Daily Security Briefing #146

January 26, 2026 | Read Online

GNU Inetutils RCE PoC, Instagram private post vulnerability, Indian tax phishing with Blackmoon malware lead today’s threats…

Executive Summary

Today’s cybersecurity news highlights critical vulnerabilities and active threat campaigns impacting a variety of sectors and technologies. A proof-of-concept exploit for a widespread GNU Inetutils telnetd remote code execution flaw threatens over 800,000 exposed systems. Instagram disclosed a serious server-side vulnerability allowing unauthenticated access to private posts, raising major privacy concerns. Targeted phishing campaigns in India deploy sophisticated Blackmoon malware via tax-related lures, underscoring continuing espionage attempts. Meanwhile, malicious Visual Studio Code extensions continue to steal developer source code, and new malware delivery abuses Windows App-V scripting. Sector-wide risks are compounded by infrastructure incidents like Cloudflare’s recent BGP route leak and state-linked wiper attacks attributed to Sandworm on Poland’s power grid. Policy shifts are also underway, including the OMB rescinding a prior secure software directive.

Top Articles

PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A critical remote code execution vulnerability (CVE-2026-24061) in GNU Inetutils telnetd is now exploitable with a public proof-of-concept. Security experts warn that over 800,000 vulnerable instances remain exposed globally, enabling unauthenticated attackers to execute arbitrary commands remotely on affected servers. This highlights the urgency for patching systems running outdated telnetd versions.
BleepingComputer

Instagram Investigates Reported Vulnerability Allowing Access to Private Content
Researchers disclosed a server-side flaw in Instagram’s mobile web interface that allowed completely unauthenticated users to view private posts without follower authorization. The issue exposes gaps in Meta’s vulnerability management and protective controls, potentially compromising millions of users’ privacy. The vulnerability was found after extensive coordinated disclosure efforts.
GBHackers | CyberPress

Critical NetSupport Manager Zero-Day Vulnerabilities Enable Remote Code Execution
Two critical authentication bypass vulnerabilities in NetSupport Manager enable unauthenticated remote code execution in versions up to 14.10.4.0. These flaws arise from insufficient input validation in an undocumented broadcast communication feature and have been patched since July 2025. Enterprises using this remote access software should apply updates urgently to prevent exploitation.
CyberPress

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
A sophisticated phishing campaign targets Indian taxpayers with emails pretending to be from the Income Tax Department, delivering Blackmoon backdoor malware. The multi-stage infection is linked to suspected cyber espionage operations focused on Indian users. Awareness and defensive measures against tax-themed phishing remain critical in the region.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Two malicious Visual Studio Code extensions posing as AI coding assistants have collectively over 1.5 million installs and covertly siphon developers’ source code to servers based in China. They remain available on the official marketplace, highlighting ongoing risks to developer environments and the need for vigilance around extension permissions.
The Hacker News

New ClickFix Attacks Abuse Windows App-V Scripts to Push Malware
Attackers have combined the ClickFix exploit technique with fake CAPTCHAs and signed Microsoft Application Virtualization (App-V) scripts to distribute the Amatera infostealing malware. This novel abuse leverages trusted scripting environments to evade detection and deliver payloads targeting user credentials and information.
BleepingComputer

Cloudflare Misconfiguration Behind Recent BGP Route Leak
A 25-minute Border Gateway Protocol (BGP) route leak triggered by a misconfiguration at Cloudflare caused service disruptions including packet loss and about 12 Gbps of dropped IPv6 traffic. The incident highlights risks associated with infrastructure misconfigurations that can quickly propagate internet-wide disruptions.
BleepingComputer

26th January – Threat Intelligence Report
Check Point Research’s latest bulletin covers recent cyberattack trends, including a ransomware strike by RansomHub targeting Luxshare, a supplier for major tech companies. Threat actors claim to have exfiltrated proprietary 3D CAD designs and circuit board layouts, underscoring the ongoing risk to the tech manufacturing supply chain.
Check Point Research

OMB Rescinds ‘Burdensome’ Biden-Era Secure Software Memo
The Office of Management and Budget has withdrawn a Biden-era directive aimed at enforcing secure software development practices, moving toward a voluntary attestation approach under the Trump administration’s policies. Critics label this a significant retreat in federal cybersecurity governance.
CyberScoop

Sandworm Blamed for Wiper Attack on Poland Power Grid
Researchers attribute a recent attempted wiper malware attack on Poland’s power grid to the Russian state-sponsored APT Sandworm group. Known for destructive cyber operations, Sandworm’s activity continues to pose severe threats to critical infrastructure in Eastern Europe.
DarkReading

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.