Cyber Brief: Exploited flaws, zero-day surge and HR/payroll risk

Today’s cyber reporting highlights how exploited vulnerabilities, a notable surge in zero-day attacks and human-centric risks are shaping the threat landscape. Rather than relying on complex campaigns, attackers are capitalising on gaps in patching, increasingly targeting pre-disclosure vulnerabilities and shifting focus to roles that control critical functions such as HR and payroll.

SmarterMail authentication bypass exploited in the wild shortly after patch release

Security reporting today confirms that a recently patched authentication bypass in SmarterMail email software is being actively exploited. The flaw, tracked as WT-2026-0001 and addressed in a January patch, allows attackers to reset system administrator passwords via a crafted API request. Once this privileged access is obtained, attackers can execute commands on the underlying system, potentially gaining full control.
The rapid exploitation - just days after the patch was released - underscores how quickly attackers adapt to changes and reverse-engineer fixes for operational advantage.

Why it matters
Exploitation so soon after patch release highlights the need for rapid remediation and proactive testing to ensure patches are fully understood and applied.

Source
The Hacker News

Zero-day exploits surge before disclosure, analysis shows

Analysis published today highlights a notable trend: nearly 30 % of vulnerabilities are now exploited before public disclosure. According to VulnCheck analysts, the rise from 23.6 % in 2024 to 28.96 % in 2025 demonstrates how threat actors increasingly invest in finding and weaponising vulnerabilities before defenders are aware.
This trend shortens defensive windows and increases the importance of internal discovery and early mitigation strategies.

Why it matters
Zero-day exploitation before disclosure compresses remediation timelines. Organisations should emphasise proactive discovery and threat-informed patch prioritisation.

Source
Infosecurity Magazine

HR & payroll systems increasingly targeted by cybercriminals

Industry reporting today highlights that HR and payroll functions have become prime targets for cyber-attacks. The complex mix of high-value personal data, transactional pathways and numerous inter-organisational connections makes these systems attractive to fraudsters and attackers. Common tactics include social engineering that impersonates employees or leadership, redirecting payments or accessing personal data.
The human element is cited as a major factor in these attacks, reinforcing that technical controls must be paired with rigorous process and awareness measures.

Why it matters
HR and payroll systems hold high-risk data and control channels. Strengthening access controls, transaction monitoring and employee-focused security training help reduce abuse.

Source
The HR Director

Today’s Key Actions

1. Apply patches for recently exploited vulnerabilities as a priority.
2. Enhance internal vulnerability discovery to catch pre-disclosure flaws.
3. Monitor HR/payroll systems for anomalous access and transactions.
4. Pair awareness training with technical safeguards.
5. Update risk registers with zero-day and human-centric threat exposure.

Secarma Insight

Today’s stories illustrate an evolving threat landscape where attackers blend rapid technical adaptation with human-centric pathways. Defence requires not only disciplined patching but also proactive discovery and targeted controls around high-value roles.

Get in touch with us to prioritise your next steps and strengthen your security posture.