBreach,” was remediated by AWS in September 2025.
THEHACKERNEWS.COM

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
A severe unauthenticated privilege escalation vulnerability (CVE-2026-23550) in the WordPress Modular DS plugin is under active exploitation, enabling attackers to bypass authentication and gain admin-level access. The issue affects all versions up to 2.5.1 and has been patched in 2.5.2. Site owners should update promptly.
THEHACKERNEWS.COM | BLEEPINGCOMPUTER.COM

Grubhub Confirms Hackers Stole Data in Recent Security Breach
Food delivery service Grubhub acknowledged a security breach in which attackers accessed internal systems. Sources indicate the company is now facing extortion demands related to the stolen data. The incident highlights persistent risks to consumer data held by online service providers.
BLEEPINGCOMPUTER.COM

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.