CP
cyberpings
VulnerabilitiesHIGH

CVE Surge: 23 Critical Vulnerabilities Discovered in January 2026

RFRecorded Future Blog
CVEAPT28Microsoft Officezero-dayauthentication bypass
🎯

Basically, 23 serious security flaws were found, including one that hackers are using to attack Microsoft Office.

Quick Summary

January 2026 revealed 23 critical vulnerabilities, including a zero-day in Microsoft Office exploited by APT28. This surge raises serious security concerns for users and businesses alike. Stay updated and vigilant to protect your data!

What Happened

January 2026 has kicked off with a staggering 23 critical vulnerabilities (CVE?s) identified, raising alarms across the cybersecurity community. Among these, a notable zero-day vulnerability? in Microsoft Office has been exploited by the notorious APT28? group. This means that hackers are actively taking advantage of this flaw before it can be fixed, putting users at significant risk.

In addition to the Microsoft Office zero-day, there are also critical authentication bypass? vulnerabilities that could allow unauthorized access to enterprise systems. These flaws are particularly concerning for businesses, as they can lead to data breaches and other damaging incidents. The increase of 5% in critical vulnerabilities compared to previous months shows a worrying trend in the cybersecurity landscape.

Why Should You Care

You might think, "This doesn't affect me," but it does. If you're using Microsoft Office or any enterprise software, your personal data and your company's sensitive information could be at risk. Imagine leaving your front door unlocked; it’s an open invitation for intruders. Similarly, these vulnerabilities provide hackers with easy access to your systems.

Boldly, the key takeaway is that vigilance is essential. Regular updates and security patches? are your first line of defense against these threats. If you ignore them, you could be leaving your digital doors wide open for cybercriminals.

What's Being Done

The cybersecurity community is on high alert. Microsoft is likely working on patches for the zero-day vulnerability? and other critical flaws. Here are some immediate actions you can take:

  • Update your software regularly to ensure you have the latest security patches?.
  • Monitor your systems for any unusual activity that could indicate exploitation.
  • Educate yourself and your team about these vulnerabilities to better understand the risks.

Experts are closely watching the situation, especially how APT28? will continue to exploit these vulnerabilities and what new threats may emerge as a result. Staying informed is crucial to protecting yourself and your organization.

💡 Tap dotted terms for explanations

🔒 Pro insight: The rise in CVEs indicates a potential shift in APT28's targeting strategy, warranting close monitoring of their tactics and techniques.

Original article from

Recorded Future Blog

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Critical RRAS RCE Vulnerabilities Patched in Windows 11

Microsoft released a hotpatch for critical RRAS vulnerabilities in Windows 11. These flaws could allow hackers to execute code remotely. Users should ensure their systems are updated to protect against potential attacks.

Cyber Security News·
HIGHVulnerabilities

FortiGate Firewalls Targeted in High-Severity Exploit Wave

FortiGate firewalls are under attack as hackers exploit critical vulnerabilities. Organizations using these firewalls are at risk of credential theft and network breaches. Immediate patching and credential rotation are essential to mitigate these threats.

Cyber Security News·
HIGHVulnerabilities

March Patch Tuesday Fixes 84 Vulnerabilities Across 15 Products

Microsoft's March Patch Tuesday addressed 84 vulnerabilities across various products. Eight are critical, but none affect Windows directly. Stay updated to protect your systems from potential exploits.

Sophos News·
HIGHVulnerabilities

Microsoft Issues Urgent Hotpatch for Windows 11 RCE Vulnerability

Microsoft has released a critical hotpatch for Windows 11 to fix serious vulnerabilities. Affected devices include Windows 11 Enterprise systems. This update is crucial to prevent remote code execution that could compromise sensitive data.

BleepingComputer·
CRITICALVulnerabilities

Critical Vulnerability in HPE AOS-CX Allows Password Resets

The Flaw Hewlett Packard Enterprise (HPE) has reported a critical-severity vulnerability in its Aruba Networking AOS-CX switches, tracked as CVE-2026-23813. This vulnerability has a CVSS score of 9.8, indicating its severity. It allows attackers to reset administrator passwords remotely and without any authentication, effectively bypassing existing security measures. This flaw affects various models, including the CX 4100i, CX 6000,

SecurityWeek·
HIGHVulnerabilities

Critical LangSmith Vulnerability Exposes Users to Account Takeover

A critical vulnerability in LangSmith could allow hackers to take over user accounts. This flaw affects users who rely on LangSmith for AI data monitoring. Immediate action is required to ensure security and protect sensitive information.

Cyber Security News·