As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 04, 2026
Information security updates and events from the past week
1. Cisco UC zero day (CVE 2026 20045) – active RCE exploitation
Unauthenticated attackers actively exploited a critical command injection vulnerability in Cisco Unified Communications products (UCM, UCM SME, Unity Connection, Webex Calling) to gain root level remote code execution via the web management interface.
The flaw was used in the wild between 15–19 January, giving threat actors direct access to voice/collaboration infrastructure and enabling lateral movement into core enterprise networks if systems were exposed to the internet.
2. SmarterMail auth bypass & RCE – patch reversed in 48 hours
A newly patched SmarterMail vulnerability (build 9511) was reverse engineered by attackers within 48 hours, who then weaponized it to reset admin passwords and achieve remote code execution on mail servers.
Compromised SmarterMail instances allow full access to corporate email (for BEC, phishing, and data theft) and can serve as an entry point for wider ransomware or espionage operations.
3. Google Gemini calendar prompt injection data leak
Researchers showed that malicious calendar invites containing hidden instructions could exploit Gemini’s integration with Google Calendar to exfiltrate meeting details.
When a user asked Gemini about their schedule, the model executed the injected prompt and created a new calendar event containing private meeting data, which the attacker could read, illustrating a real “AI native” data leak vector.
4. Google Cloud Application Integration abused for phishing
According to the report, the information that was exposed includes names, school affiliations, age groups and email addresses managed by the institutions themselves. In addition, passwords were also exposed because they were not encrypted.
The Ministry of Education emphasizes that no more sensitive information such as residential addresses, phone numbers or dates of birth was exposed.
Currently, there is no indication that the information was distributed. In addition, all passwords have been reset, access to the system has been temporarily blocked and the vulnerability that allowed the intrusion has been addressed.
5. Single actor (“Zestix” / “Sentap”) tied to dozens of breaches
Hudson Rock based research linked dozens of data breaches to one threat actor using the aliases Zestix and Sentap, who systematically abused info stealer logs (RedLine, Lumma, Vidar) to access corporate cloud file sharing platforms.
By logging into ShareFile, OwnCloud, and Nextcloud instances that lacked MFA, the actor exfiltrated large volumes of sensitive data from aviation, healthcare, legal, telecom, engineering, and government related organizations and sold them on underground forums.
6. Fortinet zero day attacks on perimeter devices
Security reporting this week confirmed a new Fortinet zero day being used in attacks against customer devices starting around 15 January, with Arctic Wolf documenting a fresh campaign.
The exploits targeted FortiGate/FortiOS perimeter appliances, giving attackers initial access for follow on actions such as credential theft, web shell deployment, and eventual ransomware.
7. Ransomware & breach metrics – early January snapshot
By 23 January, at least 29 organizations had publicly disclosed breaches in just 22 days, with over 5.5 million records exposed across healthcare, manufacturing, finance, telecom, and even U.S. immigration/border agencies.
Concurrent threat intel reports counted 945 publicly reported ransomware attacks in the most recent period, a ~60% year over year increase, with groups like Lynx, Qilin, Akira, and Sinobi among the most active.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
