Tageszusammenfassung - 27.01.2026

End-of-Day report

Timeframe: Montag 26-01-2026 18:00 - Dienstag 27-01-2026 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl

News

Over 6,000 SmarterMail servers exposed to automated hijacking attacks

Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.

https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/

Nike investigates data breach after extortion gang leaks files

Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.

https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/

Microsoft bringt Notfallpatch: Office-Nutzer werden über Zero-Day-Lücke attackiert

Eine gefährliche Sicherheitslücke betrifft alle gängigen Office-Versionen. Angesichts der aktiven Ausnutzung sollten Anwender zügig patchen.

https://www.golem.de/news/microsoft-bringt-notfallpatch-office-nutzer-werden-ueber-zero-day-luecke-attackiert-2601-204646.html

Attacken beobachtet: Uralte Telnetd-Lücke gefährdet Hunderttausende Systeme

Seit über zehn Jahren können sich Angreifer via Telnet Root-Zugriff auf unzählige Geräte verschaffen. Neue Scans zeigen das Ausmaß.

https://www.golem.de/news/attacken-beobachtet-uralte-telnetd-luecke-gefaehrdet-hunderttausende-systeme-2601-204656.html

Bypassing Windows Administrator Protection

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary.This blog post will give a brief overview of the new feature, how it works and how it-s different from UAC. I-ll then describe some of the security research I undertook while it was in the ..

https://projectzero.google/2026/26/windows-administrator-protection.html

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-and-scripts/118664/

Canva among ~100 targets of ShinyHunters Okta identity-theft campaign

Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.

https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/

Threat actors use FortiCloud SSO bypass to collect LDAP connection passwords

CERT.at gained access to a toolkit of an unknown threat actor targeting FortiCloud SSO bypass in Fortinet appliances (CVE-2025-59718/CVE-2025-59719). We are releasing under TLP:CLEAR key findings about likely post-exploitation goals of the attacker. The obtained exploit works only for the original vulnerability [1] and is not effective against patched ..

https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords

Russian security systems firm Delta hit by cyberattack, services disrupted

Building and car alarm systems managed by Russian company Delta have been disrupted by a cyberattack blamed on a "hostile foreign state."

https://therecord.media/russia-delta-security-alarm-company-cyberattack

Clawdbot: Ein OpenSource KI-Assistent - cool und ein Sicherheitsdesaster

Bisher dominierten AI-Dienste wie ChatGPT, Gemini etc. den Bereich der LLMs - und Bots setzen auf diesen LLMs auf. Peter Steinberger hat mit seinem Team einen OpenSource Bot, Clawdbot, gebaut, der lokal läuft, Schnittstellen zu diversen Diensten und Modellen bietet ..

https://borncity.com/blog/2026/01/26/clawdbot-ein-opensource-ki-assistent/

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated threat actors continue to exploit this n-day across disparate operations. The consistent exploitation method, a ..

https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability/

Apache Hadoop: Fehler im HDFS-Native-Client lässt Schadcode passieren

Das Framework Apache Hadoop ist verwundbar. Attacken können im Kontext des HDFS-Dateisystems geschehen. Ein Sicherheitspatch ist verfügbar.

https://heise.de/-11155241

Vulnerabilities