Microsoft disrupts massive RedVDS cybercrime virtual desktop service
Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS’s marketplace and customer portal offline as part of a broader international operation with Europol and German authorities. For as little as $24 a month, RedVDS provided criminals with access to disposable virtual computers used for high-volume phishing campaigns and business email compromise schemes, compromising nearly 200,000 Microsoft accounts over the last four months.
Palo Alto Networks patches denial-of-service vulnerability in GlobalProtect
Palo Alto Networks has released security patches to address a high-severity denial-of-service vulnerability in its PAN-OS firewall software that enables unauthenticated attackers to disrupt critical network infrastructure components. The flaw, tracked as CVE-2026-0227, carries a CVSS v4.0 base score of 8.7 and specifically impacts GlobalProtect gateway and portal deployments. Repeated exploitation attempts can force affected firewalls into maintenance mode, effectively disabling network protection capabilities. Palo Alto has confirmed that proof-of-concept code exists but reports no evidence of active malicious exploitation in the wild.
Betterment confirms data breach after hackers send fake crypto scam to customers
Digital investment firm Betterment confirmed that hackers gained access to some company systems on January 9 through a social engineering attack involving third-party platforms used for marketing and operations. Customer names, email and postal addresses, phone numbers, and dates of birth were compromised in the attack. With this access, hackers were able to send a fraudulent notification to users, claiming to triple the value of their cryptocurrency by sending $10,000 to a wallet controlled by the attacker. The company emphasized that login credentials and customer investment accounts were not affected.
Russian hackers target Ukraine’s defense forces with PLUGGYAPE malware via Signal and WhatsApp
Ukraine’s computer emergency response team (CERT-UA) disclosed details of cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear), which was previously responsible for breaching the Dutch police’s internal systems in 2024. Attack chains leverage instant messaging apps Signal and WhatsApp, with threat actors masquerading as charity organizations to convince targets to download malicious archives. The Python-based backdoor establishes persistent remote access and has been upgraded with enhanced obfuscation and anti-analysis capabilities.
Microsoft January 2026 Patch Tuesday fixes actively exploited zero-day among 114 flaws
Microsoft’s January 2026 Patch Tuesday addressed 114 security vulnerabilities across Windows, Office, Azure, SharePoint, SQL Server, and other components, including one actively exploited and two publicly disclosed zero-day flaws. The actively exploited vulnerability (CVE-2026-20805) is an information disclosure flaw in the Desktop Window Manager that allows attackers to leak memory information which can help bypass security protections. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges organizations to patch before February 3, 2026. The update also removes vulnerable third-party Agere Soft Modem drivers from Windows and addresses expiring Secure Boot certificates that could leave systems vulnerable to bypasses if not updated before mid-2026.
