Security

Cybersecurity Alert: Latest RCEs, Darknet Busts, Kernel Bugs & More Critical Updates

Published

6 days ago

January 30, 2026

into plain text. CISA has identified a security flaw in the Linux kernel that is being actively exploited, prompting FCEB agencies to apply patches by a specified deadline. The Cybersecurity and Infrastructure Security Agency (CISA) has reported that the Linux Kernel has an integer overflow vulnerability in the create_elf_tables() function, identified as CVE-2018-14634, with a CVSS score of 7.8. This vulnerability could potentially allow an unprivileged local user with access to SUID binary to escalate their privileges on the system. As of now, there have been no reported instances of this vulnerability being exploited in the wild. Halcyon cybersecurity company has discovered a critical flaw in the encryption process of Sicarii ransomware, making data recovery impossible even if a ransom is paid. The malware generates a new RSA key pair locally, uses it for encryption, and then discards the private key. The use of per-execution key generation in encryption means that the encryption process is not dependent on a recoverable master key, leaving victims unable to decrypt their data. This has made attacker-provided decryptors ineffective for affected systems. It is believed with moderate confidence that the threat actors used AI-assisted tools that led to an implementation error.

The Importance of HTML in DeadLock Operator Communication

The use of HTML plays a crucial role in enabling direct communication between the DeadLock operator and the victim. It facilitates the sending and receiving of messages through a server acting as a middleware or proxy. Group-IB highlighted the significance of server addresses management by DeadLock and revealed the presence of JS code interacting with a smart contract on the Polygon network within the HTML file.

The HTML file contains a list of endpoints for interacting with the Polygon network or blockchain and obtaining the current proxy URL via the smart contract. Unlike traditional ransomware operations, DeadLock does not have a data leak site to publicize attacks. Instead, it utilizes AnyDesk as a remote management tool and exploits a previously unknown loader to target the Baidu Antivirus driver vulnerability (CVE-2024-51324) for a bring your own vulnerable driver (BYOVD) attack, disabling endpoint security solutions. According to Cisco Talos, the threat actor leverages compromised valid accounts to gain access to the victim’s machine.

Escalation of Crypto Laundering Networks

A recent report by Chainalysis highlights the increasing scale of Chinese-language money laundering networks (CMLNs) dominating crypto money laundering activities. These networks processed an estimated 20% of illicit cryptocurrency funds over the past five years, amounting to $16.1 billion in 2025. The illicit on-chain money laundering ecosystem has witnessed significant growth, reaching over $82 billion in 2025 from $10 billion in 2020. CMLNs employ various mechanisms such as gambling platforms, money movement, and peer-to-peer services for fund transfers without KYC checks. They have also been involved in processing approximately 10% of funds stolen in pig butchering scams, coinciding with a decline in centralized exchanges usage.

Additionally, the emergence of guarantee marketplaces like HuiOne and Xinbi has provided CMLNs with marketing venues and escrow infrastructure. These networks advertise on guarantee services to offer money laundering techniques with the aim of integrating illicit funds into the legitimate financial system.

Rise in SMS Fraud Targeting Canadians

Canadian residents are facing a surge in SMS fraud activities perpetrated by threat actors impersonating government services and trusted national brands. These scams often lure individuals with fake messages related to traffic fines, tax refunds, airline bookings, and parcel delivery alerts. The fraudsters use malicious ads and phishing landing pages to enable account takeovers and direct financial fraud. A significant portion of this fraudulent activity aligns with the ‘PayTool’ phishing ecosystem, known for targeting Canadians through SMS-based social engineering tactics.

These stories highlight ongoing challenges evolving gradually over time. The repeated exploitation of vulnerabilities underscores the persistence of attackers in finding and exploiting weaknesses. It is essential to address these issues proactively to prevent further escalation and protect against emerging threats.