Daily Security Briefing #147
- DjediTech
- Security , Newsletter
- January 27, 2026
Table of Contents
January 27, 2026 | Read Online
AWS WorkMail phishing, WinRAR exploitation, SmarterMail RCE in active use…
Executive Summary
Today’s cybersecurity landscape reveals a rise in cloud-based phishing campaigns leveraging platforms like AWS WorkMail, highlighting persistent abuse of cloud infrastructure. Critical vulnerabilities continue to be aggressively exploited, including WinRAR’s recent path traversal flaw and a widespread remote code execution flaw in SmarterMail servers affecting thousands worldwide. Meanwhile, targeted attacks persist, with Pakistan-linked threat actors targeting Indian government entities and zero-day exploitation on React2Shell impacting IT sectors globally. Efforts to address the skills gap and boost resilience, such as WhatsApp’s new lockdown mode feature for high-risk users, signal an evolving defense posture focused on proactive security and intelligence-driven strategies.
Top Articles
Threat Actors Using AWS WorkMail in Phishing Campaigns
Rapid7 reports that attackers increasingly exploit AWS WorkMail infrastructure to conduct phishing and spam campaigns. By hijacking victims’ cloud systems, threat actors offload operational costs onto targets, creating unexpected expensive bills while leveraging the cloud to mask malicious activities. This trend underscores risks inherent in cloud resource abuse.
Rapid7
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Google Threat Intelligence Group reveals active exploitation of a severe path traversal vulnerability in WinRAR (CVE-2025-8088) by multiple groups, including government-backed actors. Despite a patch issued in July 2025, attackers continue to use this flaw for initial access and diverse payload delivery across campaigns targeting numerous industries.
Google Cloud
The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management
Cisco announced the end-of-sale and end-of-life for its Cisco Vulnerability Management solution (Kenna), forcing customers to reconsider their vulnerability management approach. With no direct replacement available, security teams must evaluate broader exposure management strategies beyond tool swaps to maintain effective risk reduction.
Rapid7
The Constitutionality of Geofence Warrants
The US Supreme Court reviews the legality of geofence warrants following a case where police used such warrants to identify a robbery suspect in Virginia. The warrants raise significant privacy and constitutional questions as they rely on location data of many uninvolved individuals to find suspects.
Schneier
Closing the Cyber Security Skills Gap: Check Point Partners with CompTIA
Recognizing the growing cyber skills shortage, Check Point joins forces with CompTIA and Infinity Global Services to deliver practical training aimed at developing real-world cybersecurity expertise. This partnership addresses industry-wide challenges in building a workforce capable of managing escalating cyber threats.
Check Point
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
The “G_Wagon” npm package, camouflaged as a UI component library, distributes a powerful infostealer targeting developers. The malware uses multi-stage obfuscation to harvest browser credentials, cryptocurrency wallets, cloud keys, and messaging tokens, posing significant risks to development environments.
GBhackers
Attackers Exploit React2Shell Vulnerability to Target IT Sector Systems
Researchers confirm active exploitation of the React2Shell vulnerability (CVE-2025-55182), stemming from insecure deserialization in React Server Components. This flaw allows remote code execution, affecting multiple sectors worldwide, and demands urgent patching and mitigation.
GBhackers
How Threat Intelligence Will Change Cybersecurity in 2026
Looking ahead, cybersecurity will leverage advanced threat intelligence to transform defense operations. Emerging trends push SOCs toward smarter, more efficient security posture alignment with business priorities, turning threat data into strategic advantage.
CyberPress
6,000+ SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Over 6,000 SmarterTools SmarterMail servers run vulnerable versions affected by a critical remote code execution flaw (CVE-2026-23760), with exploitation already occurring in the wild. Impacted organizations should urgently apply patches to prevent compromise.
CyberPress
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Meta introduces a Strict Account Settings feature on WhatsApp resembling Apple’s Lockdown Mode, designed to protect high-risk users—such as journalists and public figures—from advanced spyware by restricting certain functionalities in exchange for enhanced security.
The Hacker News
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Zscaler ThreatLabz uncovers recently active Pakistan-linked cyber campaigns, named Gopher Strike and Sheet Attack, targeting Indian government systems using new tradecraft. These operations align with previous APT behaviors and highlight ongoing regional cyber espionage tensions.
The Hacker News
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.