ZeroFox Daily Intelligence Brief - January 30, 2026
|by Alpha Team
ZeroFox Daily Intelligence Brief - January 30, 2026
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- ZeroFox Intelligence Assessment: Winter Olympics Games Milano Cortina 2026
- Aisuru Botnet Launches Record 31.4 Tbps DDoS Attack
- Ivanti Releases Patches for Critical Actively Exploited Bugs
ZeroFox Intelligence Assessment: Winter Olympics Games Milano Cortina 2026
Source: https://www.zerofox.com/advisories/38129/
What we know: ZeroFox identified threats that pose a passive risk, including compromised credentials and botnet logs for sale, as well as suspicious domains impersonating official 2026 Winter Olympics branding. Additionally, ZeroFox identified accommodation and ticket scams that pose a risk to attendees and viewers.
Context: The Winter Olympic Games will take place from February 6 to 22 across multiple locations in northern Italy, with over two million guests expected to attend. In the weeks leading up to the Games, there has been a spike in anti-American sentiment, particularly related to recent U.S. foreign and immigration policy.
Analyst note: The U.S. State Department currently has a Level 2 travel advisory in place for Italy (Exercise Increased Caution), which was issued on May 23, 2025. ZeroFox assesses that civil unrest in Italy has an unlikely chance of disrupting aspects of the 2026 Winter Olympics; however, this situation should be continuously monitored for changes as the Games and related events approach.
Aisuru Botnet Launches Record 31.4 Tbps DDoS Attack
What we know: The Aisuru botnet conducted a distributed denial of service (DDoS) attack, targeting majorly telecommunication companies, that reached 31.4 Tbps (Terabits per second) and 200 million requests per second.
Context: The attack and the campaign it was a part of targeted several companies across different sectors, with most of them being in telecommunication. The attacks were reportedly mitigated soon after detection.
Analyst Note: Although the attack was mitigated, it is likely to have caused at least some temporary disruption to crucial services. Despite its scale, the attack is unlikely to have any long-lasting impact.
Ivanti Releases Patches for Critical Actively Exploited Bugs
What we know: Ivanti has released security patches (RPM scripts) for its Endpoint Manager Mobile (EPMM), addressing two critical-rated vulnerabilities (CVE-2026-1281 and CVE-2026-1340).
Context: The flaws are code-injections that have been exploited as zero-days, in a “very limited number of customers.” Attackers have exploited the EPMM flaws to gain unauthenticated remote code execution of vulnerable devices.
Analyst note: Immediate version-specific patching of vulnerabilities is required, to avoid further exploitation. In case of unchecked exploitation, threat actors are likely to exfiltrate personal data and abuse LDAP credentials for lateral movement among the unpatched versions.
DEEP AND DARK WEB INTELLIGENCE
THE GREEN BLOOD GROUP: A threat actor group, named “THE GREEN BLOOD GROUP,” claims to have encrypted “important files” explicitly from entities in India, Senegal, and Colombia. Additionally, they claim to have ongoing negotiations failing which they will release the allegedly encrypted data. Given that the leak site and the threat group are not widely known cybercriminal, state-sponsored, or terrorist entities, it is likely that its claims are exaggerated.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2026-24134: StudioCMS version 0.2.0 patches a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users.
Affected products: StudioCMS versions prior to 0.2.0
Tags: DIB, tlp:green