Critical Cyber Incidents Reported in Late January 2026: OpenSSL Vulnerability, Phishing Campaign, and Ransomware Attack

The week of January 26, 2026, was marked by several cyber incidents. A critical vulnerability in OpenSSL (CVE-2026-12345) was disclosed, affecting versions 3.0.x and enabling remote code execution. Patches were released on January 28, 2026. A phishing campaign targeting Microsoft 365 users exploited spoofed domains to steal credentials, with a peak in attacks on January 27. In France, a LockBit 3.0 ransomware attack hit a regional hospital, disrupting medical systems for 48 hours. No ransom demand was communicated. French authorities confirmed a 23% increase in reported incidents compared to 2025.