Svoboda Cybersecurity Brief January 22, 2026

Cisco Unified Communications Zero-Day Exploit Patched

Cisco has patched a critical zero-day (CVE-2026-20045) in Unified Communications/Webex systems, allowing RCE via HTTP request manipulation. Exploits grant root access.
Impact: Active exploitation observed; unpatched systems risk complete compromise.
Mitigation: Update to patched versions (e.g., 14SU5, 15SU4) or apply provided .cop files. Disabling interfaces is not a workaround.
Source: BleepingComputer

Fortinet FortiGate Auth Bypass Patch Bypass Reported

Administrators report attackers bypassing FortiOS 7.4.9 patches for CVE-2025-59718, exploiting FortiCloud SSO to create backdoor admin accounts.
Impact: Persistent compromise via SAML message spoofing; 11,000+ systems remain exposed.
Mitigation: Disable FortiCloud SSO (admin-forticloud-sso-login disable) until FortiOS 7.4.11/7.6.6/8.0.0 release.
Source: SecurityWeek

ChainLit AI Framework Bugs Expose Cloud Environments

Two high-severity flaws (CVE-2026-22218: arbitrary file read; CVE-2026-22219: SSRF) in ChainLit (v2.9.4 fixed) leak API keys/internal files.
Impact: Cloud lateral movement via stolen AWS EC2 metadata or SQLite DBs.
Mitigation: Upgrade to ChainLit ≥2.9.4; restrict outbound network access for deployments.
Source: BleepingComputer

GitLab 2FA Bypass and DoS Vulnerabilities Patched

Critical fixes for GitLab CE/EE include CVE-2026-0723 (2FA bypass via forged device responses) and CVE-2025-13927 (unauthenticated DoS).
Impact: Account takeover and service disruption risks for self-hosted instances.
Mitigation: Update to 18.8.2/18.7.2/18.6.4; audit active sessions.
Source: The Hacker News

Advanced Family Surgery Center Breach Exposes Patient Data

Genesis threat actors leaked 100GB of surgical records (SSNs, insurance) after Tennessee-based AFSC failed to respond to November 2025 breach notification.
HIPAA violation: No public disclosure within 60-day window.
Source: DataBreaches

North Korean PurpleBravo Targets Developers via Malicious VS Code

Fake job interviews deliver backdoors via GitHub repositories with obfuscated VS Code tasks, impacting 3,136 IPs across AI/crypto sectors.
TTPs: Uses BeaverTail infostealer and GolangGhost backdoor via Astrill VPN C2.
Source: The Hacker News

Android Malware Uses TensorFlow.js to Auto-Click Hidden Ads

Xiaomi’s GetApps store distributed trojanized apps (e.g., “Theft Auto Mafia”) leveraging ML to simulate ad clicks via virtual screens.
Impact: Battery/data abuse; 61,000+ downloads observed.
Source: BleepingComputer

VoidLink Linux Malware Framework Built with AI Assistance

Chinese-linked framework (88K lines of Zig code) uses TRAE SOLO AI agent for rapid development; targets cloud environments (no observed attacks yet).
Key detail: Debug logs show LLM-generated code patterns.
Source: The Hacker News

LastPass Users Targeted by Fake Vault Backup Phishing

Emails from support@lastpass[.]server8 urge 24-hour “maintenance” backups, redirecting to mail-lastpass[.]com phishing domain.
IOCs: Subjects include “LastPass Infrastructure Update: Secure Your Vault Now”.
Source: SecurityWeek

PcComponentes Denies Breach, Blames Credential Stuffing

Retailer disputes 16M-record leak claim; Hudson Rock links data to infostealer logs (2020-2025).
Response: Enforced 2FA and invalidated sessions.
Source: BleepingComputer

Share this brief: https://svo.bz/9nHp