Welcome to the January 22nd edition of ONSEC Cyber Daily, where we unravel the intricate web of vulnerabilities threatening our digital landscape. Today's narrative weaves through a tapestry of cyber threats, starting with a stark revelation from Vodafone's survey highlighting the persistent peril of staff phishing vulnerabilities. As organizations become more vigilant, the urgency to patch known weaknesses intensifies. CISA's latest addition to its vulnerability catalog and Cisco's critical zero-day fixes underscore the relentless battle against cyberattacks. Meanwhile, the launch of the Global Cybersecurity Vulnerability Enumeration offers a new frontier in our defense strategy. From malicious exploits on Fortinet devices to stealthy malware campaigns, today's issue is a clarion call for heightened awareness and proactive measures. Dive in as we explore these pressing threats and the global efforts to fortify our digital defenses.

Exploits Alert

1. Vodafone Business Survey Shows Staff Phishing Vulnerability Poses Major Threat: A recent survey by Vodafone Business highlights a significant vulnerability in staff phishing awareness, with 89% of bosses acknowledging the increased alertness to cyber threats following last year's high-profile attacks. This underscores the critical need for enhanced employee training and robust cybersecurity measures to mitigate potential risks. Source: The Fast Mode.
2. CISA Adds One Known Exploited Vulnerability to Catalog: The Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog with a newly identified exploited vulnerability, urging organizations beyond federal agencies to prioritize reducing their exposure to cyberattacks. This move is part of a broader strategy to enhance national cybersecurity resilience. Source: CISA.
3. Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch: The launch of the Global Cybersecurity Vulnerability Enumeration (GCVE) introduces a new international standard for identifying and cataloging cybersecurity vulnerabilities, offering an alternative to the US-centric CVE system. This initiative aims to foster global collaboration and improve the accuracy of vulnerability assessments. Source: Infosecurity Magazine.

Vulnerabilities & Patches

1. Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex: Cisco has released critical patches to address a zero-day vulnerability, CVE-2026-20045, affecting Unified Communications and Webex Calling. This flaw, which allows remote code execution, was actively exploited in the wild, prompting urgent updates. Source: The Hacker News, Security Affairs, Bleeping Computer
2. Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices: Arctic Wolf has identified malicious activities exploiting Fortinet FortiGate devices, potentially bypassing patches for CVE-2025-59718. This highlights the need for continuous monitoring and patch management to mitigate evolving threats. Source: Arctic Wolf
3. TP-Link Patches Critical Vulnerability in VIGI Cameras: TP-Link has addressed a critical security flaw, CVE-2026-0629, impacting over 32 models of its VIGI C and VIGI N cameras. The vulnerability could allow unauthorized access, emphasizing the importance of timely updates for IoT devices. Source: SC Media
4. Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection: A severe vulnerability in Zoom's Node Meetings Hybrid and Meeting Connector deployments, tracked as CVE-2026-22844, allows remote code execution through command injection. Immediate patching is recommended to protect enterprise environments. Source: GBHackers
5. Microsoft January 2026 Patch Tuesday Fixes Actively Exploited DWM Zero-day: Microsoft has released patches for 112 vulnerabilities, including CVE-2026-20805, a zero-day in Desktop Window Manager. This update is crucial as the vulnerability was actively exploited, highlighting the importance of regular patching. Source: WinBuzzer

Podcasts

1. Zero Trust, Real Talk: A Conversation with Dr. Chase Cunningham: This podcast episode from TechSpective dives deep into the concept of Zero Trust in cybersecurity, featuring insights from Dr. Chase Cunningham. The discussion focuses on practical applications and the future of Zero Trust frameworks in securing digital environments. Source
2. UK-China Forum, Iranian TV Hijacked, VoidLink Made by AI: The CISO Series podcast covers a range of cybersecurity topics, including the geopolitical implications of the UK-China forum, the hijacking of Iranian TV, and the innovative AI-driven VoidLink. This episode provides a comprehensive overview of current cybersecurity challenges and technological advancements. Source
3. The CyberWire Daily: This podcast offers daily updates on the latest cybersecurity news and trends, featuring expert analysis and interviews with industry leaders. It covers a wide array of topics, from emerging threats to policy changes, making it a must-listen for cybersecurity professionals. Source
4. Darknet Diaries: Hosted by Jack Rhysider, this podcast delves into the darker side of the internet, exploring real-life stories of hackers, breaches, and cybercrime. Each episode provides a gripping narrative that sheds light on the complexities and consequences of cyber threats. Source
5. Smashing Security: Hosted by Graham Cluley and Carole Theriault, this podcast combines humor with insightful discussions on the latest cybersecurity news and issues. It covers everything from data breaches to privacy concerns, offering a light-hearted yet informative take on the world of cybersecurity. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is a battlefield where vigilance is key. The Vodafone Business Survey highlights a pressing issue: staff phishing vulnerabilities are a major threat, reminding us that awareness and training are crucial. With 89% of bosses now more alert due to last year's high-profile cyber-attacks, it's a wake-up call for all organizations to bolster their defenses. Meanwhile, CISA's addition of a known exploited vulnerability to their catalog underscores the importance of staying ahead of threats by prioritizing patch management. The launch of the Global Cybersecurity Vulnerability Enumeration offers a new frontier in our collective fight against cyber threats, providing a global perspective on vulnerabilities. Cisco's swift action in patching the critical zero-day vulnerability in Unified Communications and Webex is a testament to the ongoing battle against cyber adversaries. As we continue to navigate these challenges, sharing knowledge and resources becomes vital. We encourage you to share this newsletter with your friends and colleagues. Together, we can build a more secure digital world by staying informed and proactive. Until next time, stay safe and cyber-aware!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn