January Patch Tuesday Floods Networks with 114 CVEs, Including 3 Fresh Zero‑Days

Krebs on Security reported that the January 2026 Patch Tuesday released 114 publicly disclosed vulnerabilities across major operating systems, office suites, and networking gear. Among them, three were classified as zero‑day exploits—bugs that were actively weaponized before any vendor‑issued fix was available. The affected products include the latest Windows 11 build, Microsoft Office, Adobe Acrobat, and firmware on several Cisco and Juniper routers.

These flaws expand the attack surface for nation‑state actors and cybercrime groups, offering multiple entry points for lateral movement, credential theft, and ransomware deployment. Defenders must prioritize rapid inventory, apply the available patches, and implement compensating controls for the zero‑days until fixes are released, as the window for exploitation is already open.

Categories: Vulnerabilities & Exploits, AI Security & Threats, Threat Intelligence

Source: Read original article