This is a detailed vulnerability intelligence report covering January 2026 CVE disclosures, organized by severity level. It includes critical vulnerabilities in major software platforms including Microsoft, Apple, Google Chrome, OpenSSL, Linux kernel, Kubernetes, container technologies, web frameworks (Django, Laravel, Rails), authentication systems, and industrial/IoT devices. Notable high-severity findings include buffer overflows, SQL injection, path traversal, authentication bypass, and remote code execution flaws in widely-deployed systems with active exploitation potential.

Russian military intelligence-linked hackers are exploiting known vulnerabilities in older internet routers to harvest authentication tokens from Microsoft Office users across over 18,000 networks. The campaign operates without deploying malicious software, allowing state-backed actors to conduct stealthy credential theft at scale.

Microsoft reported tensions [10 sources]