January 28, 2026 — Today’s cybersecurity update highlights a wave of critical vulnerability patches, evolving threat actor tactics, and the growing impact of AI on security frameworks. From Fortinet’s urgent response to an actively exploited zero-day, to fresh insights into AI model degradation and new malware strains, security teams and business leaders face a complex threat environment requiring vigilance and adaptive strategies.
Critical Vulnerabilities and Emergency Patches
Fortinet FortiOS and FortiCloud SSO Zero-Day Exploitation
Fortinet has released patches to remediate a critical authentication bypass vulnerability, CVE-2026-24858, affecting FortiOS, FortiManager, and FortiAnalyzer. This flaw, scoring 9.4 on the CVSS scale, has already been actively exploited in the wild to bypass single sign-on (SSO) mechanisms. In the interim, Fortinet has mitigated attacks by blocking vulnerable FortiCloud SSO connections, buying time for organisations to apply updates.
Who is affected? Organisations using Fortinet’s FortiOS products, including those reliant on FortiCloud SSO, face significant risk of unauthorised access.
Why it matters: The exploitation of authentication bypasses can lead to severe breaches, enabling attackers to move laterally within networks undetected. Security teams must prioritise patching and monitor for suspicious SSO activities.
Microsoft Office Zero-Day Emergency Patch
Microsoft urgently patched a zero-day vulnerability in Office that can be exploited if an attacker gains system access or tricks a user into opening a malicious document.
Who is affected? Any organisation using Microsoft Office products, particularly those with users prone to phishing or social engineering attacks.
Why it matters: Office vulnerabilities remain a primary vector for initial compromise. Rapid patch deployment reduces exposure to targeted attacks leveraging this flaw.
Persistent Exploitation of WinRAR Path Traversal Flaw
The CVE-2025-8088 path traversal vulnerability in WinRAR continues to be exploited by multiple threat actors for initial access and payload delivery.
Who is affected? Organisations and individuals using vulnerable versions of WinRAR.
Why it matters: Despite being known, this flaw’s ongoing exploitation underscores the need for continuous software updates and endpoint monitoring.
Forgotten Attack Surface: Critical Telnet Server Flaw
A critical flaw in the legacy Telnet protocol exposes hundreds of thousands of IoT and legacy systems to remote compromise.
Who is affected? Industrial, IoT, and legacy system operators still relying on Telnet.
Why it matters: This serves as a reminder that outdated protocols continue to present significant risks, necessitating network segmentation and modernisation efforts.
Emerging Threats and Malware Trends
Mustang Panda Espionage Group Updates CoolClient Backdoor
The Chinese threat group Mustang Panda has released a new variant of the CoolClient backdoor capable of stealing browser login data and monitoring clipboard activity.
Who is affected? Organisations at risk of espionage, particularly those targeted by state-sponsored actors.
Why it matters: Enhanced data theft capabilities increase the potential impact of intrusions, requiring improved detection and credential protection.
‘Sicarii’ Ransomware’s Unusual Characteristics
A new ransomware strain known as Sicarii, characterised by poorly designed code and a potentially misleading Hebrew identity, has emerged.
Who is affected? Organisations vulnerable to ransomware attacks.
Why it matters: This suggests the use of false flags in ransomware campaigns, complicating attribution and response efforts.
Stanley Toolkit Enables Undetectable Phishing via Chrome Extensions
The Stanley malware-as-a-service toolkit enables malicious Chrome extensions to overlay legitimate websites without altering visible URLs, creating a highly deceptive phishing vector.
Who is affected? Enterprises with Chrome users and remote workforces.
Why it matters: This technique challenges traditional phishing detection methods, highlighting the need for endpoint security solutions capable of detecting malicious browser behaviours.
AI and Security: The Challenge of Model Collapse
An emerging concern in AI security is “model collapse,” where large language models (LLMs) degrade over time due to training on increasingly AI-generated data. This degradation can introduce inaccuracies, facilitate malicious activity, and jeopardise the protection of personally identifiable information (PII).
Who is affected? Organisations leveraging AI for security and business operations.
Why it matters: The reliability of AI-driven security tools may diminish, forcing security teams to reassess trust boundaries and implement stronger zero-trust principles.
Advertising Costs Reflect AI’s Growing Influence
OpenAI’s announcement of introducing ads on ChatGPT, at costs comparable to live NFL broadcasts, signals AI’s expanding commercial footprint. While not a security threat per se, this development underscores AI’s pervasive role and the potential privacy implications of monetisation strategies.
Connecting the Dots
The Fortinet SSO zero-day and Microsoft Office vulnerabilities highlight how authentication and user interaction remain prime targets for attackers. The persistence of old vulnerabilities in WinRAR and Telnet illustrates the ongoing challenges posed by legacy systems and software. Meanwhile, the evolution of malware like Sicarii and Stanley reflects attackers’ innovation in evading detection and complicating attribution. Finally, AI’s dual role as both a tool and a risk factor requires security teams to balance innovation with caution.
Key Takeaways
- Immediate patching of Fortinet’s CVE-2026-24858 vulnerability is critical due to active exploitation.
- Microsoft Office zero-day patches must be deployed rapidly to prevent document-based attacks.
- Legacy protocols like Telnet remain a significant attack surface and should be phased out or segmented.
- New malware strains and toolkits demonstrate increasing sophistication and deception tactics.
- AI model degradation presents emerging risks to security accuracy and data protection.
- Continuous software updates and endpoint monitoring are vital against persistent exploitation.
- Organisations should remain vigilant about the security implications of AI monetisation and privacy.
Staying ahead requires coordinated efforts across patch management, threat detection, and embracing zero-trust principles in an evolving threat landscape.