Svoboda Cybersecurity Brief January 20, 2026

New PDFSider Windows malware targets Fortune 100 company

A new Windows malware named PDFSider was discovered on a Fortune 100 company’s network. The malware uses DLL sideloading to execute malicious payloads disguised as legitimate PDF-related processes.
Source: BleepingComputer

UK government warns of ongoing Russian hacktivist attacks

The UK’s National Cyber Security Centre (NCSC) issued an alert about Russian hacktivist groups targeting critical infrastructure. These groups are using DDoS attacks and website defacements to disrupt services.
Source: BleepingComputer

Jordanian hacker pleads guilty to selling access to 50 corporate networks

A Jordanian national admitted to compromising and selling access to 50 enterprise networks through vulnerabilities and stolen credentials. The case highlights the growing market for initial access brokers (IABs).
Source: BleepingComputer

Ingram Micro ransomware attack affects 42,000 individuals

Technology distributor Ingram Micro disclosed that a ransomware attack exposed personal data of 42,000 people. The attack disrupted operations and required significant recovery efforts.
Source: BleepingComputer

Fake Chrome ad blocker delivers malware via ClickFix attacks

A malicious Chrome extension posing as an ad blocker crashes browsers to trick users into downloading malware (ModeloRAT). The attack mimics the “ClickFix” technique.
Impact: Browser compromise and remote access theft.
Mitigation: Verify extensions before installation and monitor for unexpected crashes.
Source: BleepingComputer

Google Gemini flaw exposes calendar data via malicious invites

A prompt injection vulnerability in Google Gemini allowed attackers to steal private calendar data by sending malicious event invites. The flaw bypassed AI safety filters.
Impact: Unauthorized access to sensitive scheduling information.
Mitigation: Apply Google’s patches and review calendar sharing settings.
Source: TheHackerNews

New SolyxImmortal info-stealer emerges in underground forums

A new information stealer named SolyxImmortal is being advertised for sale, targeting credentials, cookies, and crypto wallets. It evades detection using obfuscation techniques.
Source: SecurityWeek

StackWarp flaw breaks AMD SEV-SNP protections on Zen 1.5 CPUs

A hardware vulnerability dubbed StackWarp bypasses AMD’s SEV-SNP security on Zen 1.5 processors, enabling VM memory tampering. No patch is currently available.
Impact: Compromise of encrypted VM isolation in cloud environments.
Mitigation: Monitor for firmware updates from AMD.
Source: TheHackerNews

TP-Link fixes remote code execution flaw in VIGI cameras

A vulnerability (CVE-2026-XXXX) in TP-Link’s VIGI cameras allowed remote attackers to execute arbitrary commands. The patch addresses improper authentication checks.
Impact: Full device compromise and network infiltration.
Mitigation: Update to the latest firmware version.
Source: SecurityWeek

StealC malware panel bug exposed threat actor operations

Researchers found a security flaw in the control panel of the StealC malware, revealing attacker infrastructure and victim data. The bug provided visibility into ongoing campaigns.
Source: TheHackerNews

Share this brief: https://svo.bz/ymMg