Weekly Scan: Cloud, Cybersecurity, AI News — Jan 24, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2026-24407 | InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 icSigCalcOp denial of service (ID 481 / EUVD-2026-4607) (8 mentions)
• CVE-2026-23008 | Linux Kernel up to 6.18.6/6.19-rc5 vmwgfx null pointer dereference (EUVD-2026-4625) (5 mentions)
• CVE-2025-34164 (3 mentions)

Lots of fascinating threat model-related advances, new risk management tools, games, and more!

Read Full Article →

Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets?

Read Full Article →

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article →

Read Full Article →

Read Full Article →

How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency

Read Full Article →

A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work.

Read Full Article →

Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2.

Read Full Article →

ChatGPT Go is now available worldwide, offering expanded access to GPT-5.2 Instant, higher usage limits, and longer memory—making advanced AI more affordable globally.

Read Full Article →

How Netomi scales enterprise AI agents using GPT-4.1 and GPT-5.2—combining concurrency, governance, and multi-step reasoning for reliable production workflows.

Read Full Article →

Tolan built a voice-first AI companion with GPT-5.1, combining low-latency responses, real-time context reconstruction, and memory-driven personalities for natural conversations.

Read Full Article →

Amazon Neptune Analytics is now available in US West (N. California), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Europe (Stockholm), Europe (Paris), and South America (São Paulo) regions. You can now create and manage Neptune Analytics graphs in these new regions and ru...

Read Full Article →

Today, Amazon announces the general availability of Amazon Elastic Compute Cloud (Amazon EC2) G7e instances, accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large lang...

Read Full Article →

On January 20, 2026 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 are now available for download . Amazon Corretto is a no-cost, multi-platform, production-ready dis...

Read Full Article →

Amazon Relational Database Service (Amazon RDS) for SQL Server now supports the latest General Distribution Release (GDR) updates for Microsoft SQL Server. This release includes support for Microsoft SQL Server 2016 SP3+GDR KB5068401 (RDS version 13.00.6475.1.v1), SQL Server 2017 CU31+GDR KB50684...

Read Full Article → *(Covered by: AWS News)*

API keys for Amazon Bedrock are now available in AWS GovCloud (US) regions, expanding a feature that simplifies authentication and accelerates generative AI development. Originally launched in commercial AWS regions in July 2025, API keys for Amazon Bedrock enable developers to quickly generate a...

Read Full Article →

The critical ServiceNow Virtual Agent vulnerability highlights a vital lesson: securing agentic AI requires a return to traditional AppSec foundations. While AI can amplify risks, the root causes often stem from classic failures in authentication and authorization.

Read Full Article →

Read Full Article → *(Covered by: Hong Kong PCPD)*

Read Full Article →

Read Full Article →

The post PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware appeared first on Daily CyberSecurity .

Read Full Article →

The post Booting Up Malware: Critical Flaw in Rufus Grants Admin Access (CVE-2026-23988) appeared first on Daily CyberSecurity .

Read Full Article →

The post Code by AI: KONNI APT Targets Crypto Devs with “Polished” Backdoor appeared first on Daily CyberSecurity .

Read Full Article →

The post The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages appeared first on Daily CyberSecurity .

Read Full Article →

The post “Osiris” Rises: New Ransomware Targets Southeast Asian Food Giant with Advanced Tactics appeared first on Daily CyberSecurity .

Read Full Article →

The post CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover appeared first on Daily CyberSecurity .

Read Full Article →

The post CVE-2026-24656: Deserialization Flaw in Apache Karaf Exposes Systems to DoS appeared first on Daily CyberSecurity .

Read Full Article →

The post Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8) appeared first on Daily CyberSecurity .

Read Full Article →

GPS attacks trigger revisiting threat models

Read Full Article →

Threat Modeling Essentials, led by Adam Shostack, is a standout offering at Archimedes 2026 Healthcare Security Week, Feb 18 in Las Vegas.

Read Full Article →

Prompted by participants, a few closing thoughts for 2025

Read Full Article →

Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets?

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read up on Adam's New Thing from October

Read Full Article →

Understanding ‘prompt engineering’

Read Full Article →

LLM Insurance is, and will remain, a great source of insurer profits.

Read Full Article →

LLMs will change threat modeling. Will it be for the better?

Read Full Article →

Everyone wants robots to help with threat models. How’s that working out?

Read Full Article →

A 2025 view of threat modeling tools

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

Threat modeling finds threats; risk management helps us deal with the tricky ones.

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

The article notes advancements in threat

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What can we learn from Google’s approach to AI Agent Security

Read Full Article →

We think you should publish your threat model, and we’re publishing our arguments.

Read Full Article →

Automation sounds great, but what about the essence and beauty?

Read Full Article →

Andor teaches us about insider threats

Read Full Article →

What Andor can teach us about Information disclosure threats

Read Full Article →

What’s next for the CVE program?

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Clarifying how to threat model AI

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

BlackHat invites human factors work

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Our comments on the National Cyber Incident Plan

Read Full Article →

Do diagrams leverage the brain in a different way?

Read Full Article →

Emerging research on Cyber Public Health

Read Full Article →

A few thoughts from a clickbait headline

Read Full Article →

Some thoughts on 25 years of the CVE program

Read Full Article →

A new paper on 'Pandemic Scale Cyber Events

Read Full Article →

Cyber Public Health is prompting fascinating conversations

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

How to effectively threat model authentication.

Read Full Article →

A new universal threat model - what can we learn from it?

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for May, 2024.

Read Full Article →

Read Full Article →

What do we need to assess if memory safe langages are 'sufficient'?

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Exploring LLM-driven coding as I get ready for Archimedes

Read Full Article →

Thoughts on the British Library incident

Read Full Article →

A busy month in appsec, AI, and regulation.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

2024 is bringing lots of AI, and Liability, too

Read Full Article →

Read Full Article →

Principles are lovely, but do they lead us to actionable results?

Read Full Article →

We can learn a lot from comparing retrospectives

Read Full Article →

Adam featured on ML Sec Ops podcast

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!

Read Full Article →

Read Full Article →

Phishing behaviors, as observed in the wild.

Read Full Article →

Some inferences from layoffs in responsible AI teams

Read Full Article →

Some diagrams to help clarify machine learning threats

Read Full Article →

Reflecting on the framing of the Threats book

Read Full Article →

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read Full Article →

The serious side of the book

Read Full Article →

Like the Force, each threat has a light side, and a dark side.

Read Full Article →

More thoughts about AI and threat modeling

Read Full Article →

Pointer to Adam’s latest Darkreading article

Read Full Article →

The OpenAI chatbot is shockingly improved — its capabilities deserve attention.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.

Read Full Article →

Threat modeling doesn't need to be a slow, heavyweight activity!

Read Full Article →

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.

Read Full Article →

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment

Read Full Article →

I have something to disclose...

Read Full Article →

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Read Full Article →

I want to call out some impressive aspects of a report by Proofpoint.

Read Full Article →

Understanding the way intrusions really happen is a long-standing interest of mine.

Read Full Article →

Exploring supply chain threat modeling with Alexa

Read Full Article →

For my first blog post of 2020, I want to look at threat modeling machine learning systems.

Read Full Article →

Let's talk CAKED, a threat model for managed attribution.

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

A breakdown of CTFs and eSports

Read Full Article →

What have we learned and what steps can we take?

Read Full Article →

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Read Full Article →

My newest post over at Dark Reading ponders regulation.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

An unexpected book review.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]

Read Full Article →

Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybercrime group claimed it accessed and stole data from the company’s systems. The footwear and apparel gi...

Read Full Article → *(Covered by: Security Affairs)*

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evi...

Read Full Article → *(Covered by: Security Affairs)*

The post CVE-2025-27821: Apache Patches Out-of-Bounds Write Flaw in Hadoop HDFS Client appeared first on Daily CyberSecurity .

Read Full Article →

The post CISA Alert: Critical VMware vCenter RCE (CVSS 9.8) Now Exploited in the Wild appeared first on Daily CyberSecurity .

Read Full Article →

The post How New Phishing Kits Are Turning Vishing into Real-Time Orchestration appeared first on Daily CyberSecurity .

Read Full Article →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Osiris ransomware emerges, leveraging BYOVD te...

Read Full Article → *(Covered by: Security Affairs)*

How Can Non-Human Identities Enhance AI Security? What are the key challenges faced by organizations in managing cybersecurity for machine identities? With digital systems continue to evolve, cybersecurity professionals are increasingly focusing on the protection and management of Non-Human Ident...

Read Full Article →

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food ...

Read Full Article → *(Covered by: Security Affairs)*

AI-driven cybercrime is escalating rapidly, combining phishing, deepfakes, and Dark LLMs, forcing businesses to strengthen defences and monitoring systems.

Read Full Article →

Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-graine...

Read Full Article →

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs r...

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024...

Read Full Article → *(Covered by: Security Affairs)*

The WorldLeaks cybercrime group claims to have stolen information from the footwear and apparel giant’s systems. The post Nike Probing Potential Security Incident as Hackers Threaten to Leak Data appeared first on SecurityWeek .

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabil...

Read Full Article →

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from 1.9.3 to 2.7. The vu...

Read Full Article → *(Covered by: Security Affairs)*

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. [...]

Read Full Article →

Fortinet has confirmed that a new attack campaign observed recently against customer devices is exploiting an unpatched issue to bypass authentication. The new attacks are different from a previous campaign seen in December that targeted two vulnerabilities related to FortiCloud single sign-on (S...

Read Full Article →

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Read Full Article →

Cybercriminals have built structured criminal groups with an organizational model similar to that of a legitimate business. “Cybercrime has become industrialized, a return on investment (ROI)-oriented economy, focused on speed and monetization,” according to Martin Zugec, Bitdefender’s director o...

Read Full Article →

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully patched devices. Threat actors automate firewall changes, add users, enable VPNs, and steal configs,...

Read Full Article → *(Covered by: Security Affairs)*

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP rem...

Read Full Article →

srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/480442374_625365396806507_3730545703312550477_n.jpg?quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2026/01/480442374_625365396806507_3730545703312550477_n.jpg?resize=300%2C168&quality=50&strip=all 300w, https...

Read Full Article →

Other noteworthy stories that might have slipped under the radar: Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program The post In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice appeared first on SecurityWe...

Read Full Article →

Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek .

Read Full Article →

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made phishing kits are curr...

Read Full Article →

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

Read Full Article →

Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords

Read Full Article →

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

Read Full Article →

Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information. The post Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses appeared first on SecurityWeek .

Read Full Article →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu...

Read Full Article → *(Covered by: Security Affairs)*

To help reduce phishing risk, 1Password added an extra layer of protection and began rolling out a phishing prevention feature designed to stop users before they share passwords with scammers. How 1Password phishing prevention works When a user clicks a link whose URL doesn’t match a saved login,...

Read Full Article →

srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shutterstock_2692866681.png?quality=50&strip=all 2500w, https://b2b-contenthub.com/wp-content/uploads/2026/01/shutterstock_2692866681.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2026/01...

Read Full Article →

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing se...

Read Full Article →

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December. [...]

Read Full Article →

The exploitation of the authentication bypass vulnerability started two days after patches were released. The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek .

Read Full Article →

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

Read Full Article →

Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. Under Armour is an American company that designs, manufactures, and sells sportswear, athletic shoes, and fitness-related accessories. TechCrunch reported that Under Armour is investigati...

Read Full Article → *(Covered by: Security Affairs)*

iboss announced SSPM, an AI-powered SaaS Security Posture Management capability integrated into the iboss Zero Trust SASE platform. SSPM connects directly to SaaS applications via API to continuously analyze configurations, permissions, and data exposure, giving organizations an actionable view o...

Read Full Article →

Twelve US companies hit by the INC ransomware group were able to recover encrypted data after a cybersecurity firm discovered the cloud storage infrastructure where the gang stockpiled what it stole. Researchers at Florida-based Cyber Centaurs said Thursday they took advantage of a lapse in opera...

Read Full Article →

MIAMI, Jan. 22, 2026, CyberNewswire — Halo Security , a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.… (more…) The post N...

Read Full Article →

Computers with Telnet open are in immediate danger of being compromised due to a critical vulnerability that allows attackers to bypass authentication. The Telnet remote access protocol has long been superseded by the more secure and encrypted SSH, but many IoT and embedded devices have continued...

Read Full Article →

Ianis Antropenko, a Russian national living in California, admitted to committing ransomware attacks against at least 50 victims. He faces up to 25 years in jail. The post Leader of ransomware crew pleads guilty to four-year crime spree appeared first on CyberScoop .

Read Full Article →

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vu...

Read Full Article →

The incidents occurred amid Gaza protests and suggest human rights violations, Citizen Lab said. The post Researchers find Jordan government used Cellebrite phone-cracking tech against activists appeared first on CyberScoop .

Read Full Article →

Bitwarden is upgrading protection across Individual and Family plans, but the price is going up too.

Read Full Article →

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to an...

Read Full Article →

Cybersecurity professionals in Latin America are least likely to have faith in their countries' preparedness for cyberattacks on critical infrastructure, the World Economic Forum says.

Read Full Article →

Critical vulnerability in Appsmith allows account takeover via flawed password reset process

Read Full Article →

TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach.

Read Full Article →

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.

Read Full Article →

1Password has announced a new phishing protection tool that will help users avoid typo-squatting URLs.

Read Full Article →

North Korea-linked threat group KONNI targets countries across APAC, specifically in blockchain sectors, with AI-generated malware

Read Full Article →

Most companies' security doesn't offer good visibility across hybrid and multi-cloud environments.

Read Full Article →

Der Regensburger IT-Dienstleister Conceptnet wurde Opfer einer Ransomware-Attacke. fadfebrian – shutterstock.com Der Regensburger IT-Dienstleister Conceptnet informiert derzeit auf seiner Internetseite über eine technische Störung, die durch einen Ransomware-Angriff verursacht wurde. Berichten zu...

Read Full Article →

Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what large language models ( LLMs ) d...

Read Full Article →

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the ex...

Read Full Article →

Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users

Read Full Article →

PcComponentes says it did not lose data in a breach, but through a credential stuffing attack.

Read Full Article →

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

Read Full Article →

DLA Piper finds 22% increase in breached firms notifying European GDPR regulators

Read Full Article →

Lesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen. IB Photography – shutterstock.com Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentli...

Read Full Article →

CISO’s are increasingly turning to AI-enabled security technologies to augment their organizations’ cyber defense and extend the capabilities of their teams. According to Foundry’s latest Security Priorities Study , 73% of security decision-makers are now more likely to consider a security soluti...

Read Full Article →

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS ...

Read Full Article →

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything; * A g...

Read Full Article →

### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python zipfile based t...

Read Full Article →

A critical two-factor authentication bypass vulnerability in the Community and Enterprise editions of the GitLab application development platform has to be patched immediately, say experts. The hole is one of five vulnerabilities patched Wednesday as part of new versions of GitLab. Three are rank...

Read Full Article →

Internal testing, product demonstrations, and security training are critical practices in cybersecurity, giving defenders and everyday users the tools and wherewithal to prevent and respond to enterprise threats. However, according to new research from Pentera Labs, when left in default or miscon...

Read Full Article →

The new system emerges after repeated funding crises exposed the fragility of the 25-year-old CVE program that cybersecurity defenders worldwide depend on. The post GCVE launches as a decentralized system for tracking software vulnerabilities appeared first on CyberScoop .

Read Full Article →

A little bit of Python, a little bit of DLL sideloading, and a little bit of fake jobs.

Read Full Article →

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.

Read Full Article →

In July 2025, Ingram Micros suffered devastating consequences from a ransomware in which the IT distributor’s logistics were paralyzed for a week. It has now emerged that sensitive data was also leaked. As Ingram Micro confirmed in a mandatory filing with US authorities , more than 42,000 people ...

Read Full Article →

Oracle has handed security teams their first big patching workload of the year, with its latest quarterly update containing a hefty 337 security fixes across its product range, including 27 rated critical. This imposing number of patches won’t surprise anyone whose job it is to look after Oracle ...

Read Full Article →

Oleg Evgenievich Nefedov, a 35-year-old Russian national, is accused of forming and running the ransomware outfit since 2022. He’s now on Europol and Interpol’s most-wanted lists. The post Black Basta’s alleged ringleader identified as authorities raid homes of other members appeared first on Cyb...

Read Full Article →

Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors

Read Full Article →

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting p...

Read Full Article →

Loan phishing operation in Peru is stealing card info by impersonating financial institutions

Read Full Article →

LastPass targeted with phishing campaign pressuring victims into sharing their master passwords.

Read Full Article →

Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement. The post The thin line between saving a company and funding a crime appeared first on CyberScoop .

Read Full Article →

AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk … (more…) The post SHARED INTEL ...

Read Full Article →

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenan...

Read Full Article →

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: 6.5), affects all versions of the module prior to version 2.3.0, wh...

Read Full Article →

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital , a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital , an independent study commissioned by Airlock Digital and conducted … (more…) The post News alert...

Read Full Article →

ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security , today announces a major upgrade to One Identity Manager, a top-rated IGA solution , strengthening identity governance as a critical security control for … (more…) The post News alert: One Ide...

Read Full Article →

Another prompt injection variant was discovered and remedied.

Read Full Article →

The voluntary framework would provide legal clarity to third-party AI researchers, including those who study safety and other “unexpected” AI behaviors. The post HackerOne rolls out industry framework to support ‘good faith’ AI research appeared first on CyberScoop .

Read Full Article →

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

Read Full Article →

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of comp...

Read Full Article →

NightSpire claims to have stolen almost 50GB of Hyatt files, including login credentials for CMS systems.

Read Full Article →

The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.

Read Full Article →

Researcher finds critical-level flaw could be abused to expand the RondoDox botnet.

Read Full Article →

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through pr...

Read Full Article →

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined...

Read Full Article →

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good ... The post Why inaccessible cybersecurity is a security risk: our path to accessibility appeared first on Blog Detectify .

Read Full Article →

SafePay is claiming responsibility for July 2025 attack which forced Ingram Micro to shut down parts of its IT network.

Read Full Article →

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. "The malware is designed to exfiltrate sensitive informat...

Read Full Article →

One of the key suppliers for Apple, Tesla, and Nvidia has seemingly suffered a ransomware attack.

Read Full Article →

VoidLink's framework marks the first evidence of fully AI-designed and built advanced malware, beginning a new era of AI-generated malware

Read Full Article →

Read Full Article → *(Covered by: 0day Fans)*

An email from Claude landed in my inbox Friday morning with a subject line that stopped me cold: “Using Claude for your everyday life.” Related: AI’s fortune teller effect Not “Unlock the power of AI” or “Transform your productivity.” Just… … (more…) The post MY TAKE: From ‘holy mackeral’ to ‘dai...

Read Full Article →

CIRO details what happened in 2025 data breach, including what kind of info was taken.

Read Full Article →

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad Eliya...

Read Full Article →

Microsoft is still the most impersonated brand when it comes to phishing attacks – Google, Amazon, Apple and Meta are also in the top five.

Read Full Article →

Misaligned agents are just one layer of the AI security challenge that startup Witness AI is trying to solve. It detects employee use of unapproved tools, blocks attacks, and ensures compliance.

Read Full Article →

Windows has supported computer telephony integration for decades, providing applications with the ability to manage phone devices, lines, and calls. While modern deployments increasingly rely on cloud-based telephony solutions, classic telephony services remain available out of the box in Windows...

Read Full Article →

Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

Read Full Article →

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Read Full Article →

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгенье...

Read Full Article →

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

Read Full Article →

Developers are frequently granting Claude Code permission to download, execute, and delete code, creating fertile ground for prompt injection attacks.

Read Full Article →

The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.

Read Full Article →

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert...

Read Full Article →

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. ...

Read Full Article →

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium c...

Read Full Article →

I’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally . It’s special here, like a second home that just feels…

Read Full Article → *(Covered by: Troy Hunt Blog)*

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced pe...

Read Full Article →

Consuming from Microsoft-Windows-Threat-Intelligence without Antimalware-PPL or kernel patching/driver loading.

Read Full Article →

NEW YORK, Jan. 15, 2026, CyberNewswire — BreachLock , a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced … (...

Read Full Article →

MCLEAN, Va., Jan.15, 2026, CyberNewswire — A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and … (more…) The post News alert: A...

Read Full Article →

China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet.

Read Full Article →

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud securi...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all ver...

Read Full Article →

This isn’t good: We discovered a critical vulnerability ( CVE-2026-21858, CVSS 10.0 ) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to versi...

Read Full Article →

Read Full Article →

AUSTIN, Texas, Jan. 14, 2026, CyberNewsWire — SpyCloud , the leader in identity threat protection, today announced the launch of its Supply Chain Threat Protection solution, an advanced layer of defense that expands identity threat protection across the extended workforce, … (more…) The post News...

Read Full Article →

AI agents are supposed to make work easier. But they’re also creating a whole new category of security nightmares. As companies deploy AI-powered chatbots, agents, and copilots across their operations, they’re facing a new risk: How do you let employees and AI agents use powerful AI tools without...

Read Full Article →

RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation.

Read Full Article →

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Read Full Article →

The company used an AI-native platform to help companies fight threats.

Read Full Article →

Key findings Introduction In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself Sicarii began advertising its services across multiple underground platforms. The group’s name references the Sicarii, a 1st-century Jewish assassins group that opposed Roman r...

Read Full Article →

Chinese cyberattacks on Taiwan's critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day.

Read Full Article →

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Read Full Article →

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

Read Full Article →

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

The new framework maintains long-term access to Linux systems while operating reliably in cloud and container environments

Read Full Article →

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

Read Full Article →

A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.

Read Full Article →

Hackers gained access to some Betterment customers’ personal information through a social engineering attack, then targeted some of them with a crypto-related phishing message.

Read Full Article →

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.

Read Full Article →

The notorious state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.

Read Full Article →

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and ...

Read Full Article →

Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a vulnerability in SmarterTools’ SmarterMail solution, accompanied by an advi...

Read Full Article →

In 2025, Trump brought tech executives into power to dismantle regulators and write their own rules. But the instabilities they’re creating may be their downfall.

Read Full Article →

Key takeaways Introduction GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the bot...

Read Full Article →

 I've been thinking and writing about AI for [exactly a decade now](/blog/the-real-internet-of-things), and last week someone claimed I said two things in 2023 that I don't think I said. (1. That we'd have AGI in 6 months, ...

Read Full Article →

Disclaimer: This article is intended for educational purposes and security specialists conducting authorized testing. The author assumes no responsibility for any misuse of the information provided. Distribution of malicious software, system disruption, and privacy violations are punishable by la...

Read Full Article →

### Summary A buffer overflow and stack information leak affecting the ARM Ampere Management Mode (MM) Boot Error Record Table (BERT) driver. This code is bundled into the ARM Unified Extensible F...

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article → *(Covered by: UpGuard Blog)*

Expand your organization's vendor risk management toolbox by utilizing this free GDPR vendor questionnaire template.

Read Full Article →

Learn which features to look for when choosing a tool for tracking PCI DSS compliance. The right tool will help you avoid costly violations.

Read Full Article →

Learn which features to look for in an ideal cyber risk remediation product for healthcare services. The right choice will reduce data breach impact.

Read Full Article →

A free cybersecurity guide for any business in the healthcare industry. Includes data breach and ransomware attack defense strategies for 2026.

Read Full Article →

Learn how to comply with versions 4.0 and 4.0.1 of PCI DSS.

Read Full Article →

Learn how to implement an effective security strategy for minimizing the impact of ransomware attacks.

Read Full Article →

Monitoring these key metrics will help you track your PCI DSS compliance efforts.

Read Full Article →

This article covers how to prepare for a PCI DSS onsite audit and maintain compliance with PCI requirements.

Read Full Article →

Learn the most commonly used phishing attacks and how to identify them.

Read Full Article →

116 data breach statistics that cover risk, cost, prevention, industry trends, and more. Assess and analyze these stats and learn to prevent data breaches.

Read Full Article →

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about ...

Read Full Article →

The Tapo C260 is the latest TP-Link camera featuring a whole host of upgrades. As part of the SPIRITCYBER contest where I found several RCEs and other interesting vulnerabilities, I decided to focus on this device and dive deeper into hardware hacking.

Read Full Article →

Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.

Read Full Article →

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme ru...

Read Full Article →

Every day, thousands of web services generate PDF (Portable Document Format) files—bills, contracts, reports. This step is often treated as a technical routine, “just convert the HTML,” but in practice it’s exactly where a trust boundary is crossed. The renderer parses HTML, downloads external re...

Read Full Article →

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. The post From runtime risk to real‑time defense: Securing AI agents appeared first on Microsoft Security Blog .

Read Full Article →

A new study shows that verse-based prompts can slash the effectiveness of AI safety constraints. We’re breaking down an experiment involving 25 language models and its key takeaways.

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Discover how Ford, Icertis, and TriNet modernized security with Microsoft—embedding Zero Trust, automating defenses, and enabling secure AI innovation at scale. The post Microsoft Security success stories: Why integrated security is the foundation of AI transformation appeared first on Microsoft ...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42 .

Read Full Article →

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint appeared first on Microsoft Security Blog .

Read Full Article →

AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. The post A new era of agents, a new era of posture appeared first on Microsoft Security Blog .

Read Full Article →

With the WhisperPair attack, a stranger can pair their device with your headphones to keep tabs on your location.

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42 .

Read Full Article →

Discover four key identity and access priorities for the new year to strengthen your organization's identity security baseline. The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog .

Read Full Article →

How can organizations find and fix systems vulnerable to Y2K38 — the Unix epoch time overflow problem, also known as Epochalypse?

Read Full Article →

Here’s how cybercriminals cash in on companies’ online doppelgängers, and what can be done about it.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Ordinary photos from your social media can be turned into tools for AI-driven sextortion and deepfakes. How can you protect your privacy and security?

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

Microsoft is honored to be named a Leader in the 2025–2026 IDC MarketScape for Unified AI Governance Platforms, highlighting our commitment to making AI innovation safe, responsible, and enterprise-ready. The post Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms app...

Read Full Article →

Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disrupti...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

An independent study of companies’ transparency and data usage practices in cybersecurity products.

Read Full Article →

The critical ServiceNow Virtual Agent vulnerability highlights a vital lesson: securing agentic AI requires a return to traditional AppSec foundations. While AI can amplify risks, the root causes often stem from classic failures in authentication and authorization.

Read Full Article →

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42 .

Read Full Article →

How to protect your Android device from NFC relay attacks exploiting NFCGate.

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

Learn how Microsoft unites privacy and security through advanced tools and global compliance to protect data and build trust. The post How Microsoft builds privacy and security to work hand-in-hand appeared first on Microsoft Security Blog .

Read Full Article →

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42 .

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

From a quintuple-encryption ransomware attack to zany dark web schemes and AI fails, Sophos X-Ops looks back at some of our favorite weirdest incidents from the last few years – and the serious lessons behind them Categories: Threat Research Tags: Ransomware, Hive, Lockbit, BlackCat, LLM, AI, Mon...

Read Full Article →

Malware disguising its activity in network and system logs as legitimate state information system traffic and a Network Diagnostic Service.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

Categories: Products & Services Tags: Ransomware, Enterprise, Solutions, The State of Ransomware

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

The new proactive services from Microsoft Incident Response turn security uncertainty into readiness with expert‑led preparation and advanced intelligence. The post Explore the latest Microsoft Incident Response proactive services for enhanced resilience appeared first on Microsoft Security Blog .

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. The post Phishing actors exploit complex routing and misconfigurations to spoof domains appeared first on Microsoft Security B...

Read Full Article →

In this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahe...

Read Full Article →

Read Full Article →

A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed. Key takeaways: MongoBleed is a memory leak vulnerability affecting multiple versions of MongoDB. Exploitation of MongoDB has be...

Read Full Article →

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Read Full Article →

The man behind Master Chief feels a way about generative AI when it comes to his voice being used for any 'Halo' fan project or video.

Read Full Article →

In 1996, a New York-based Internet service provider became the first target of a major distributed denial-of-service (DDoS) attack. They were shut down for 36 hours. Since then, DDoS has remained a favored tactic of cybercriminals. But with the advent of AI, DDoS attacks have become both more com...

Read Full Article →

Reliable, high-speed internet connectivity is no longer optional—it’s an essential business tool. Increasingly more business applications and processes live in the cloud, requiring a powerful connection that considers factors such as reliability, scalability, security, and performance. Organizati...

Read Full Article →

For some time now, concerned business users have been discussing the possibilities of AI being a tool to increase the efficiency of cybercriminals . However, it can also be a welcome helper to bolster cyberdefense. Industry experts like Chuck Brooks also chose to focus on AI as a double-edged swo...

Read Full Article →

Over the course of the past year, security researchers at Specops Software examined six billion leaked passwords and subsequently published a comprehensive report on their findings. This report not only provides insight into the most commonly used passwords, but also into the current threat posed...

Read Full Article →

'A lot more' victims to come, we're told ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.…

Read Full Article →

Password manager 1Password has launched a new feature in its browser extension that provides extra protection against phishing, reports Engadget . The new feature warns users when they manually paste login details on a website that isn’t linked to a saved login in 1Password. A pop-up message will...

Read Full Article →

Last week, Verizon had a massive outage. Millions of wireless customers couldn’t get a signal, instead stuck on emergency service. If you were affected, you definitely knew it—your phone was stuck on “SOS” mode, only capable of calling 911. Service was eventually restored by the evening, with Ver...

Read Full Article →

European lawmakers on Thursday adopted a comprehensive report on technological sovereignty and digital infrastructure that directs the European Commission to reduce the bloc’s heavy reliance on foreign technology providers across semiconductors, cloud infrastructure, software, and AI systems. The...

Read Full Article →

The AI industry is moving incredibly fast. It’s almost as though you can close your eyes for ten minutes and wake to find that yet another business-friendly AI tool or service has appeared. While refreshing, this glut of investment and innovation represents an industry in flux, meaning the most s...

Read Full Article →

In an era defined by rapid innovation, shifting markets and disruptive emerging technologies, long-term planning alone cannot deliver the agility enterprises need. Strategy is now judged less by the quality of vision decks and more by how quickly enterprises can test, learn and scale what works a...

Read Full Article →

When people hear my title — chief digital and information officer — most of them immediately think of technology — cloud, Data, AI, Cybersecurity. They imagine servers, dashboards, code. And, to be fair, all of that is part of my world. But if I describe my job only in terms of technology, I am t...

Read Full Article →

서비스나우는 20일 오픈AI와 다년 계약을 체결했으며, 이번 계약이 “엔터프라이즈 AI 성과를 가속화하기 위한 것”이라고 밝혔다 . 서비스나우는 오픈AI 모델을 활용해 언어 장벽을 허물고 보다 자연스러운 상호작용을 제공하는 직접 음성-음성 기술을 구축할 계획이라고 설명했다. GPT-5.2를 포함한 최신 오픈AI 모델을 통해 전 세계 주요 기업을 위한 새로운 수준의 AI 기반 자동화를 구현할 수 있을 것이라고도 전했다. 이번 결정의 배경에 대해 서비스나우 제품 관리 담당 수석부사장인 존 아이시언 은 오픈AI와의 더 깊은 통합이 ...

Read Full Article →

AI chatbots have been with us three years and one month (at least the kind that use large language models (LLMs) to communicate with natural-sounding words). Already norms are emerging in some professions for users to disclose how they use AI. For example: Organizations such as the International ...

Read Full Article →

A group of researchers from Berkeley, Harvard, Oxford, Cambridge, and Yale warn that the rise of AI bots and AI agents could pose a serious threat to democracy. For example, power-hungry politicians around the world can relatively easily create swarms of AI bots that flood social media and messag...

Read Full Article →

앤트로픽이 자사 AI 모델의 추론과 행동을 규율하는 윤리적 기준 문서인 ‘클로드 헌법(Claude constitution)’을 전면 개편했다. 세계경제포럼(WEF) 다보스 포럼에서 공개된 새 문서 는 클로드가 사람의 감독 권한을 침해하지 않는 ‘포괄적 안전성’, 부적절하거나 유해한 행동을 피하면서 정보를 왜곡하지 않는 ‘포괄적 윤리성’, 사용자에게 실질적인 이익을 제공하는 ‘유용성’, 그리고 ‘앤트로픽 가이드라인 준수’를 핵심 원칙으로 내세운다. 앤트로픽에 따르면 이는 이미 클로드 모델 학습 과정에 적용되고 있으며, 모델 추론...

Read Full Article →

Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Ski...

Read Full Article →

Workers are getting fed up with AI-based hiring practices. A new class action lawsuit filed in California alleges that human candidates are being unfairly profiled by “hidden” AI hiring technologies that “lurk in the background” to collect “sensitive and often inaccurate” information about “unsus...

Read Full Article →

Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.…

Read Full Article →

Crypto theft was "the worst thing I had ever done."

Read Full Article →

Logging in, not breaking in Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from compromised accounts to contacts inside and ou...

Read Full Article →

More details about the expected cadence of Apple’s plans to turn Siri into an AI-driven chatbot are emerging, and Mark Gurman tells us Apple has a two-tier approach in mind. The current thinking is that Apple’s Gemini-powered chatbot will arrive in June with iOS 26.4, which will be a significant ...

Read Full Article →

Dentists least likely to get an LLM kick in the teeth Most US workers in jobs exposed to AI are also relatively well placed to adapt if disruption leads to displacement, according to research summarized by the Brookings Institution. However, there are some careers with high percentages of female ...

Read Full Article →

Torrenting, or P2P (peer-to-peer) file sharing, is a convenient way to download large files quickly. But it isn’t without its risks. Not only is there the risk of accidentally downloading a malicious file or malware, but there’s a privacy risk as well—your ISP can see all your online activity and...

Read Full Article →

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the ex...

Read Full Article →

Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe's regulators were deluged with more than 400 data breach notifications a day, according to a new survey that sug...

Read Full Article →

Work-from-office mandates are accelerating as the world moves further away from the COVID-19 pandemic, but the push toward in-person work environments will make it more difficult for IT leaders to retain and recruit staff, some experts say. Over the past year, many companies, including IT giants ...

Read Full Article →

Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is "trivial" to exploit, experts say.…

Read Full Article →

Whether you want extra security while using public Wi-Fi, or to unlock content on your favorite streaming services, the right free VPN for your Android device can help you do it without having to pay a dime. The problem when looking for a good free VPN, though, is that there are a ton available o...

Read Full Article →

Recently, a new way of stealing Facebook login info came to light—hackers using fake windows within your browser to imitate legitimate pop-up windows for sign-in. Called browser-in-browser (BitB) attacks, this form of phishing puts a novel spin on a long-standing hack. First documented by securit...

Read Full Article →

I block ads (despite the hypocrisy) and you probably do too if you’re tech-literate enough to read PCWorld on the regular. So maybe you’re familiar with the minor drama between Google Chrome and the incredibly popular uBlock Origin , which is also a solo developer’s passion project. That notoriet...

Read Full Article →

Security researchers are now warning of a targeted malware campaign that involves malicious software hiding in certain browser extensions. The wave of attacks—dubbed “GhostPoster”—targets Chrome, Firefox, and Edge users. There have been over 840,000 attacks since December. How the GhostPoster att...

Read Full Article →

At a glance Expert's Rating Pros Polished, clean interface Multitude of entry types (logins, notes, etc), with the ability to pack in info fields Autofill works smoothly Large type for password viewing! Unique “travel mode” Cons Complex login system compared to rivals Family plan subaccounts can ...

Read Full Article →

Beware of text messages with promises to win or a call to action! Because it is precisely messages like these that repeatedly lead to unexpected costs on your mobile phone bill. If you reply carelessly or contact a specified number, you can quickly fall into an expensive trap. We explain below wh...

Read Full Article →

TL;DR: For a one-time $39.99 (MSRP $169.99), the AdGuard Family Plan lets you block ads, protect privacy, and secure up to nine devices for life. Online ads have gotten louder, sneakier, and harder to avoid—and that’s before you even factor in trackers, malicious sites, and kid-unfriendly content...

Read Full Article →

VPNs aren’t just useful for keeping your online activities safe and private, they’re also a great way to bypass restrictions on streaming content in other countries. The top VPN providers work hard to stay one step ahead of streaming services in a never-ending cat-and-mouse game, ensuring that yo...

Read Full Article →

With the most recent update to Firefox 147, you can enjoy a number of new features and improvements. Safe Browsing v5 improves privacy protection, picture-in-picture mode for videos has learned a new trick, and the developers have once again fixed several security flaws. Mozilla doesn’t plan to r...

Read Full Article →

If you’re still using Facebook, then I assume you’re old enough to remember watching John Wayne movies in the theater. Nevertheless, it remains a pretty juicy target for hackers and digital thieves. They’re using a technique that you should be aware of, even if your only interaction with the slop...

Read Full Article →

Currently trending CVE - Hype Score: 26 - vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to...

Read Full Article →

Currently trending CVE - Hype Score: 17 - A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 14 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0....

Read Full Article →

Currently trending CVE - Hype Score: 12 - A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 10 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web ...

Read Full Article →

Currently trending CVE - Hype Score: 1 - Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

Read Full Article →

A vulnerability categorized as critical has been discovered in pymumu SmartDNS up to 47.1 . This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser . The manipulation results in stack-based buffer overflow. This ...

Read Full Article →

A vulnerability was found in PHPGurukul News Portal 1.0 . It has been rated as critical . This affects an unknown part of the component Profile Pic Handler . The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2026-1424 . It is possible to initiate the attack remote...

Read Full Article →

A vulnerability was found in code-projects Online Examination System 1.0 . It has been declared as critical . Affected by this issue is some unknown functionality of the file /admin_pic.php . Executing a manipulation can lead to unrestricted upload. This vulnerability appears as CVE-2026-1423 . T...

Read Full Article →

A vulnerability was found in code-projects Online Examination System 1.0 . It has been classified as critical . Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page . Performing a manipulation of the argument User results in sql injection. ...

Read Full Article →

A vulnerability was found in code-projects Online Examination System 1.0 and classified as problematic . Affected is an unknown function of the component Add Pages . Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-1421 . The attack can be executed rem...

Read Full Article →

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical . This impacts an unknown function of the file /goform/WifiExtraSet . This manipulation of the argument wpapsk_crypto causes buffer overflow. This vulnerability is registered as CVE-2026-1420 . Remote exploitation...

Read Full Article →

A vulnerability, which was classified as critical , was found in Linux Kernel up to 6.18.6/6.19-rc5 . This affects an unknown function of the component vmwgfx . The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23008 . The attack must originate from...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , has been found in Linux Kernel up to 6.18.6/6.19-rc5 . The impacted element is an unknown function of the component block . The manipulation leads to uninitialized pointer. This vulnerability is listed as CVE-2026-23007 . The attack must be carr...

Read Full Article →

A vulnerability classified as critical was found in Linux Kernel up to 6.18.6/6.19-rc5 . The affected element is the function damon_call of the component DAMON Sysfs Interface . Executing a manipulation can lead to use after free. This vulnerability is tracked as CVE-2026-23012 . The attack is on...

Read Full Article →

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . Impacted is the function octep_vf_request_irqs . Performing a manipulation results in use after free. This vulnerability is identified as CVE-2026-23013 . The attack can only be performed from th...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . Affected by this vulnerability is the function j1939_xtp_rx_rts_session_active . Executing a manipulation can lead to improper update of reference count. This vulnerability is handled as CV...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . It has been rated as critical . Affected is the function tegra_adma_terminate_all of the component Tegra ADMA Driver . Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-71162 . Acc...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . It has been declared as critical . This impacts an unknown function of the component dmaengine . Such manipulation leads to memory leak. This vulnerability is traded as CVE-2025-71163 . Access to the local network is requir...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.6/6.19-rc5 . It has been classified as critical . This affects the function xhci_sideband_remove_endpoint . This manipulation causes improper initialization. This vulnerability appears as CVE-2026-23009 . The attacker needs to be present on the...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.6/6.19-rc5 and classified as critical . The impacted element is the function rt6_uncached_list_del in the library lib/dump_stack.c of the component IPv4 . The manipulation results in use after free. This vulnerability is reported as CVE-2026-23...

Read Full Article →

A vulnerability has been found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 and classified as critical . The affected element is the function qfq_change_class . The manipulation leads to allocation of resources. This vulnerability is documented as CVE-2026-22999 . The attack requires being on th...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , was found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . Impacted is the function fpu_update_guest_xfd . Executing a manipulation can lead to state issue. This vulnerability is registered as CVE-2026-23005 . The attack requires access to the lo...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . This issue affects the function nvmet_tcp_handle_h2c_data_pdu . Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-22998 . The...

Read Full Article →

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 . Affected by this issue is the function skb_vlan_inet_prepare in the library include/net/inet_ecn.h of the component ip6_tunnel . The manipulation results in information disclosure. This vulne...

Read Full Article →

A vulnerability labeled as critical has been found in D-Link DCS700l 1.03.09 . Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler . Executing a manipulation of the argument LightSensorControl can lead to command injection. The identification of this vul...

Read Full Article →

A vulnerability identified as problematic has been detected in Microvirt MEMU PLAY 3.7.0 . This impacts an unknown function of the component MEmusvc Windows Service . Performing a manipulation results in unquoted search path. This vulnerability was named CVE-2020-36937 . The attack needs to be ap...

Read Full Article →

A vulnerability categorized as problematic has been discovered in KMSpico Service KMSELDI 17.1.0.0 . This affects an unknown function of the file C:\Program Files\KMSpico\Service_KMS.exe . Such manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2020-36935...

Read Full Article →

A vulnerability was found in HTC IPTInstaller 4.0.9 . It has been rated as problematic . The impacted element is an unknown function of the component PassThru Service . This manipulation causes unquoted search path. This vulnerability is handled as CVE-2020-36933 . It is possible to launch the at...

Read Full Article →

A vulnerability was found in Deepinstinct Deep Instinct Windows Agent 1.2.24.0 . It has been declared as problematic . The affected element is an unknown function of the file C:\Program Files\HP Sure Sense\DeepNetworkService.exe . The manipulation results in unquoted search path. This vulnerabili...

Read Full Article →

A vulnerability was found in Magic Utilities Magic Mouse 2 Utilities 2.20 . It has been classified as problematic . Impacted is an unknown function of the component Windows Service . The manipulation leads to unquoted search path. This vulnerability is traded as CVE-2020-36936 . An attack has to ...

Read Full Article →

A vulnerability was found in SeaCMS up to 11.1 and classified as problematic . This issue affects some unknown processing of the component Admin Settings Page . Executing a manipulation of the argument checkuser can lead to cross site scripting. This vulnerability appears as CVE-2020-36932 . The ...

Read Full Article →

A vulnerability has been found in Click2Magic up to 1.1.5 and classified as problematic . This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2020-36931 . The attack is possible to be carried out remotely. Moreo...

Read Full Article →

A vulnerability, which was classified as critical , was found in GPAC up to 2.4.0 . This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import . Such manipulation leads to out-of-bounds write. This vulnerability is documente...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in GPAC up to 2.4.0 . Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c . This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2026-1417 . The ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as problematic has been found in GPAC up to 2.4.0 . Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c . The manipulation of the argument Name leads to null pointer dereference. This vulnerability is listed as CVE-2026-14...

Read Full Article →

A vulnerability described as critical has been identified in Sangfor Operation and Maintenance Security Management System up to 3.0.12 . This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler . Executing a manipulation of the arg...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability identified as critical has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55 . The affected element is an unknown function of the component UART Interface . This manipulation causes improper access controls. The identification of this vulnerability is CVE-2026-1411 . It is...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Beetel 777VR1 up to 01.00.09/01.00.09_55 . It has been classified as problematic . This affects an unknown part of the component UART Interface . Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-1407 . The attack may...

Read Full Article →

A vulnerability was found in cubewp1211 CubeWP Framework Plugin up to 1.1.27 on WordPress and classified as problematic . Affected by this issue is some unknown functionality of the file class-cubewp-search-ajax-hooks.php . Such manipulation leads to information disclosure. This vulnerability is ...

Read Full Article →

A vulnerability has been found in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600 and classified as problematic . Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler . This manipulation of the argum...

Read Full Article →

Lawrence Abrams reports: The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these at...

Read Full Article →

Caroline Alvarez reports: Waltio, a French crypto tax platform, is under siege from ShinyHunters, a notorious ransomware group claiming to hold the personal data of nearly 50,000 users. ShinyHunters, known for high-profile crypto and corporate hacks, is threatening to leak users’ 2024 tax reports...

Read Full Article →

A vulnerability, which was classified as problematic , was found in WP Directory Kit Plugin up to 1.4.9 on WordPress. Affected is the function wdk_public_action of the component AJAX Handler . The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-13920 . T...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in PDFCrowd Save as PDF Plugin up to 4.5.5 on WordPress. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-0862 . The attack can be initiated remotely...

Read Full Article →

A vulnerability classified as problematic was found in WP Go Maps Plugin up to 10.0.04 on WordPress. This affects the function processBackgroundAction of the component Map Engine Setting Handler . Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-...

Read Full Article →

A vulnerability classified as critical has been found in Hustle Plugin up to 7.8.9.2 on WordPress. The impacted element is the function action_import_module . Performing a manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2026-0911 . It is possible to initiate th...

Read Full Article →

A vulnerability described as problematic has been identified in Apache Karaf up to 2.11.x . The affected element is an unknown function of the component Decanter log-socket Collector . Such manipulation leads to deserialization. This vulnerability is listed as CVE-2026-24656 . The attack may be p...

Read Full Article →

A vulnerability marked as problematic has been reported in Avahi up to 0.9rc2 . Impacted is the function lookup_handle_cname of the component mDNS/DNS-SD . This manipulation causes uncontrolled recursion. This vulnerability is tracked as CVE-2026-24401 . The attack is possible to be carried out r...

Read Full Article →

A vulnerability labeled as critical has been found in Imagination Graphics DDK up to 25.2 RTM . This issue affects some unknown processing. The manipulation results in use after free. This vulnerability is identified as CVE-2025-13952 . The attack can be executed remotely. There is not any exploi...

Read Full Article →

A vulnerability identified as problematic has been detected in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 . This vulnerability affects the function icSigCalcOp . The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-24407 . Remote exploitation of...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 . It has been classified as critical . Affected is the function CIccProfile::CheckHeader . This manipulation of the argument tag tables/offsets/size causes integer overflow. This vulnerability is handled as CVE...

Read Full Article →

A vulnerability classified as critical was found in frustratedProton http-server up to 1.0 . Impacted is the function RequestHandler::handleRequest of the component HTTP Request Handler . Such manipulation of the argument filename leads to path traversal. This vulnerability is documented as CVE-2...

Read Full Article →

A vulnerability classified as problematic has been found in thorsten phpMyFAQ up to 4.0.16 . This issue affects the function userIsAuthenticated of the file SetupController.php of the component Endpoint . This manipulation causes missing authorization. This vulnerability is registered as CVE-2026...

Read Full Article →

A vulnerability described as critical has been identified in thorsten phpMyFAQ up to 4.0.16 . This vulnerability affects unknown code of the file attachment.php . The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-24420 . The attack may be launched r...

Read Full Article →

A vulnerability marked as problematic has been reported in thorsten phpMyFAQ up to 4.0.16 . This affects the function OpenQuestionController::list of the component API Endpoint . The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-24422 . The attack may be i...

Read Full Article →

Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 23, 2026 –Read the full story in SkillUp Cybercrime was predicted to cost the world $10.5 trillion annually in 2025, and to reach $12.2 trillion by 2031, according to Cybersecurity Ventures, and there’s Th...

Read Full Article →

Over on LinkedIn, AlonGal of Hudson Rock wrote: BIG – ShinyHunters confirmed to me that they are behind the recent Okta vishing campaign and have published alleged data from three major victims (Crunchbase, SoundCloud, and Betterment) on their new blog, stating more are coming. 🔽 I was approached...

Read Full Article →

Bill Toulas reports: An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. A deep forensic examination of the artifacts left behind uncovered tooling that had not been used in the investigated attack, but exposed at...

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Key Takeaways The Risk Introduced by Implicit Trust in Public Container Images Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. How...

Read Full Article →

Attackers are abusing maintenance-themed alerts to steal master passwords from LastPass users. Password managers are still top-tier targets Password managers remain in the middle of attackers’ crosshairs, largely because a single successful compromise can unlock access to dozens, or even hundreds...

Read Full Article →

Carly Page reports: GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived. The figures come fr...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 22, 2026 –Read the full story in SOC Radar In 2025, ransomware moved beyond isolated IT incidents and became a systemic risk, capable of disrupting national supply chains, critical services, and The post T...

Read Full Article →

The City of London Police has officially launched Report Fraud — a unified national service designed to transform how the public reports cybercrime and fraud across England, Wales and Northern Ireland. The new platform aims to strengthen the UK’s response to digital scams and economic crime. Cybe...

Read Full Article →

Customer data allegedly stolen during a ransomware attack on sportswear giant Under Armour is now circulating on the dark web.

Read Full Article →

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPP). This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated, only a small s...

Read Full Article →

An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 21, 2026 –Read the full story in The CTO Club With new cyber vulnerabilities emerging daily, it’s not enough to rely solely on the tools at hand—keeping your team informed and The post Best Cybersecurity N...

Read Full Article →

European and Ukrainian authorities have exposed two alleged key members of the Black Basta cybercrime group and identified its alleged leader

Read Full Article →

Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice.

Read Full Article →

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses...

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory ac...

Read Full Article →

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public upda...

Read Full Article →

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result...

Read Full Article →

Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c . Under worst-case conditions, this results in a one-byte stack overflo...

Read Full Article →

Key Takeaways The Signals Are Loud, the Dashboards Are Full, Yet Decisive Action Remains Elusive By the end of 2025, many security leaders reached a quiet conclusion. The challenge was no longer a lack of tools, telemetry, or frameworks. Most enterprises already had all three. What remained unres...

Read Full Article →

Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. Description Safetica is a Data Loss Prevention (DLP) and Insider Risk Management (I...

Read Full Article →

Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If ...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 20, 2026 –Read the full story in World Economic Forum “Cybersecurity is the foundation for our digital world. It is at the heart of trust and will allow society to fully The post Mastercard CEO Michael Mie...

Read Full Article →

Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 19, 2026 –Watch the YouTube video On Aug. 17, 1990, a federal judge sentenced a Chicago woman to 27 months in prison for masterminding a nationwide ring of computer hackers that stole more The post Compute...

Read Full Article →

Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well.

Read Full Article →

Last week on Malwarebytes Labs: Stay safe!

Read Full Article →

Managed Detection and Response (MDR) delivers 24/7 threat detection, intelligence-led hunting, and rapid response—moving organizations beyond basic monitoring to active defense. MDR providers combine advanced analytics, AI, and human expertise to deliver scalable MDR services tailored to regional...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 16, 2026 –Read the full story in AIInvest The macro tailwind for the cybersecurity sector is now a tidal wave, according to AIInvest. Global spending on security products and services is projected The post...

Read Full Article →

Researchers demonstrated WhisperPair, a set of attacks that can take control of many widely used Bluetooth earbuds and headphones without user interaction.

Read Full Article →

Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io . The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google Dr...

Read Full Article →

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. W...

Read Full Article →

Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today’s landscape.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed bef...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Key Takeaways The Current Picture Serverless adoption is accelerating as organizations prioritize speed, scalability, and operational efficiency. According to the Data Bridge Market Research’s Global Serverless Security Market Report, the serverless security market reached USD 12.08 billion in 20...

Read Full Article →

Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions...

Read Full Article →

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dati...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 15, 2026 –Read the full story in Brandpoint Today’s businesses face unprecedented challenges, from the increasing complexity of digital transformations and hybrid cloud environments to constantly evolving ...

Read Full Article →

Researchers uncovered a way to steal data from Microsoft Copilot users with a single malicious link.

Read Full Article →

Silver Spring, Maryland, 15th January 2026, CyberNewsWire The post Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security appeared first on The Security Ledger with Paul F. Roberts .

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post descri...

Read Full Article →

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrain...

Read Full Article →

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message...

Read Full Article →

Fake LinkedIn comments warning of account restrictions are designed to trick users into revealing their login details.

Read Full Article →

In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on tech...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 14, 2026 –Read the full story in Finextra With the democratization of artificial intelligence (AI) technology, deepfakes are becoming a popular tool among cybercriminals with which to scam consumers, busin...

Read Full Article →

Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for January 2026 This month’s release addresses 115 vulnerabili...

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 13, 2026 –Read the full story in Voice & Data Cybersecurity Ventures estimated that the global cost of cybercrime would reach $10.5 trillion USD annually by 2025, and ransomware would cost its The post In ...

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

Stop ransomware before encryption begins. Learn how intelligence-driven detection tools can help identify precursor behaviors and reduce false positives for faster response.

Read Full Article →

December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React framework.

Read Full Article →

Bridging the cybersecurity skills gap with virtual hands-on experience – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 12, 2026 A cyber range is designed to mimic real-world scenarios that can be used to detect and react to simulated cyberattacks, and to enable practitioners to test The ...

Read Full Article →

Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies . In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k uniq...

Read Full Article →

Overview The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands...

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Read Full Article →

As we move into 2026, 2025 stands out as a defining year for the Qualys Cloud Agent. In 2025, Cloud Agent delivered deeper visibility into running systems and applications, stronger security controls, expanded support across operating systems and architectures, and meaningful platform modernizati...

Read Full Article →

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

Read Full Article →

Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore ct...

Read Full Article →

In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses . The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.

Read Full Article →

New York has started a movement to reshape the AI compliance landscape for companies doing business in the state. Other states are following suit making Governance and AI Compliance an increasingly critical endeavor.

Read Full Article →

Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends defenders must prepare for in 2026.

Read Full Article →

In this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahe...

Read Full Article →

Global Ransomware Surges in 2025: Total ransomware attacks rose by 17.2% year-over-year, with LevelBlue SpiderLabs tracking approximately 7,400 incidents compared to 6,017 in 2024. Q ilin and Akira Lead the Threat Landscape: Following the disappearance of Ransomhub and the disr uption of Lockbit3...

Read Full Article →

A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed. Key takeaways: MongoBleed is a memory leak vulnerability affecting multiple versions of MongoDB. Exploitation of MongoDB has be...

Read Full Article →