Weekly Threat Bulletin – January 28th, 2026
Essential information
- Published
- 28/01/2026 13:31
- Modified
- 28/01/2026 15:05
- Tags
- 2026-01-28 CVE-2025-31125 CVE-2025-34026 CVE-2025-54313 CVE-2025-55182 CVE-2025-61882 CVE-2025-68645 agenda agendacrypt aisuru angryrebel bash0day bashlite beacon bpfdoor cisa clop cobalt strike compood etherrat gafgyt gitlab interlock kswapdoor lizkebab lzrd macos masuta miori mirai monetastealer morte next.js nezha noodle rat okiru oracle e-business suite peerblight pulsepack puremasuta qilin ransomware rce react resgod rondo rondobot rondodox satori scavenger sliver splinter torlus vshell wicked xmrig
- Related entities
- 16 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 20 techniques (mitre), 40 malware, 40 others
Description
This weekly threat bulletin highlights several critical vulnerabilities and emerging threats. A severe RCE vulnerability in React Server Components and Next.js (CVE-2025-55182) is being actively exploited. CISA added four critical flaws to its 'Must-Patch' list, including vulnerabilities in Versa Concerto, eslint-config-prettier, Zimbra Collaboration Suite, and Vite. GitLab released patches for multiple high-severity vulnerabilities. A new macOS malware called MonetaStealer targets crypto wallets and financial data. Lastly, a critical RCE vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited by threat actors, including the Clop ransomware group.