Daily Security Briefing #150
- DjediTech
- Security , Newsletter
- January 30, 2026
Table of Contents
January 30, 2026 | Read Online
Ivanti zero-day exploited, Magento session hijacks, AI-powered vulnerability attacks advancing…
Executive Summary
Today’s cybersecurity landscape is marked by critical real-world exploitation of newly disclosed vulnerabilities. Ivanti Endpoint Manager Mobile’s zero-days (CVE-2026-1281 & CVE-2026-1340) have been actively exploited before patches were available, underscoring the urgent need for swift mitigation. Attackers continue to leverage flaws in popular platforms, such as the Magento “SessionReaper” vulnerability that has compromised over 200 e-commerce sites globally. Meanwhile, artificial intelligence models are increasingly capable of automating multistage cyberattacks, amplifying threat actor efficiency. Organizations also face emerging threats through hijacked legitimate infrastructure, misconfigured server protocols, and infiltration of trusted browser extensions. Microsoft’s planned disabling of NTLM authentication highlights developments in hardening long-standing security weaknesses.
Top Articles
Metasploit Wrap-Up 01/30/2026
Rapid7 released new Metasploit modules targeting FreePBX systems by chaining multiple vulnerabilities beginning with CVE-2025-66039, allowing unauthenticated access. Subsequent exploitation involves SQL injection (CVE-2025-61675) or file upload bugs (CVE-2025-61678) to achieve remote code execution. These additions provide penetration testers updated tools to assess PBX security and encourage timely patching.
Rapid7
Critical Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Exploited in the Wild (CVE-2026-1281 & CVE-2026-1340)
Ivanti disclosed two critical zero-day vulnerabilities impacting Endpoint Manager Mobile, with confirmed exploitation prior to the public announcement. CVE-2026-1281 was promptly added to CISA’s Known Exploited Vulnerabilities catalog, demanding immediate action from users. The flaws enable unauthorized access and control, posing significant risks to organizations relying on this widely deployed mobile device management solution.
Rapid7
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
Anthropic’s latest evaluation highlights advancements in AI cybersecurity capabilities, with current Claude models autonomously executing complex multistage network attacks using standard tools. This evolution lowers the barrier for automated cyber offense, emphasizing the criticality of foundational security practices such as timely patches and robust network segmentation.
Schneier on Security
Friday Squid Blogging: New Squid Species Discovered
Scientists documented a novel deep-sea squid species exhibiting unique plant-mimicking behaviors by burying itself upside down in the seafloor. The discovery in the Pacific’s Clarion-Clipperton Zone sheds light on abyssal ecology and raises environmental considerations related to deep-sea mining in this resource-rich area.
Schneier on Security
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
Cybercriminals are exploiting education-themed domains as front ends for a traffic distribution system (TDS) that delivers phishing, scams, and malware payloads via bulletproof hosting. Analysis revealed first-stage JavaScript loaders directing victims through complex routing chains, demonstrating increasing adversarial sophistication in masking harmful infrastructure.
GBHackers
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
Attackers have abused Hugging Face’s machine learning platform repositories to distribute a polymorphic Android RAT dropper named TrustBastion. Leveraging social engineering alongside Accessibility Services exploitation, this campaign evades standard hash-based detection and gains deep control over infected devices.
GBHackers
Moltbot Operators Leak Control Panels via Exposed mDNS Traffic
Misconfigured multicast DNS broadcasts in Moltbot deployments leak sensitive operational metadata, including control panel access credentials for over 1,400 global instances. This exposure places numerous autonomous agent orchestration systems at risk of reconnaissance and takeover by unauthorized actors.
CyberPress
Attackers Hijack 200+ Sites by Exploiting Magento Vulnerability
More than 200 Magento e-commerce sites suffered compromises through abuse of CVE-2025-54236 (“SessionReaper”), which allows bypassing session invalidation leading to unauthorized account takeovers. Multiple independent campaigns underline the criticality of patching and monitoring session management vulnerabilities in web applications.
CyberPress
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Malicious Chrome extensions, including “Amazon Ads Blocker,” have been identified hijacking affiliate links and stealing OpenAI ChatGPT authentication tokens. This undermines user trust and risks data leakage, illustrating continued malicious targeting of browser extension ecosystems.
The Hacker News
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cisco Talos researchers reveal a campaign by China-linked UAT-8099 targeting vulnerable IIS servers in Thailand, Vietnam, and wider Asia. The attackers implant BadIIS SEO malware that manipulates search engine rankings to distribute malicious content, highlighting regionally focused infrastructure attacks.
The Hacker News
Microsoft to Disable NTLM by Default in Future Windows Releases
Microsoft will disable the legacy NTLM authentication protocol by default in upcoming Windows versions, addressing longstanding security vulnerabilities exploited by threat actors. This move encourages organizations to adopt more secure authentication methods, mitigating risks like credential replay and relay attacks.
BleepingComputer
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.