Weekly Threat Bulletin – January 28th, 2026
Essential information
- Published
- 28/01/2026 13:31
- Modified
- 28/01/2026 15:05
- Tags
- 2026-01-28 CVE-2025-31125 CVE-2025-34026 CVE-2025-54313 CVE-2025-55182 CVE-2025-61882 CVE-2025-68645 agenda agendacrypt aisuru angryrebel bash0day bashlite beacon bpfdoor cisa clop cobalt strike compood etherrat gafgyt gitlab interlock kswapdoor lizkebab lzrd macos masuta miori mirai monetastealer morte next.js nezha noodle rat okiru oracle e-business suite peerblight pulsepack puremasuta qilin ransomware rce react resgod rondo rondobot rondodox satori scavenger sliver splinter torlus vshell wicked xmrig
- Related entities
- 16 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 20 techniques (mitre), 40 malware, 40 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (16)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the …
- Attack vector
- NETWORK
- Published
- 11/12/2025
- Modified
- 21/12/2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to …
- Attack vector
- Network
- Published
- 22/01/2026
- Modified
- 28/01/2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. …
- Attack vector
- Network
- Published
- 06/10/2025
- Modified
- 21/12/2025
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing …
- Attack vector
- Network
- Published
- 31/03/2025
- Modified
- 28/01/2026
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including …
- Attack vector
- NETWORK
- Published
- 11/12/2025
- Modified
- 21/12/2025
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper …
- Attack vector
- Network
- Published
- 22/12/2025
- Modified
- 28/01/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Observables (37)
-
112.134.208.214 -
185.181.60.11 -
134.122.136.119 -
23.235.188.3 -
45.157.233.80 -
80.78.18.142 -
200.107.207.26 -
134.122.136.96 -
46.36.37.85 -
74.194.191.52 -
41.231.37.153 -
5.231.70.66
Intrusion sets (APT) (1)
-
Ransomware.Live Confidence 100
The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that this variant was delivered as the final…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (20)
-
Windows Management Instrumentation MITRE
-
Valid Accounts MITRE
-
Network Denial of Service MITRE
-
Scheduled Task/Job MITRE
-
Phishing MITRE
-
Proxy MITRE
-
Exploitation for Privilege Escalation MITRE
-
User Execution MITRE
-
Data Encrypted for Impact MITRE
-
Archive Collected Data MITRE
-
Data from Local System MITRE
-
Exploit Public-Facing Application MITRE
Malware (40)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family
Others (40)
-
Netherlands
-
Japan
-
Canada
-
Iran, Islamic Republic of
-
Sri Lanka
-
Romania
-
United States of America
-
Russian Federation
-
China
-
Media and Entertainment
-
Supply Chain
-
Energy