Security Check-in Quick Hits: Cisco Zero-Day Exploits, Fortinet SSO Attacks, AI Malware Emergence, Ingram Micro Ransomware, and Cloud Testing App Breaches

For January 24, 2026

Cisco Zero-Day Vulnerability Exploits Demand Immediate Action

In the ever-evolving landscape of cybersecurity threats, a critical zero-day vulnerability, tracked as CVE-2026-20045, has emerged in Cisco’s Unified Communications products, including Unified Communications Manager, SME, IM & Presence Service, Unity Connection, and Webex Calling. This flaw allows unauthenticated remote attackers to execute arbitrary code, escalate privileges, and access sensitive data without any barriers. Discovered amid active exploitation, it poses a severe risk to organizations relying on these systems for communication and collaboration. The high confidentiality impact could lead to widespread data exposure, operational disruptions, and even broader network compromises if left unaddressed.

To mitigate this threat, security teams should prioritize applying Cisco’s latest patches without delay. Additionally, monitoring for anomalous activity, restricting access to vulnerable ports, and implementing robust network segmentation can help fortify defenses. This incident underscores the importance of proactive vulnerability management—staying ahead of exploits like this is crucial to maintaining trust in digital infrastructure.

Fortinet FortiGate SSO Flaws Under Active Attack

Fortinet’s FortiGate firewalls have become a prime target for cybercriminals exploiting vulnerabilities in their Single Sign-On (SSO) features, specifically CVE-2025-59718 and CVE-2025-59719. These flaws enable attackers to add unauthorized admin users, gain VPN access, and export sensitive configurations, often through automated scans of exposed devices. Even after patching, risks linger if systems remain misconfigured or unnecessarily internet-facing, allowing rapid malicious injections and data exfiltration.

The impacts are significant, with real-world observations of device compromises occurring shortly after disclosure, potentially leading to full network takeovers. Organizations should immediately disable FortiCloud SSO, apply the latest patches, and vigilantly monitor logs for unusual admin behavior. Rotating credentials and minimizing exposure are key steps to prevent these attacks from escalating into major breaches.

The Rise of AI-Generated Malware: VoidLink and Beyond

The emergence of AI-generated malware like VoidLink marks a concerning shift in the threat landscape, targeting developers and admins through sophisticated techniques such as prompt injection and malicious packages. Linked to vulnerabilities in AI frameworks like Chainlit (CVE-2026-22218/22219), which allow remote file access and server-side request forgery, this malware also exploits issues in tools from Anthropic, Microsoft Copilot, and unsecured AI agents. By leveraging AI for creation, attackers can produce evasive, persistent threats that democratize advanced cyberattacks for less skilled actors.

Impacts include data exfiltration, cloud breaches, and long-term system persistence, amplifying risks in AI-dependent environments. Defenders should update AI tools promptly, carefully vet third-party packages, and enforce input validation, sandboxing, and specialized AI security measures to counter this growing trend.

Ingram Micro Ransomware Attack Exposes Supply Chain Vulnerabilities

A recent ransomware attack on IT distributor Ingram Micro has compromised the personal data of over 42,000 individuals, including names, contact details, dates of birth, and government IDs such as Social Security numbers, driver’s licenses, and passports. This breach highlights the cascading effects of supply chain attacks, where a single incident can ripple through thousands of global organizations, enabling identity theft, phishing, and further exploitation.

To safeguard against similar threats, affected parties should rotate credentials, enable multi-factor authentication (MFA), and monitor for suspicious activity. Broader recommendations include revoking unnecessary vendor access, implementing conditional access policies, and adopting zero-trust architectures to strengthen vendor management. This event serves as a stark reminder of the need for resilient supply chain security practices.

Breaches in Misconfigured Cloud Security Testing Apps

Misconfigured “damn vulnerable” security testing, demo, and pentesting applications in cloud environments like AWS, GCP, and Azure are being exploited en masse, with nearly 2,000 instances identified across Fortune 500 companies. Attackers leverage default credentials to deploy crypto miners, webshells, and facilitate lateral movement, transforming these training tools into unwitting entry points for full-scale breaches.

The consequences include unauthorized access, resource abuse, and potential enterprise-wide compromises. Best practices involve promptly decommissioning temporary labs, continuously monitoring for exposed instances, and applying production-level security to all cloud assets. Treating every environment with equal rigor is essential to prevent these overlooked vulnerabilities from becoming catastrophic weak links.