Cybersecurity Weekly Update: 12-19 January 2026

1. Microsoft January Patch Tuesday – Active Zero-Day Exploitation

Microsoft released its January 2026 Patch Tuesday updates addressing over 110 vulnerabilities, including one actively exploited zero-day (CVE-2026-20805) affecting the Windows Desktop Window Manager. The flaw allows attackers to leak sensitive memory contents, which can then be chained with other vulnerabilities for privilege escalation. (tomsguide.com)

Impact:Active exploitation increases the risk of endpoint compromise across Windows environments, particularly in organisations with large user populations.

Action:Apply January security updates immediately and prioritise internet-facing and high-value systems.

2. Attackers Exploit Critical WordPress Plugin to Gain Admin Access

Attackers are actively exploiting a critical vulnerability in the Modular DS WordPress plugin that allows unauthenticated attackers to gain administrator access to affected sites. The flaw impacts versions up to 2.5.1 and enables full site takeover, including malicious content injection and malware distribution. A patched version (2.5.2) is now available. (techradar.com)

Impact:WordPress is widely used for public-facing portals in education, healthcare, and SMEs. A compromised site can damage trust, expose users to malware, and be leveraged for further attacks.

Action:Update the affected plugin immediately, audit administrator accounts for unauthorised changes, and restrict admin access using MFA and IP controls.

3. AI Prompt Injection Highlights Emerging Risks in Enterprise AI Tools

Security researchers disclosed a prompt-injection technique affecting Google’s Gemini AI, where malicious calendar invitations could influence AI behaviour and expose contextual data. While no widespread abuse has been reported, the issue highlights a growing class of AI-specific security risks.(thehackernews.com)

Why it matters:As AI tools are embedded into enterprise productivity platforms, they introduce new attack surfaces that traditional security controls may not fully address.

4. “MonetaStealer” Infostealer Targets macOS Credentials

Researchers have identified a new macOS infostealing malware named MonetaStealer that is actively targeting Apple systems in the wild. Disguised as a seemingly innocuous file named Portfolio_Review.exe, the binary is actually a Mach‑O executable that runs on macOS and is designed to circumvent static detection. Once executed, MonetaStealer is capable of harvesting browser passwords, cryptocurrency wallet data, Wi‑Fi credentials, SSH keys and financial documents before exfiltrating them via a Telegram bot infrastructure. (cybersecuritynews.com)

Impact: Credentials and sensitive data stolen from macOS devices can enable attackers to pivot into VPNs, cloud services, developer accounts, and enterprise systems, increasing the risk of broader compromise.

Action: Include macOS endpoints in enterprise EDR and monitoring, restrict execution of files from untrusted sources, and train users to avoid running deceptive binaries.

Key Recommendations

• Patch Immediately: Prioritise Microsoft January updates and ensure CMS platforms and plugins are fully up to date.

• Secure Public-Facing Systems: Harden WordPress and other internet-facing services with MFA, WAFs, and restricted admin access.

• Expand Endpoint Coverage: Treat macOS devices as first-class enterprise assets with equivalent visibility and controls.

• Maintain Credential Hygiene: Continuously audit access rights, credentials, and exposed services.