January 26, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Jan 26, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:43 [VULNERABILITY] Trending Critical Vulnerabilities Update
The following table details critical vulnerabilities (CVSS 9) that have been reportedly exploited or have had a proof of concept released in the past week. It is recommended that affected products are patched or mitigations are put in place to reduce the risk of exploitation.

02:13 [MALWARE] PDFSIDER Backdoor Deployed by Ransomware Actors
PDFSIDER is a newly identified malware variant that employs dynamic link library (DLL) sideloading to covertly deploy a backdoor with encrypted command-and-control (C2) capabilities. Resecurity noted that during its discovery of the malware, “The threat actor contacted their staff, impersonating technical support, and used social engineering tactics with QuickAssist” alongside phishing tactics.

03:56 [VULNERABILITY] Fortinet Critical Vulnerability Exploited Despite Patch
In December 2025, Fortinet released a patch for CVE-2025-59719 and CVE-2025-59718 both carrying CVSS scores of 9.8 and affecting the FortiCloud SSO feature in FortiWeb. On January 22, 2026, Fortinet confirmed it has had reports from customers of unexpected login activity which appears similar to the previous issues fixed.

06:06 [CAMPAIGN] Open Source Python Script Drives Social Media Phishing Campaign
A recent phishing campaign investigated by ReliaQuest uses private messages on social media platforms to trick victims into downloading weaponized files. Instead of relying on email, the attackers use direct messages on platforms that people often trust, which helps increase the chance of interaction.

08:20 [RANSOMWARE] BLACKBASTA Ransomware Leader and Operators Exposed
International authorities have exposed the BLACKBASTA ransomware group, identifying its alleged leader and raiding specialists in Ukraine. In Western Ukraine, police targeted two hash crackers responsible for extracting passwords to facilitate corporate network intrusions. These raids led to the seizure of digital devices and cryptocurrency.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.