January 2026

Cyber Threat Intelligence Report

Ransomware evolution, infostealer activity, and ClickFix-driven Phishing

The January 2026 Cyber Threat Intelligence Report provides a practical overview of the threats we saw driving real-world impact in the month. It focuses on active exploitation, attacker tradecraft, ransomware and infostealer activity, and emerging phishing techniques to help security teams stay a step ahead of nascent threats and well-established tactics.

 

What’s Inside the Report

  • Vulnerability Spotlight – CVE-2025-64155 (Fortinet FortiSIEM)
    A detailed review of a critical FortiSIEM remote code execution vulnerability, including affected versions, exploitation mechanics, and mitigation guidance.
  • High-Severity Vulnerability Review
    A prioritized overview of high-impact vulnerabilities requiring immediate attention, helping teams focus remediation efforts where risk is greatest.
  • Ransomware Activity Review
    An analysis of ransomware activity observed in January 2026, including the most active groups, targeted regions, and affected industries.
  • Malware Analysis
    Technical breakdowns of notable malware observed during the month, including Lyrix ransomware, Cattore infostealer, and Clearwater ransomware, with insight into execution flow, data theft behavior, and defensive considerations.
  • Inbox Intelligence – Phishing Campaign Analysis
    A step-by-step analysis of a ClickFix-style phishing campaign that leverages user interaction and trusted services to establish persistence and deploy remote access tools.


Powered by Cynet CyOps Threat Intelligence

This report is produced by Cynet’s CyOps Threat Intelligence Team, combining decades of combined expertise and continuous threat research, real-world telemetry, and hands-on incident response experience to deliver intelligence that is timely, relevant, and designed for action.


Looking for more in-depth Threat Intel?

Cynet partners and customers receive exclusive access to CTI Reports before they are made available for public download. Learn more about CyOps MDR to unlock the advantage of ongoing threat intel and real-time response.

 

By clicking submit I consent to the use of my personal data by Cynet in accordance with Cynet’s Privacy Policy and by its partners.

Backed by the industry, loved by customers.

Outstanding results in 2025 Mitre ATT&CK Evaluations

100% Detection Visibility

100% Technique-Level Coverage

100% Protection

Learn More

Top-tier performance according to our users

98% score for Real-Time Detection

97% score for 24/7 support

97% score for Automated Remediation

Learn More

Recommended by 95%

Overall 4.8/5 Rating

Product capabilities 4.8/5 Rating

Ease of deployment 4.8/5 Rating

Learn More