VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored almost entirely by artificial intelligence, likely under the direction of a single individual. Until now, solid evidence of AI-generated malware has primarily been linked to inexperienced threat actors, as in the case of FunkSec, or to malware that largely mirrored the functionality of existing open-source malware tools. VoidLink is the first evidence based case that shows how dangerous AI can become in the hands of more capable malware developers. Operational security (OPSEC) failures by the VoidLink developer exposed development artifacts. These materials provide clear evidence that the malware was produced predominantly through AI-driven development, reaching a first functional implant in under a week.
Source: Check Point Research

Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis
A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may potentially lead to remote code execution”. Memory corruption vulnerabilities have become significantly harder to exploit due to the many security mitigations introduced over the years, but historically they easily led directly to remote code execution. Given that the vulnerability was rated as high severity but not classified as critical, the JFrog Security Research team decided to investigate the issue further and evaluate whether remote code execution is still easily achievable in 2026.
Source: JFrog

DNS OverDoS: Are Private Endpoints Too Private?
We discovered an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. In this article, we explore how both intentional and inadvertent acts could result in limited access to Azure resources through the Azure Private Link mechanism. We uncovered this issue while investigating irregular behavior in Azure test environments. Our research indicates that over 5% of Azure storage accounts currently operate with configurations that are subject to this DoS issue. This issue has the potential to affect organizations in multiple ways. For example, denying service to storage accounts could cause Azure Functions within FunctionApps and subsequent updates to these apps to fail. In another scenario, the risk could lead to DoS to Key Vaults, resulting in a ripple effect on processes that depend on secrets within the vault.
Source: Palo Alto Networks Unit 42

Everest Ransomware Claims McDonalds India Breach Involving Customer Data
The notorious Everest ransomware group is claiming to have breached McDonald’s India, the Indian subsidiary of the American fast-food giant. The claim was published on the group’s official dark web leak site earlier today, January 20, 2026, stating that they exfiltrated a massive 861 GB of customer data and internal company documents. As reviewed by Hackread.com, the group also published internal screenshots to support the authenticity of its claims. A closer look at these screenshots reveals financial reports from 2023 to 2026, audit trails, cost tracking sheets, ERP migration files, pricing data, and other sensitive internal communications.
Source: Hackread

ChainLeak: Critical AI Framework Vulnerabilities Expose Data, Enable Cloud Takeover
Zafran Labs identified two critical vulnerabilities in Chainlit, a widely used open source AI framework. These vulnerabilities affect internet-facing AI systems that are actively deployed across multiple industries, including large enterprises. The flaws allow attackers to leak cloud environment API keys and steal sensitive files (CVE-2026-22218), as well as perform Server-Side Request Forgery (SSRF) against servers hosting AI applications (CVE-2026-22219). These vulnerabilities can be triggered with no user interaction. Zafran confirmed the vulnerabilities in real world, internet-facing applications operated by major enterprises.
Source: Zafran Labs