Google Threat Intelligence reports a sophisticated supply chain attack on axios NPM package versions 1.14.1 and 0.30.4 (March 31, 2026), where attackers injected malicious 'plain-crypto-js' dependency to deploy WAVESHAPER.V2 backdoor across Windows, macOS, and Linux platforms. Attribution to UNC1069 based on malware signatures, infrastructure overlaps, and operational patterns. Remediation guidance includes version pinning, dependency auditing, CI/CD pipeline security, and credential rotation.

Mandiant and Google GTIG report zero-day exploitation of CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint by suspected PRC-nexus threat actor UNC6201 since mid-2024, enabling deployment of SLAYSTYLE, BRICKSTORM, and novel GRIMBOLT malware. The report includes technical analysis of exploitation methods, persistence mechanisms via convert_hosts.sh modification, newly observed VMware pivot tactics including Ghost NICs and iptables-based Single Packet Authorization, and comprehensive remediation guidance with IOCs and YARA rules.

This is a detailed vulnerability intelligence report covering January 2026 CVE disclosures, organized by severity level. It includes critical vulnerabilities in major software platforms including Microsoft, Apple, Google Chrome, OpenSSL, Linux kernel, Kubernetes, container technologies, web frameworks (Django, Laravel, Rails), authentication systems, and industrial/IoT devices. Notable high-severity findings include buffer overflows, SQL injection, path traversal, authentication bypass, and remote code execution flaws in widely-deployed systems with active exploitation potential.