UNC6201 Exploits Dell RecoverPoint for Virtual Machines Zero-Day
Mandiant and Google Threat Intelligence Group identified active zero-day exploitation of a critical vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769 with a CVSS score of 10.0. The threat cluster UNC6201, assessed as PRC-linked, has exploited the flaw since at least mid-2024 to move laterally, maintain persistence, and deploy malware including SLAYSTYLE, BRICKSTORM, and a newly identified backdoor named GRIMBOLT.
Source: Google Cloud Blog

Spam Campaign Abuses Atlassian Jira Cloud to Target Government and Corporate Entities
Threat actors abused Atlassian Jira Cloud and its connected email system to conduct automated spam campaigns, bypassing traditional email security controls by leveraging the trusted domain reputation of Atlassian products. The campaign, active from late December 2025 through late January 2026, primarily targeted government and corporate entities and redirected victims to investment scams and online casino pages.
Source: Trend Micro

Vulnerabilities in Popular PDF Platforms Enabled Account Takeover and Data Exfiltration
Researchers uncovered more than a dozen vulnerabilities in PDF platforms developed by Foxit and Apryse that could have enabled account takeover, data exfiltration, and other attacks. The issues were responsibly disclosed, and both vendors have released patches addressing the reported flaws.
Source: SecurityWeek

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ released version 8.9.2 to address abuse of its software update mechanism by an advanced threat actor. The updated release introduces additional verification controls for signed installers downloaded from GitHub and signed XML responses from the update server, strengthening the integrity of the update process.
Source: The Hacker News

Flaws in Popular VSCode Extensions Expose Developers to Attacks
High and critical severity vulnerabilities affecting widely used Visual Studio Code extensions, collectively downloaded more than 128 million times, could be exploited to steal local files and execute remote code. Affected extensions include Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. Researchers report that prior disclosure attempts did not receive a response from maintainers.
Source: BleepingComputer