Daily Security Briefing #144
- DjediTech
- Security , Newsletter
- January 24, 2026
Table of Contents
January 24, 2026 | Read Online
Sandworm’s failed Polish power grid attack, Microsoft’s new winapp CLI, AI-driven malware targets blockchain engineers…
Executive Summary
Cybersecurity threats continue evolving with state-sponsored groups like Russia’s Sandworm linked to a recent failed destructive attack on Poland’s power infrastructure using new DynoWiper malware. Meanwhile, Microsoft is advancing development tools for Windows apps by open-sourcing the winapp command-line interface, aiming to streamline multi-framework workflows outside traditional IDEs. Emerging phishing and malware campaigns show increased sophistication: a multi-stage ransomware and RAT attack targets Russia, while North Korean hackers leverage AI to craft malware aimed at blockchain engineers. Additionally, concerns around workplace surveillance grow as Microsoft Teams introduces Wi-Fi-based employee location tracking. Exploits around a telnetd vulnerability and fresh adversary-in-the-middle campaigns pose ongoing risks, underscoring the need for vigilance across sectors.
Top Articles
Sandworm hackers linked to failed wiper attack on Poland’s energy systems
Late December 2025 saw a major cyberattack targeting Poland’s power grid that was traced to the Russian state-sponsored group Sandworm. Their attempt involved deploying a newly identified destructive malware called DynoWiper aimed at wiping critical data. The attack ultimately failed, but demonstrates continued threats to national infrastructure from advanced persistent threats.
BleepingComputer | TheHackerNews
Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development
Microsoft announced the public preview release of winapp, an open-source Windows App Development CLI designed to simplify app development across multiple frameworks and toolchains. Targeting developers who work outside Visual Studio or MSBuild, the tool supports environments like Electron, CMake, and .NET, aiming to modernize and unify the Windows dev lifecycle.
GBHackers | CyberPress
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
A complex phishing campaign has been uncovered targeting Russian users, delivering business-themed lures that deploy ransomware and a remote access trojan named Amnesia RAT. The social engineering approach uses benign-looking documents to initiate infection, highlighting increasing sophistication in regional cyber espionage and extortion tactics.
TheHackerNews
Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks
Microsoft confirmed a new Teams feature that will automatically share employee locations by detecting which Wi-Fi networks are accessed. This has raised significant privacy concerns regarding workplace monitoring and hybrid work environments, reflecting growing tensions between operational oversight and employee privacy.
GBHackers
telnetd Vulnerability Actively Exploited Following Public Proof-of-Concept Release
A critical authentication bypass vulnerability in the GNU InetUtils telnetd service is being actively exploited after the public release of a proof-of-concept exploit. Attackers can gain root access by manipulating the USER environment variable during telnet negotiations, demanding urgent patching for affected systems.
CyberPress
Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls
Microsoft Defender researchers revealed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting the energy sector that abuses SharePoint file-sharing to bypass email security checks. The attack began from a compromised vendor’s email, showing advanced tactics using trusted cloud platforms to compromise multiple user accounts.
GBHackers
Konni Hackers Target Blockchain Engineers with AI-Built Malware
The North Korean hacking group Konni is deploying AI-generated PowerShell malware designed specifically to target developers and engineers in the blockchain space. This marks an evolution in threat actor capabilities, combining AI with tailored attacks against high-value sector professionals.
BleepingComputer
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data
The WorldLeaks cybercrime group claims to have breached systems belonging to Nike and threatens to release stolen data. Nike is actively investigating the reported incident as it assesses the scope and impact of the claimed intrusion.
SecurityWeek
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 commemorates nine years of the Cyber Threat Alliance, highlighting its role in pioneering global collaborative defense initiatives against cyber threats. The CTA continues to foster information sharing and joint response among industry leaders and government entities.
Unit42
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.