Wednesday War Room – 01/21/2026

It is officially late January, and the attackers are acting like it is peak holiday chaos.

Author

J.W. Croley
January 21, 2026

In partnership with

Why AI Isn’t Replacing Affiliate Marketing After All

“AI will make affiliate marketing irrelevant.”

Our new research shows the opposite.

Levanta surveyed 1,000 US consumers to understand how AI is influencing the buying journey. The findings reveal a clear pattern: shoppers use AI tools to explore options, but they continue to rely on human-driven content before making a purchase.

Here is what the data shows:

  • Less than 10% of shoppers click AI-recommended links

  • Nearly 87% discover products on social platforms or blogs before purchasing on marketplaces

  • Review sites rank higher in trust than AI assistants

The common theme in the last 48 hours is simple: they are hunting for trust boundaries, then walking right through them. Developer tooling, AI integrations, “helpful” remote support, and edge devices are all getting leaned on hard.

Let’s dive in.

ACF Extended Privilege Escalation Hands Over WordPress Admin

Risk Level: Critical

Business Impact: Unauthenticated attackers can gain administrator privileges on exposed WordPress sites, leading to full site takeover, web shell deployment, SEO spam, credential harvesting, and downstream pivoting.

What You Need to Know: A critical flaw in the ACF Extended plugin lets attackers abuse a form action to set arbitrary roles, including admin, in versions 0.9.2.1 and earlier. The issue is tracked as CVE-2025-14533 and is fixed in 0.9.2.2, but the real risk is any site that uses “Create User” or “Update User” forms with role mapping.

Why This Matters:

  • Public facing content systems are still one of the fastest paths to brand damage and credential theft.

  • “Unauthenticated to admin” is a straight line from nuisance to incident, especially if the site touches SSO, customer portals, or internal workflows.

  • Attackers love plugin ecosystems because they scale, one exploit can become thousands of compromises.

Executive Actions:

🧩 Patch or disable ACF Extended immediately, and validate you are on the fixed release.

🔍 Hunt for unexpected new admin accounts, role changes, and abnormal user creation activity.

🧱 Put your CMS behind additional controls where possible, WAF rules, geo restrictions, and admin login hardening.

🧾 Require a rapid plugin risk review process, especially for anything that creates or updates users.

PDFSider Backdoor Shows Up in Finance Sector Ransomware Activity

Risk Level: Critical

Business Impact: Stealthy, long term access on Windows endpoints that can be used for credential theft, command execution, and ransomware staging.

What You Need to Know: Incident responders found a new Windows malware strain dubbed PDFSider used against a Fortune 100 finance org. The intrusion relied on social engineering, including pushing Microsoft Quick Assist, and used DLL side loading with a legitimate signed executable as cover. Researchers also linked observed use to ransomware activity.

Why This Matters: 

  • “Legit tool plus sneaky loader” keeps working because it looks like normal IT activity until it is too late.

  • Remote support tooling is an access broker’s dream when policy and monitoring are weak.

  • Backdoors designed for quiet persistence are the usual prelude to ransomware or data theft.

Executive Actions: 

🧑‍💻 Lock down remote support tools like Quick Assist, require approval, restrict who can launch, and log everything.

🧪 Add detections for DLL side loading patterns, unusual module loads, and signed binary abuse.

🔐 Enforce least privilege on endpoints, and kill local admin sprawl wherever you can.

🧯 Practice the ransomware “early warning” play, suspicious remote assistance, then rapid isolation and credential reset.

LinkedIn DMs Used as an Initial Access Channel for RAT Delivery

Risk Level: High

Business Impact: Compromise of high-value users through social engineering, leading to remote access, data theft, and possible lateral movement into corporate environments.

What You Need to Know: A phishing campaign is using LinkedIn private messages to build trust, then deliver a WinRAR self-extracting archive that triggers DLL side loading and drops a Python-based payload to establish remote access. ReliaQuest summarized the approach in this report on LinkedIn message based RAT delivery.

Why This Matters: 

  • Security controls are usually tuned for email, not social DMs, which makes this a visibility blind spot.

  • “Trusted platform” social engineering is brutally effective on executives, recruiters, and engineers.

  • Initial access through one user can quickly become a broader enterprise incident if token and browser data is stolen.

Executive Actions: 

🧠 Expand phishing training to include social media DMs, not just email.

🛡️ Add controls for archive execution and script interpreter misuse, especially Python interpreters dropped in user space.

🔍 Monitor for suspicious persistence like new Run keys and unusual outbound connections from user workstations.

👥 Create an escalation path for employees to report suspicious outreach, especially “send me this file” style requests.

Leadership Insight:

The pattern is not subtle: attackers are targeting the glue that holds modern operations together, plugins, remote support, AI connectors, and unmanaged devices. That glue exists because speed is rewarded and governance is “tomorrow’s problem.”

If you want a defensible 2026 posture, stop thinking in terms of single tools and start thinking in terms of trust boundaries.

Anything that can create users, fetch URLs, reset passwords, or execute “helpful” automation is now a privileged system. Treat it that way, or the adversary will.

AI-native CRM

“When I first opened Attio, I instantly got the feeling this was the next generation of CRM.”
— Margaret Shen, Head of GTM at Modal

Attio is the AI-native CRM for modern teams. With automatic enrichment, call intelligence, AI agents, flexible workflows and more, Attio works for any business and only takes minutes to set up.

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

Google Gemini Prompt Injection Turns Calendar Invites Into Data Exfil

Risk Level: High

Business Impact: Exposure of private meeting data and creation of deceptive events, which can lead to executive targeting, deal intelligence leakage, and operational disruption.

What You Need to Know: Researchers detailed an indirect prompt injection technique where a malicious payload is hidden inside a Calendar invite, allowing Gemini to be coerced into bypassing guardrails and leaking private Calendar information. The write up on Gemini prompt injection via Calendar invites outlines how it can happen without direct user interaction beyond the invite flow.

Why This Matters:

  • AI assistants are becoming a new “automation layer” for attackers to manipulate, not just a tool for defenders.

  • Calendar data is operational gold, travel, meetings, vendors, negotiations, and key projects.

  • Trust in business workflows breaks fast when events can be spoofed or quietly altered.

Executive Actions: 

🗓️ Treat Calendar as sensitive data, tighten sharing defaults, and reduce public or broad internal visibility.

🧰 Limit which AI tools can integrate with enterprise data sources, and enforce app governance reviews.

🔎 Add monitoring for unusual Calendar changes, mass event creation, and suspicious invite patterns.

📣 Set a policy: do not act on meeting changes or instructions from Calendar events without secondary verification for high risk contexts.

MCP Servers: SSRF, RCE Chains, and Cloud Credential Exposure Risk

Risk Level: Critical

Business Impact: AI connected tooling can be abused for SSRF and chained exploits that may lead to remote code execution and cloud credential theft, especially in over permissioned environments.

What You Need to Know: Researchers highlighted serious weaknesses in popular Model Context Protocol server implementations, including SSRF exposure in Microsoft’s MarkItDown MCP server and an exploit chain that weaponizes Anthropic MCP servers into RCE when chained with other capabilities. Dark Reading breaks down the risk and mechanics in this overview of MCP server vulnerabilities and exploit chains.

Why This Matters: 

  • “AI agent plus connectors” is becoming the new shadow IT, but with real permissions and real blast radius.

  • SSRF is not just a web app problem anymore; it is a cloud credential theft problem.

  • Chained weaknesses are the real danger; each component looks “medium,” the combined outcome is catastrophic.

Executive Actions:

🔐 Review AI tool permissions like you would a privileged service account, least privilege or it gets abused.

☁️ Enforce IMDSv2 where applicable and tighten cloud metadata access to reduce SSRF impact.

🧪 Add testing and threat modeling for AI connected services, especially anything that fetches URLs or reads files.

🧱 Segment AI tooling networks and restrict egress so “fetch anything” cannot become “exfiltrate everything.”

TP-Link VIGI Cameras: Auth Bypass Lets Attackers Reset Admin Password

Risk Level: High 

Business Impact: Surveillance camera takeover, potential access to video feeds, and a foothold into internal networks if cameras share segments with business systems.

What You Need to Know: TP-Link patched a high severity authentication bypass in the password recovery feature of VIGI camera local web interfaces, tracked as CVE-2026-0629. The issue enables attackers on the LAN to reset the admin password by manipulating client side state, and researchers noted thousands of internet exposed cameras during discovery.

Why This Matters: 

  • “It is just a camera” becomes “it is on your network,” and that is the part that matters.

  • IoT and surveillance gear often lives forever, rarely patched, and frequently exposed.

  • Compromised cameras can be used for recon, persistence, and as a pivot point into higher value assets.

Executive Actions:

📷 Patch all affected VIGI models immediately and validate firmware versions across sites.

🌐 Remove internet exposure, put cameras behind VPN or zero trust access, not open web interfaces.

🧱 Segregate cameras onto a restricted network segment with no access to corporate systems.

🔑 Rotate credentials and enforce unique strong passwords, no shared admin creds across locations.

⚙️ Immediate Leadership Checklist ⚙️

🚨 Patch high risk internet facing software first, CMS plugins, AI connectors, camera firmware, then validate the fix actually applied.

🔐 Reduce privilege and tighten access paths for automation tools, remote support utilities, and AI connected services.

🧱 Segment aggressively: dev tooling, IoT, and AI services should not share friendly network paths with crown jewels.

👀 Extend monitoring beyond email: social DMs, remote assistance events, suspicious archive execution, and odd persistence.

🧯 Run a tabletop that assumes “trusted workflow abuse,” not just malware, and practice the containment decisions.

💡 If your org is still treating paranoia like a personality flaw, remind them it is also a job requirement. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Quick question about newsletter ads

We’re running a super short survey to see if our newsletter ads are being noticed. It takes about 20 seconds and there's just a few easy questions.

Your feedback helps us make smarter, better ads.