{
  "name": "Weekly Threat Bulletin \u2013 January 28th, 2026",
  "slug": "weekly-threat-bulletin-january-28th-2026",
  "description": "This weekly threat bulletin highlights several critical vulnerabilities and emerging threats. A severe RCE vulnerability in React Server Components and Next.js (CVE-2025-55182) is being actively exploited. CISA added four critical flaws to its 'Must-Patch' list, including vulnerabilities in Versa Concerto, eslint-config-prettier, Zimbra Collaboration Suite, and Vite. GitLab released patches for multiple high-severity vulnerabilities. A new macOS malware called MonetaStealer targets crypto wallets and financial data. Lastly, a critical RCE vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited by threat actors, including the Clop ransomware group.",
  "published": "2026-01-28T12:31:30+00:00",
  "created_at": "2026-01-28T12:31:30+00:00",
  "modified_at": "2026-01-28T14:05:29+00:00",
  "created_at_opencti": "2026-01-28T12:31:30+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-28",
    "CVE-2025-31125",
    "CVE-2025-34026",
    "CVE-2025-54313",
    "CVE-2025-55182",
    "CVE-2025-61882",
    "CVE-2025-68645",
    "agenda",
    "agendacrypt",
    "aisuru",
    "angryrebel",
    "bash0day",
    "bashlite",
    "beacon",
    "bpfdoor",
    "cisa",
    "clop",
    "cobalt strike",
    "compood",
    "etherrat",
    "gafgyt",
    "gitlab",
    "interlock",
    "kswapdoor",
    "lizkebab",
    "lzrd",
    "macos",
    "masuta",
    "miori",
    "mirai",
    "monetastealer",
    "morte",
    "next.js",
    "nezha",
    "noodle rat",
    "okiru",
    "oracle e-business suite",
    "peerblight",
    "pulsepack",
    "puremasuta",
    "qilin",
    "ransomware",
    "rce",
    "react",
    "resgod",
    "rondo",
    "rondobot",
    "rondodox",
    "satori",
    "scavenger",
    "sliver",
    "splinter",
    "torlus",
    "vshell",
    "wicked",
    "xmrig"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "112.134.208.214"
      },
      {
        "id": "",
        "name": "185.181.60.11"
      },
      {
        "id": "",
        "name": "134.122.136.119"
      },
      {
        "id": "",
        "name": "23.235.188.3"
      },
      {
        "id": "",
        "name": "45.157.233.80"
      },
      {
        "id": "",
        "name": "80.78.18.142"
      },
      {
        "id": "",
        "name": "200.107.207.26"
      },
      {
        "id": "",
        "name": "134.122.136.96"
      },
      {
        "id": "",
        "name": "46.36.37.85"
      },
      {
        "id": "",
        "name": "74.194.191.52"
      },
      {
        "id": "",
        "name": "41.231.37.153"
      },
      {
        "id": "",
        "name": "5.231.70.66"
      },
      {
        "id": "",
        "name": "89.144.31.18"
      },
      {
        "id": "",
        "name": "70.184.13.47"
      },
      {
        "id": "",
        "name": "38.59.219.27"
      },
      {
        "id": "",
        "name": "204.76.203.125"
      },
      {
        "id": "",
        "name": "http://vps-zap812595-1.zap-srv.com:3000/sex.sh"
      },
      {
        "id": "",
        "name": "https://ns1.bafairforce.army"
      },
      {
        "id": "",
        "name": "https://sploitus.com/exploit?id=3B6E5425-973F-56B4-AC0A-FA3EDC02389C"
      },
      {
        "id": "",
        "name": "https://ns1.ubunutpackages.store"
      },
      {
        "id": "",
        "name": "172a9ee9601ef0eb6fbd2676742edfb201c10369712dbf721e5d105aa1320a32"
      },
      {
        "id": "",
        "name": "2897ee24de4cca2a4c6a085cf6fdccb6a89c6c23978529d81b4f4e6db46b0b96"
      },
      {
        "id": "",
        "name": "50be5257678412f0810d46e0b0bc573eb65c6ce4617346c1527ff0dc9b7fc79e"
      },
      {
        "id": "",
        "name": "dafc7517669e931de858464966af995c44c2e7c6bdf684d53c54d6503cd48a38"
      },
      {
        "id": "",
        "name": "895f8dff9cd26424b691a401c92fa7745e693275c38caf6a6aff277eadf2a70b"
      },
      {
        "id": "",
        "name": "a01e57611537699d85e9767023638dbd88a224075a866c17509dc17d7e5ddbde"
      },
      {
        "id": "",
        "name": "4086057b9a0f9898c07318e093814ae9cfdaaf6ad71a45b2d0d4cd75e57f9354"
      },
      {
        "id": "",
        "name": "aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121"
      },
      {
        "id": "",
        "name": "3c24f30f2ca89d408d42293cab8fbb81cb9c2b0801074ef40f0a79770dac5956"
      },
      {
        "id": "",
        "name": "76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d"
      },
      {
        "id": "",
        "name": "858874057e3df990ccd7958a38936545938630410bde0c0c4b116f92733b1ddb"
      },
      {
        "id": "",
        "name": "6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b"
      },
      {
        "id": "",
        "name": "1a5027adf99076470444c5ffdd83a4313ab1d21827700699d0ee6ab1337beb70"
      },
      {
        "id": "",
        "name": "4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00"
      },
      {
        "id": "",
        "name": "964473ffbd593fc52a779b1d699c79cc66b459cf842c2e6221703e2e6a2322c0"
      },
      {
        "id": "",
        "name": "6f746388853178a3b4c2c91a6bd98438fb59e760caa273a8d6a4c03936498c39"
      },
      {
        "id": "",
        "name": "8e0bc23a87d349e5a5356252ce17576093b7858fdf6ea84919fbdcb2e117168e"
      }
    ],
    "malware": [
      {
        "id": "6f6d7661-9298-489c-b699-247a067239b5",
        "name": "Nezha",
        "slug": "nezha"
      },
      {
        "id": "c0c371d6-a71d-4f3d-a4da-b2c8bda70ad9",
        "name": "Bashlite",
        "slug": "bashlite"
      },
      {
        "id": "edbf6684-9b9f-495b-b605-b18ab6e2787d",
        "name": "MonetaStealer",
        "slug": "monetastealer"
      },
      {
        "id": "41ef822b-e384-4c27-b426-12859cd15376",
        "name": "Beacon",
        "slug": "beacon"
      },
      {
        "id": "c9349076-dc1a-40b0-88eb-67ea6f35e11e",
        "name": "COMPOOD",
        "slug": "compood"
      },
      {
        "id": "48b1a9e0-7083-41f4-aefc-70270db8c886",
        "name": "PureMasuta",
        "slug": "puremasuta"
      },
      {
        "id": "83642861-c9b6-462b-af00-a41098b6ebdd",
        "name": "PULSEPACK",
        "slug": "pulsepack"
      },
      {
        "id": "5cbe94db-d3e4-4151-a91e-6f01ba2789e3",
        "name": "Splinter",
        "slug": "splinter"
      },
      {
        "id": "5fdcf97f-0489-477b-a5df-c662e5fc5579",
        "name": "Mirai",
        "slug": "mirai"
      },
      {
        "id": "bd5cfbc2-ef6c-4cd2-b11b-7b2bf30c4247",
        "name": "Rondo",
        "slug": "rondo"
      },
      {
        "id": "b863f4fa-8cdd-405d-bd1c-4b82a0bd3323",
        "name": "Okiru",
        "slug": "okiru"
      },
      {
        "id": "legacy:malware:5671ef60ceacb4fa",
        "name": "LZRD",
        "slug": "lzrd"
      },
      {
        "id": "legacy:malware:385f7bd98ae1210e",
        "name": "AgendaCrypt",
        "slug": "agendacrypt"
      },
      {
        "id": "legacy:malware:a7e1a2d6a1cfd5a9",
        "name": "RondoDox",
        "slug": "rondodox"
      },
      {
        "id": "legacy:malware:6863765fd16fff3d",
        "name": "BPFDoor",
        "slug": "bpfdoor"
      },
      {
        "id": "c70c9980-18de-4208-93f5-0bd2dddeb40c",
        "name": "Sliver",
        "slug": "sliver"
      },
      {
        "id": "ab138766-9b64-4880-87fb-1942a709d778",
        "name": "Cobalt Strike - S0154",
        "slug": "cobalt-strike-s0154"
      },
      {
        "id": "legacy:malware:e74778250a4df210",
        "name": "Noodle RAT",
        "slug": "noodle-rat"
      },
      {
        "id": "legacy:malware:5f3b76a45f86aba0",
        "name": "EtherRAT",
        "slug": "etherrat"
      },
      {
        "id": "legacy:malware:e7c3276aacecf960",
        "name": "Aisuru",
        "slug": "aisuru"
      },
      {
        "id": "legacy:malware:daeb50bf75b528ce",
        "name": "KSwapDoor",
        "slug": "kswapdoor"
      },
      {
        "id": "legacy:malware:910d49d68313d36a",
        "name": "Qilin",
        "slug": "qilin"
      },
      {
        "id": "legacy:malware:93eb97eb694d55c7",
        "name": "Morte",
        "slug": "morte"
      },
      {
        "id": "legacy:malware:9e38cc8bf3cb7c14",
        "name": "Wicked",
        "slug": "wicked"
      },
      {
        "id": "legacy:malware:288311f96511e4e0",
        "name": "Lizkebab",
        "slug": "lizkebab"
      },
      {
        "id": "legacy:malware:6dc76c7281491f22",
        "name": "Torlus",
        "slug": "torlus"
      },
      {
        "id": "legacy:malware:8ed3496eb25056c4",
        "name": "Masuta",
        "slug": "masuta"
      },
      {
        "id": "legacy:malware:1e382fb0677c3577",
        "name": "Scavenger",
        "slug": "scavenger"
      },
      {
        "id": "legacy:malware:fe441e5ad2187dfd",
        "name": "Cyclops Blink - S0687",
        "slug": "cyclops-blink-s0687"
      },
      {
        "id": "legacy:malware:f5ad0dfc2e127b74",
        "name": "VShell",
        "slug": "vshell"
      },
      {
        "id": "legacy:malware:07b8cf73c181d1f5",
        "name": "Bash0day",
        "slug": "bash0day"
      },
      {
        "id": "legacy:malware:b58c48d38bbc7531",
        "name": "Satori",
        "slug": "satori"
      },
      {
        "id": "legacy:malware:fb26c61005fc3ee2",
        "name": "RondoBOT",
        "slug": "rondobot"
      },
      {
        "id": "legacy:malware:5d5d4cfc31860a0f",
        "name": "Miori",
        "slug": "miori"
      },
      {
        "id": "ac54ae14-a013-4f73-8b97-ac1ed354d2cf",
        "name": "Interlock",
        "slug": "interlock"
      },
      {
        "id": "legacy:malware:9594b103add184be",
        "name": "PeerBlight",
        "slug": "peerblight"
      },
      {
        "id": "legacy:malware:6dba099975150226",
        "name": "ANGRYREBEL",
        "slug": "angryrebel"
      },
      {
        "id": "legacy:malware:dc11e8f545f87e78",
        "name": "resgod",
        "slug": "resgod"
      },
      {
        "id": "legacy:malware:83adebc6ef4eb478",
        "name": "XMRig",
        "slug": "xmrig"
      },
      {
        "id": "legacy:malware:330747f7276eb878",
        "name": "Gafgyt",
        "slug": "gafgyt"
      }
    ],
    "intrusion_sets": [
      {
        "id": "c05ceb60-2deb-490b-afae-2eba06032bcd",
        "name": "Clop",
        "slug": "clop"
      }
    ],
    "attack_patterns": [
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd",
        "name": "T1498"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664",
        "name": "T1068"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "31d29704-da1c-47ea-b93f-76d368813bdf",
        "name": "T1560"
      },
      {
        "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74",
        "name": "T1005"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "1e73eaa9-ea78-444b-b3a3-5842f5d35115",
        "name": "T1074"
      },
      {
        "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2",
        "name": "T1567"
      },
      {
        "id": "e46a9411-d2a1-47c9-8820-c7f818f4c0b5",
        "name": "T1203"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2025-13927"
      },
      {
        "id": "",
        "name": "CVE-2025-55184"
      },
      {
        "id": "",
        "name": "CVE-2026-0723"
      },
      {
        "id": "",
        "name": "CVE-2025-34026"
      },
      {
        "id": "",
        "name": "CVE-2025-13928"
      },
      {
        "id": "",
        "name": "CVE-2025-13335"
      },
      {
        "id": "",
        "name": "CVE-2026-1102"
      },
      {
        "id": "",
        "name": "CVE-2025-61882"
      },
      {
        "id": "",
        "name": "CVE-2025-31125"
      },
      {
        "id": "",
        "name": "CVE-2025-55183"
      },
      {
        "id": "",
        "name": "CVE-2025-68645"
      },
      {
        "id": "",
        "name": "CVE-2025-55182"
      },
      {
        "id": "",
        "name": "CVE-2023-1389"
      },
      {
        "id": "",
        "name": "CVE-2025-54313"
      },
      {
        "id": "",
        "name": "CVE-2025-66478"
      },
      {
        "id": "",
        "name": "CVE-2025-24893"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Netherlands"
      },
      {
        "id": "",
        "name": "Japan"
      },
      {
        "id": "",
        "name": "Canada"
      },
      {
        "id": "",
        "name": "Iran, Islamic Republic of"
      },
      {
        "id": "",
        "name": "Sri Lanka"
      },
      {
        "id": "",
        "name": "Romania"
      },
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Russian Federation"
      },
      {
        "id": "",
        "name": "China"
      },
      {
        "id": "",
        "name": "Media and Entertainment"
      },
      {
        "id": "",
        "name": "Supply Chain"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Education"
      },
      {
        "id": "",
        "name": "Manufacturing"
      },
      {
        "id": "",
        "name": "Logistics"
      },
      {
        "id": "",
        "name": "Business Services"
      },
      {
        "id": "",
        "name": "Multimedia"
      },
      {
        "id": "",
        "name": "Telecommunications"
      },
      {
        "id": "",
        "name": "Management Consulting"
      },
      {
        "id": "",
        "name": "Hospitality"
      },
      {
        "id": "",
        "name": "Retail"
      },
      {
        "id": "",
        "name": "Legal Services"
      },
      {
        "id": "",
        "name": "Information Technology"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Social Media"
      },
      {
        "id": "",
        "name": "Professional Services"
      },
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Transportation"
      },
      {
        "id": "",
        "name": "Technology Hardware"
      },
      {
        "id": "",
        "name": "Cloud Infrastructure"
      },
      {
        "id": "",
        "name": "Public Sector"
      },
      {
        "id": "",
        "name": "Automotive"
      },
      {
        "id": "",
        "name": "Government"
      },
      {
        "id": "",
        "name": "ns1.bafairforce.army"
      },
      {
        "id": "",
        "name": "ns1.ubunutpackages.store"
      },
      {
        "id": "",
        "name": "5axzi7.dnslog.cn"
      },
      {
        "id": "",
        "name": "vps-zap812595-1.zap-srv.com"
      },
      {
        "id": "",
        "name": "2f7ac6.ceye.io"
      },
      {
        "id": "",
        "name": "testing.caai.in"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/697a0fb2c327ef769cb46467",
    "https://www.f5.com/labs/articles/weekly-threat-bulletin-january-28th-2026"
  ]
}