Microsoft Patches 114 Vulnerabilities Amid Rising Ransomware Threats
Microsoft Patches 114 Vulnerabilities Amid Rising Ransomware Threats
On January 18, 2026, Microsoft released a crucial security update addressing 114 vulnerabilities, among which are three actively exploited zero-day vulnerabilities. Notably, CVE-2026-20805 affects the Desktop Window Manager, underscoring the critical need for organizations to implement timely software updates to mitigate risks. This patch is part of Microsoft's regular Patch Tuesday cycle and serves as a reminder of the ongoing vulnerabilities that threaten enterprise security.
Additionally, the LockBit ransomware group has claimed responsibility for 112 victims in December 2025, reinforcing its position as a top-tier ransomware threat. The resurgence of LockBit, coupled with the exploitation of known zero-day vulnerabilities by a China-linked APT group targeting critical infrastructure, paints a concerning picture of the current cybersecurity landscape. The emergence of the EvilAI malware campaign, which targets organizations by masquerading as legitimate AI tools, further highlights the evolving tactics of cybercriminals. These incidents collectively emphasize the necessity for heightened vigilance and adaptive security measures across all sectors.
Also In Security Today
- LockBit Ransomware Activity: The LockBit group has escalated its operations, claiming 112 victims in December 2025, marking a significant increase in ransomware incidents across multiple sectors CyberSecurity Hunter.
- Exploited Zero-Days: A China-linked APT group exploited CVE-2025-53690, a zero-day vulnerability in Sitecore, targeting critical infrastructure in North America, highlighting state-sponsored threat actors' persistence CyberSecurity Hunter.
- EvilAI Malware Campaign: The new EvilAI malware infiltrates organizations by pretending to be legitimate AI tools, showcasing the evolving strategies used by cybercriminals today CyberSecurity Hunter.