.jpg?h=313&iar=0&w=556&rev=0df4df9ab58541869b1383a0e4d9cfea&hash=B58DDBD0BB41DEFB7CB425813B79BB0A)
Weekly Cyber Threat Advisory: Cisco Zero-Day Exploited and Windows Update Chaos
Reading Time: 5 minutes
The weekly cyber threat advisory for January 19-25, 2026, highlights critical vulnerabilities and sophisticated attacks demanding immediate action from cybersecurity teams. Key issues include a zero-day remote code execution in Cisco products, multiple GitLab flaws enabling 2FA bypass, and a high-severity Zoom command injection. These threats underscore the urgency of proactive patching and monitoring in enterprise environments.
1. Key Vulnerabilities
1.1 Cisco Unified Communications Under Active Attack
The most pressing concern this week is CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability affecting Cisco Unified Communications platforms. Confirmed by Cisco’s PSIRT as being actively exploited in the wild, this flaw allows unauthenticated attackers to send crafted HTTP requests to management interfaces.
Success in exploitation leads to full root-level access, allowing attackers to compromise the underlying operating system entirely. Because the vulnerability requires no user interaction and affects products regardless of configuration, Cisco has bypassed standard CVSS scoring to classify this as Critical.
Action Required: Organizations using Unified CM, Unity Connection, or Webex Calling Dedicated Instance must migrate to fixed releases (such as 14SU5) or apply interim patches immediately.
Reference: Cisco Security Advisory – Cisco Unified Communications RCE
1.2 Gitlab: Critical Infrastructure Risks
GitLab released updates for several vulnerabilities, most notably CVE-2026-0723. This high-severity flaw enables attackers to bypass Two-Factor Authentication (2FA) by submitting forged device responses, potentially compromising sensitive source code repositories. Self-managed installations should upgrade to versions 18.8.2 or 18.7.2 to mitigate this risk.
Reference: GitLab Patch Release 18.8.2
1.3: Zoom (CVE-2026-22844)
Zoom Node Multimedia Routers (MMR) are facing a critical command injection flaw (CVE-2026-22844) with a near-perfect CVSS score of 9.9. An authenticated meeting participant could execute arbitrary commands, leading to data interception or lateral movement within corporate networks. Upgrade to 5.2.1716.0+ and limit access until patched. This low-complexity flaw risks data interception and network pivoting.
Reference: Zoom Security Bulletin ZSB-26001
2. Attack Campaigns
2.1: Phishing Trends: AiTM and the Energy Sector
A multi-stage AiTM phishing and BEC campaign targeted energy firms using compromised vendor emails with SharePoint links. Attackers stole sessions, bypassing MFA, added inbox rules to hide tracks, and sent 600+ phishing emails. Mitigate by revoking sessions, checking rules, and enforcing conditional access. IOCs: 178.130.46.8, 193.36.221.10.
Reference: Microsoft Security Blog – Multi-stage AiTM Phishing Campaign
2.2: Under Armour Data Breach Investigation
Under Armour is currently investigating a massive data exposure potentially affecting 72 million email addresses. While the company states that passwords and financial data remain secure, the leaked dataset—including names, dates of birth, and ZIP codes—provides ample fuel for future targeted social engineering and credential stuffing attacks. Users should watch for targeted scams.
Reference: Have I Been Pwned – Under Armour Breach
3. Security News Highlights
3.1: Exploits at Pwn2Own Automotive 2026
Pwn2Own Automotive 2026 awarded $1M+ for 76 exploits in EV chargers (e.g., Alpitronic HYC50) and infotainment like Tesla USB attacks. Reveals expanding auto attack surfaces.
Reference: Zero Day Initiative – Pwn2Own Automotive 2026 Results
3.2: The Windows Update Dilemma: KB5074109
In an unusual move, Microsoft has advised users to uninstall the January 2026 security update (KB5074109). The update has caused widespread system instability, particularly crashing "Classic" Outlook for users with POP accounts and PST files. Beyond software crashes, the update has broken core OS features like Sleep mode (S3) and general system responsiveness across Windows 10 and 11. This leaves IT administrators in the difficult position of choosing between a stable system and a secure one.
Reference: Microsoft Support – Outlook Issues After January 2026 Update
3.3: Security Innovations
On a more positive note, the ZAP (Zed Attack Proxy) project has released the OWASP Penetration Testing Kit (PTK) browser extension. This tool streamlines web application security testing by integrating DAST, IAST, and SAST capabilities directly into the browser, reducing the manual setup for security researchers.