NRG Networks Inc.

  Security researchers have recently identified around 800,000 Telnet servers exposed to the internet , many of them running vulnerable versions of GNU InetUtils telnetd . This exposure is dangerous because a critical authentication bypass vulnerability (CVE‑2026‑24061) allows attackers to log in as root without a password . Nearly 800,000 IPs show Telnet fingerprints worldwide. [techradar.com] The flaw affects GNU InetUtils 1.9.3 through 2.7 and is fixed in version 2.8 . [bleepingcomputer.com] Attackers can exploit it simply by injecting USER=-f root during connection, which forces a root login. [csoonline.com] Exploitation began within 24 hours of patch release. GreyNoise observed 60 malicious sessions from 18 IPs , targeting root accounts in 83% of attempts. [techradar.com] Why exposed Telnet is dangerous Using Telnet today is unsafe for two main reasons: 1. Telnet transmits everything in plaintext Credentials and session data can be easily captured by anyone sniffing netw...

  Microsoft 365 Service Disruption – Staff Advisory We are currently experiencing a Microsoft 365 service disruption affecting multiple cloud workloads. This issue is external to our environment and is impacting customers nationwide. What’s Affected SharePoint Online – intermittent access issues (widely reported) General Microsoft 365 connectivity – degraded performance across multiple regions Possible impact to: Exchange Online (email access or delays) Teams (sign‑in or call drops) OneDrive/SharePoint file access Admin portal availability What You May See Slow loading or timeouts when opening Microsoft 365 apps Difficulty accessing shared files or sites Authentication delays when signing into cloud services What You Should Do Continue working locally where possible If an app fails to load, wait a few minutes and retry,  Avoid repeated sign‑in attempts, which may worsen delays Our Status We are monitoring Microsoft’s service health dashboard and will pr...

  Microsoft is hardening a Windows Server component. The focus is on Windows Deployment Services (WDS) , which supports “hands-free deployment” using an Unattend.xml (Answer file) for automated installations. A vulnerability (CVE-2026-0386) was discovered that could allow attackers to intercept this file over insecure channels, leading to remote code execution (RCE) and credential theft . Key Points: Patch Tuesday Update (KB5074109) introduced the first phase of changes on January 13, 2026 . Microsoft will phase out hands-free deployment over insecure connections : Currently still supported but discouraged. IT admins can disable it via registry keys now. By April 2026 , hands-free deployment will be blocked by default unless explicitly re-enabled. Microsoft warns that re-enabling this feature after April will be considered insecure . Additional event logs are being added to help admins monitor deployment configurations. Despite the active vulnerability, Microsoft is not immedia...

  CVE‑2025‑25249 — Heap‑Based Buffer Overflow (High Severity) The flaw exists in the cw_acd daemon , which handles certain network communications in FortiOS and FortiSwitchManager. A heap-based buffer overflow occurs when the daemon improperly manages memory and writes beyond allocated bounds. By sending specially crafted packets , a remote attacker can corrupt memory and potentially execute arbitrary code or commands. Why It’s Dangerous No authentication required — the attacker does not need credentials. Network‑reachable — can be triggered if the vulnerable service is exposed to untrusted networks (e.g., WAN, misconfigured management interfaces). High impact — successful exploitation allows: Running arbitrary commands Modifying configurations Intercepting traffic Installing persistence mechanisms Affected Products & Versions According to the advisory, the following versions are vulnerable: FortiOS 7.6.0 – 7.6.3 7.4.0 – 7.4.8 7.2.0 – 7.2.11 7.0.0 – 7....

  1. Actively Exploited Zero-Day (CVE-2026-20805) Impact: Attackers can read sensitive memory addresses, weakening ASLR and enabling exploit chaining. Risk: High for environments running Windows Desktop Window Manager (DWM). Action: Prioritize patching all Windows endpoints and servers immediately. 2. Secure Boot Certificate Expiration (CVE-2026-21265) Impact: Expired certificates could allow Secure Boot bypass, undermining OS integrity. Risk: Critical for enterprises relying on Secure Boot for compliance and device trust. Action: Update Secure Boot certificates and validate boot chain integrity across all managed devices. 3. Legacy Driver Privilege Escalation (CVE-2023-31096) Impact: Vulnerable modem drivers (agrsm.sys) can grant attackers elevated privileges. Risk: High in environments with older hardware or legacy drivers still present. Action: Remove deprecated drivers and apply patches to prevent privilege escalation. 4. Broader Vulnerability Landscape 114 flaws total...

  Why Attackers Use LinkedIn for Phishing Bypasses Email Security : LinkedIn direct messages (DMs) don’t go through corporate email gateways, so traditional anti-phishing tools can’t detect them. This creates a blind spot for security teams. High Trust Factor : Users expect outreach from recruiters or business contacts, making them more likely to engage with malicious messages. Rich OSINT Data : Public profiles reveal names, job titles, and company details, enabling attackers to craft convincing spear-phishing campaigns.  Scalable & Cheap : Hijacked accounts and AI-generated messages allow attackers to run large-scale campaigns quickly and at low cost.  Credential Harvesting : Many attacks redirect victims to fake Microsoft login pages, stealing credentials and even bypassing MFA using Adversary-in-the-Middle techniques.  Common Attack Patterns Fake Recruiter Messages : Offering job opportunities with malicious attachments or links. Investment Scams : Redirecting...

Hackers claimed to have stolen and were selling Target’s internal source code , posting samples on Gitea , a public development platform. Multiple current and former Target employees confirmed the leaked materials were authentic, matching internal systems and infrastructure. The leaked data included: Internal system names like BigRED and TAP [Provisioning] . References to Hadoop datasets , proprietary CI/CD tooling based on Vela , and supply-chain tools like JFrog Artifactory . Internal taxonomy identifiers such as “blossom IDs” , which are unique to Target’s environment. These details strongly indicate the leak was not fabricated but came from real internal repositories.  Accelerated Git Lockdown After being contacted about the leak, Target implemented an “accelerated” security change : Effective January 9, 2026 , access to git.target.com (Target’s on-prem GitHub Enterprise Server) now requires connection to a Target-managed network (on-site or via VPN). Previously, the Git ser...