January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
Summary
In January 2026, 23 actively exploited CVEs were observed, marking a 5% increase compared to the previous period. These vulnerabilities included a Microsoft Office zero-day exploited by APT28 and critical authentication bypass flaws affecting enterprise systems.
IFF Assessment
FOE
The increase in actively exploited critical vulnerabilities poses a significant threat to defenders.
Severity
9.8
Critical
(AI Estimated)
Defender Context
The rise in actively exploited CVEs, particularly zero-days, demands increased vigilance and proactive patching strategies. Defenders should prioritize investigating and mitigating authentication bypass flaws as well as monitor for APT28 activity targeting Microsoft Office. Continuous threat intelligence and incident response planning are essential in this evolving landscape.