Weekly Scan: Cloud, Cybersecurity, AI News — Feb 01, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2026-23037 | Linux Kernel up to 6.6.121/6.12.66/6.18.6/6.19-rc5 can es58x_alloc_rx_urbs allocation of resources (EUVD-2026-5057 / Nessus ID 297503) (10 mentions)
• CVE-2026-23024 | Linux Kernel up to 6.18.5/6.19-rc4 flow_steer_list_lock memory leak (EUVD-2026-5070 / Nessus ID 297456) (8 mentions)
• CVE-2025-40551 (3 mentions)

Lots of fascinating threat model-related advances, new risk management tools, games, and more!

Read Full Article →

The normalization of deviance, exciting threat modeling news, and a question of do regulatory threats change ‘the threat model’ as much as GPS attacks? Not yet.

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracke...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police.....

Read Full Article →

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article →

How OpenAI built an in-house AI data agent that uses GPT-5, Codex, and memory to reason over massive datasets and deliver reliable insights in minutes.

Read Full Article →

Taisei Corporation uses ChatGPT Enterprise to support HR-led talent development and scale generative AI across its global construction business.

Read Full Article →

On February 13, 2026, alongside the previously announced retirement⁠ of GPT‑5 (Instant, Thinking, and Pro), we will retire GPT‑4o, GPT‑4.1, GPT‑4.1 mini, and OpenAI o4-mini from ChatGPT. In the API, there are no changes at this time.

Read Full Article →

Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.

Read Full Article →

Read Full Article →

Prism is a free LaTeX-native workspace with GPT-5.2 built in, helping researchers write, collaborate, and reason in one place.

Read Full Article →

How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency

Read Full Article →

A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work.

Read Full Article →

Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2.

Read Full Article →

ChatGPT Go is now available worldwide, offering expanded access to GPT-5.2 Instant, higher usage limits, and longer memory—making advanced AI more affordable globally.

Read Full Article →

How Netomi scales enterprise AI agents using GPT-4.1 and GPT-5.2—combining concurrency, governance, and multi-step reasoning for reliable production workflows.

Read Full Article →

Tolan built a voice-first AI companion with GPT-5.1, combining low-latency responses, real-time context reconstruction, and memory-driven personalities for natural conversations.

Read Full Article →

Amazon Bedrock now supports server-side tools in the Responses API using OpenAI API-compatible service endpoints. Bedrock already supports client-side tool use with the Converse, Chat Completions, and Responses APIs. Now, with the launch of server-side tool use for Responses API, Amazon Bedrock c...

Read Full Article →

You can now change the server-side encryption type of encrypted objects in Amazon S3 without any data movement. You can use the UpdateObjectEncryption API to atomically change the encryption key of your objects regardless of the object size or storage class. With S3 Batch Operations, you can use ...

Read Full Article →

AWS Network Firewall now provides visibility into generative AI (GenAI) application traffic and supports traffic filtering based on web categories. This new capability simplifies governance by enabling you to identify and control access to GenAI services, social media platforms, streaming sites, ...

Read Full Article →

Amazon Neptune Analytics is now available in US West (N. California), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Europe (Stockholm), Europe (Paris), and South America (São Paulo) regions. You can now create and manage Neptune Analytics graphs in these new regions and ru...

Read Full Article →

Today, Amazon announces the general availability of Amazon Elastic Compute Cloud (Amazon EC2) G7e instances, accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large lang...

Read Full Article →

On January 20, 2026 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 are now available for download . Amazon Corretto is a no-cost, multi-platform, production-ready dis...

Read Full Article →

Amazon Relational Database Service (Amazon RDS) for SQL Server now supports the latest General Distribution Release (GDR) updates for Microsoft SQL Server. This release includes support for Microsoft SQL Server 2016 SP3+GDR KB5068401 (RDS version 13.00.6475.1.v1), SQL Server 2017 CU31+GDR KB50684...

Read Full Article → *(Covered by: AWS News)*

API keys for Amazon Bedrock are now available in AWS GovCloud (US) regions, expanding a feature that simplifies authentication and accelerates generative AI development. Originally launched in commercial AWS regions in July 2025, API keys for Amazon Bedrock enable developers to quickly generate a...

Read Full Article →

The critical ServiceNow Virtual Agent vulnerability highlights a vital lesson: securing agentic AI requires a return to traditional AppSec foundations. While AI can amplify risks, the root causes often stem from classic failures in authentication and authorization.

Read Full Article →

Read Full Article → *(Covered by: Hong Kong PCPD)*

Read Full Article →

IT security was a critical element of retired US Col. Barry Hensley’s 24-year military career as an Army Signal Officer, as he was often responsible for the engineering and installation of “military networks, whether in garrison or in support of combat troops deployed.” “The pinnacle of my milita...

Read Full Article →

Responsible disclosure is built on an assumption that “doing the right thing” will be met with timely action, fair treatment, and professional respect, if not a bounty award. Increasingly, that assumption is failing. And when it does, organizations alienate researchers and create regulatory, lega...

Read Full Article →

The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust cybersecurity practices. The documents are part of a larger series designed to support adoption of zero trust frameworks align...

Read Full Article →

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions pu...

Read Full Article →

Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of Non-Human Identity and AI Security report by the Cloud Security Alliance. AI identities inherit old IAM weaknesses Treating ...

Read Full Article →

The article discusses

Read Full Article → *(Covered by: Shostack + Friends Blog)*

GPS attacks trigger revisiting threat models

Read Full Article →

Prompted by participants, a few closing thoughts for 2025

Read Full Article →

Read up on Adam's New Thing from October

Read Full Article →

Understanding ‘prompt engineering’

Read Full Article →

LLM Insurance is, and will remain, a great source of insurer profits.

Read Full Article →

LLMs will change threat modeling. Will it be for the better?

Read Full Article →

Everyone wants robots to help with threat models. How’s that working out?

Read Full Article →

A 2025 view of threat modeling tools

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

Threat modeling finds threats; risk management helps us deal with the tricky ones.

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

The article highlights

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What can we learn from Google’s approach to AI Agent Security

Read Full Article →

We think you should publish your threat model, and we’re publishing our arguments.

Read Full Article →

Automation sounds great, but what about the essence and beauty?

Read Full Article →

Andor teaches us about insider threats

Read Full Article →

What Andor can teach us about Information disclosure threats

Read Full Article →

What’s next for the CVE program?

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Clarifying how to threat model AI

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

BlackHat invites human factors work

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Our comments on the National Cyber Incident Plan

Read Full Article →

Do diagrams leverage the brain in a different way?

Read Full Article →

Emerging research on Cyber Public Health

Read Full Article →

A few thoughts from a clickbait headline

Read Full Article →

Some thoughts on 25 years of the CVE program

Read Full Article →

A new paper on 'Pandemic Scale Cyber Events

Read Full Article →

Cyber Public Health is prompting fascinating conversations

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

How to effectively threat model authentication.

Read Full Article →

A new universal threat model - what can we learn from it?

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for May, 2024.

Read Full Article →

Read Full Article →

What do we need to assess if memory safe langages are 'sufficient'?

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Exploring LLM-driven coding as I get ready for Archimedes

Read Full Article →

Thoughts on the British Library incident

Read Full Article →

A busy month in appsec, AI, and regulation.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

2024 is bringing lots of AI, and Liability, too

Read Full Article →

Read Full Article →

Principles are lovely, but do they lead us to actionable results?

Read Full Article →

We can learn a lot from comparing retrospectives

Read Full Article →

Adam featured on ML Sec Ops podcast

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!

Read Full Article →

Read Full Article →

Phishing behaviors, as observed in the wild.

Read Full Article →

Some inferences from layoffs in responsible AI teams

Read Full Article →

Some diagrams to help clarify machine learning threats

Read Full Article →

Reflecting on the framing of the Threats book

Read Full Article →

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read Full Article →

The serious side of the book

Read Full Article →

Like the Force, each threat has a light side, and a dark side.

Read Full Article →

More thoughts about AI and threat modeling

Read Full Article →

Pointer to Adam’s latest Darkreading article

Read Full Article →

The OpenAI chatbot is shockingly improved — its capabilities deserve attention.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.

Read Full Article →

Threat modeling doesn't need to be a slow, heavyweight activity!

Read Full Article →

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.

Read Full Article →

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment

Read Full Article →

I have something to disclose...

Read Full Article →

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Read Full Article →

I want to call out some impressive aspects of a report by Proofpoint.

Read Full Article →

Understanding the way intrusions really happen is a long-standing interest of mine.

Read Full Article →

Exploring supply chain threat modeling with Alexa

Read Full Article →

For my first blog post of 2020, I want to look at threat modeling machine learning systems.

Read Full Article →

Let's talk CAKED, a threat model for managed attribution.

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

A breakdown of CTFs and eSports

Read Full Article →

What have we learned and what steps can we take?

Read Full Article →

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Read Full Article →

My newest post over at Dark Reading ponders regulation.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

An unexpected book review.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

The post The “Fix” is a Trap: ConsentFix Phishing Bypasses MFA via Azure CLI appeared first on Daily CyberSecurity .

Read Full Article →

The post New Offensive OT Framework Targeting Energy Infrastructure Emerges on Dark Web appeared first on Daily CyberSecurity .

Read Full Article →

A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. [...]

Read Full Article →

OpenAI has confirmed that it's retiring ChatGPT's most popular model called GPT-4o and several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, GPT-4.1 mini, and o4-mini. [...]

Read Full Article →

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. [...]

Read Full Article →

Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek .

Read Full Article →

US authorities take control of over $400 million in crypto, cash, and property tied to Helix, a major darknet bitcoin mixing service used by drug markets.

Read Full Article →

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitt...

Read Full Article →

CERT Polska said cyberattacks hit 30+ wind and solar farms, a manufacturer, and a major CHP plant supplying heat to nearly 500,000 people. On December 29, 2025, Poland faced coordinated cyberattacks targeting over 30 wind and solar farms, a manufacturing company, and a major heat and power plant ...

Read Full Article → *(Covered by: Security Affairs)*

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus cred...

Read Full Article →

IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the c...

Read Full Article →

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.

Read Full Article →

If there’s one thing guaranteed to grab attention in the computer security world, it’s announcing yourself without fully explaining what it is you plan to do. This week, the Linux world got a taste of this enigmatic marketing ploy with the launch out of stealth of Berlin-based Linux security outf...

Read Full Article →

Other noteworthy stories that might have slipped under the radar: Apple updates platform security guide, LastPass detects new phishing wave, CISA withdraws from RSA Conference. The post In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak appeared first on Sec...

Read Full Article →

Labyrinth Chollima is morphing into three separate entities, engaging in cyber-espionage, and crypto theft, against firms in the west.

Read Full Article →

Seoul Metropolitan Police, as part of their investigation into the data breach at online retail giant Coupang, brought in acting CEO Harold Rogers.

Read Full Article →

When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule ...

Read Full Article →

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers

Read Full Article →

The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure. The post Google’s disruption rips millions out of devices out of malicious network appeared fi...

Read Full Article →

From an Anthropic blog post : In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates ...

Read Full Article → *(Covered by: Bruce Schneier Blog)*

Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps.

Read Full Article →

The consequences of neglecting software integrity are severe and more visible than ever.

Read Full Article →

Among them, 23,000 hosts were persistently responsible for the majority of activity observed over 293 days of scanning. The post 175,000 Exposed Ollama Hosts Could Enable LLM Abuse appeared first on SecurityWeek .

Read Full Article →

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were conf...

Read Full Article →

Marquis wants SonicWall to pay for the damages, but firewall maker asks for proof that two incidents are linked.

Read Full Article →

srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shutterstock_2667391403.png?quality=50&strip=all 2500w, https://b2b-contenthub.com/wp-content/uploads/2026/01/shutterstock_2667391403.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2026/01...

Read Full Article →

An Android malware campaign is reportedly abusing Hugging Face’s public hosting infrastructure to distribute a remote access trojan (RAT). The operation relies on social engineering, staged payload delivery, and abuse of Android permissions to achieve persistence over infected devices. According ...

Read Full Article →

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, ...

Read Full Article →

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran

Read Full Article →

SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let a...

Read Full Article → *(Covered by: Security Affairs)*

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

Read Full Article →

Beijing is aggressively exploiting global data for strategic purposes. AI-powered cybersecurity is essential to Washington’s counter-offensive to win the global market. The post Cybersecurity can be America’s secret weapon in the AI race appeared first on CyberScoop .

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Kno...

Read Full Article → *(Covered by: Security Affairs)*

Empire Market co-founder Raheim Hamilton pleaded guilty to U.S. drug conspiracy charges in Chicago, facing a mandatory 10 years to life in prison. Raheim Hamilton (30) of Virginia, co-creator of the dark web marketplace Empire Market, pleaded guilty in Chicago to a federal drug conspiracy charge....

Read Full Article → *(Covered by: Security Affairs)*

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the...

Read Full Article →

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to ...

Read Full Article →

Cybersecurity guru Bruce Scheier is often quoted as saying, “People are the weakest link in the security chain.” No more accurate words have ever been spoken about cybersecurity. You can spend millions of dollars on firewalls, endpoint security tools, access controls, and data encryption, but one...

Read Full Article →

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities...

Read Full Article →

Shadow AI, the secret, unapproved use of AI by employees, isn’t going away. In fact, workers are getting more brazen, and their employers often don’t seem to care. In a new BlackFog survey, nearly half (49%) of workers admit to adopting AI tools without employer approval , many using free version...

Read Full Article →

The post From User to SYSTEM: PoC Released for Zabbix Privilege Escalation appeared first on Daily CyberSecurity .

Read Full Article →

Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.

Read Full Article →

The post Smart Buildings at Risk: Critical Johnson Controls Flaw (CVSS 10) Allows Remote SQL Injection appeared first on Daily CyberSecurity .

Read Full Article →

The post Exploited in the Wild: Critical Ivanti EPMM RCE Flaws (CVSS 9.8) Under Attack appeared first on Daily CyberSecurity .

Read Full Article →

The post Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation appeared first on Daily CyberSecurity .

Read Full Article →

Notorious extortion group ShinyHunters released tens of GB of files it claims to have stolen from dating apps Hinge, Match, OkCupid and Bumble. While there is no official confirmation about how the companies were breached, researchers believe the group’s activities triggered a recent Okta advisor...

Read Full Article →

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Read Full Article →

After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant. Related: Microsofts see a ‘protopian’ AI future Claude is four to five times slower generating responses. But something emerged that matters more than … (more…) The post MY TAKE...

Read Full Article →

A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. [...]

Read Full Article →

It stems from how the Internet Assigned Numbers Authority functions, the official said. The post The ‘staggering’ cybersecurity weakness that isn’t getting enough focus, according to a top Secret Service official appeared first on CyberScoop .

Read Full Article →

The fintech giant said it plans to "seek recoupment of any expenses" from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations.

Read Full Article →

The Trump administration also envisions artificial intelligence playing a role in protecting federal government networks. The post US wants to push its view of AI cybersecurity standards to the rest of the world appeared first on CyberScoop .

Read Full Article →

SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code exe...

Read Full Article → *(Covered by: Security Affairs)*

Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations

Read Full Article →

The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR

Read Full Article →

"Years of hard work" ruined, an operator cries, as the FBI places the usual banner on clearweb sites.

Read Full Article →

Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs,...

Read Full Article → *(Covered by: Security Affairs)*

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek .

Read Full Article →

Cyberkriminelle haben es inzwischen vermehrt auf digitale Identitäten abgesehen. khunkornStudio – shutterstock.com Der State of Incident Response Report 2026 von Eye Security zeigt: Cyberangriffe auf Unternehmen erfolgen zunehmend unbemerkt und die Schäden entstehen innerhalb von Minuten. Demnach...

Read Full Article →

The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild”

Read Full Article →

Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report

Read Full Article →

Two critical sandbox escape flaws in the popular n8n workflow automation platform are allowing authenticated users to achieve remote code execution on affected instances. According to new JFrog findings, sandboxing safeguards meant to contain untrusted workflow logic can be bypassed, exposing ent...

Read Full Article →

The acting director of the US Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents to a public version of ChatGPT last summer, triggering automated security alerts and raising questions about AI governance at the agency responsible for defending fed...

Read Full Article →

The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike. The post Long-running North Korea threat group splits into 3 distinct operations appeared first on CyberScoop .

Read Full Article →

Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw i...

Read Full Article → *(Covered by: Security Affairs)*

According to a recent report by law firm DLA Piper , organizations are increasingly being reported for violations of the General Data Protection Regulation (GDPR) . According to the study, the average number of daily reports has risen above 400 for the first time since the GDPR came into force ac...

Read Full Article →

The security community has offered broad support for the creation of an EU-hosted vulnerability database as a means of reducing dependence on US databases. However, some experts have expressed concerns that the potential fragmentation of security intelligence risks impeding rapid vulnerability id...

Read Full Article →

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 ...

Read Full Article →

OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisl...

Read Full Article → *(Covered by: Security Affairs)*

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.

Read Full Article →

Attackers have exploited the critical defect to reconfigure firewall settings and create unauthorized accounts with privileged access to multiple versions of the vendor’s security products. The post Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers appeared ...

Read Full Article →

The Senate Judiciary Committee held a hearing on Section 702, set to sunset at the end of April, but with no Trump administration witnesses present. The post Lawmakers wonder when Trump administration will weigh on soon-expired surveillance powers appeared first on CyberScoop .

Read Full Article →

Outtake makes an agentic cybersecurity platform to help enterprises detect identity fraud. Its angel investors read like a who's who of tech industry names.

Read Full Article →

A high severity flaw in WinRAR allows crooks to execute malware remotely.

Read Full Article →

HaveIBeenPwned confirms extent of the SoundCloud incident, allowing users to see if they're affected.

Read Full Article →

US authorities have seized the RAMP cybercrime forum, taking down both its clearnet and dark web domains in a major hit to the ransomware infrastructure.

Read Full Article →

Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026

Read Full Article →

Mustang Panda gave CoolClient new bells and whistles, including clipboard monitoring.

Read Full Article →

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9)...

Read Full Article →

ShinyHunters stole names, addresses, and more, from Panera Bread systems.

Read Full Article →

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on t...

Read Full Article →

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, P...

Read Full Article →

When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remain...

Read Full Article →

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Read Full Article →

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single...

Read Full Article →

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China’s Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wipe...

Read Full Article →

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.

Read Full Article →

Scattered LAPSUS$ Hunters are targeting major firms with sophisticated voice phishing attacks.

Read Full Article →

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contain

Read Full Article →

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.

Read Full Article →

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While t...

Read Full Article →

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. ...

Read Full Article →

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research L...

Read Full Article →

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicio...

Read Full Article →

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.

Read Full Article →

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Departmen...

Read Full Article →

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many An...

Read Full Article →

What if a phishing page was generated on the spot, with no visible malicious code or payload?

Read Full Article →

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversar...

Read Full Article →

AI-driven cybercrime is escalating rapidly, combining phishing, deepfakes, and Dark LLMs, forcing businesses to strengthen defences and monitoring systems.

Read Full Article →

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs r...

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabil...

Read Full Article →

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Read Full Article →

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers as part of an operation intended to cause a power outage and other disruption to services, says European security

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP rem...

Read Full Article →

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

Read Full Article →

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing se...

Read Full Article →

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

Read Full Article →

MIAMI, Jan. 22, 2026, CyberNewswire — Halo Security , a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.… (more…) The post N...

Read Full Article →

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vu...

Read Full Article →

Bitwarden is upgrading protection across Individual and Family plans, but the price is going up too.

Read Full Article →

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to an...

Read Full Article →

Cybersecurity professionals in Latin America are least likely to have faith in their countries' preparedness for cyberattacks on critical infrastructure, the World Economic Forum says.

Read Full Article →

TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach.

Read Full Article →

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.

Read Full Article →

North Korea-linked threat group KONNI targets countries across APAC, specifically in blockchain sectors, with AI-generated malware

Read Full Article →

Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what large language models ( LLMs ) d...

Read Full Article →

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything; * A g...

Read Full Article →

### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python zipfile based t...

Read Full Article →

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.

Read Full Article →

AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk … (more…) The post SHARED INTEL ...

Read Full Article →

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital , a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital , an independent study commissioned by Airlock Digital and conducted … (more…) The post News alert...

Read Full Article →

ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security , today announces a major upgrade to One Identity Manager, a top-rated IGA solution , strengthening identity governance as a critical security control for … (more…) The post News alert: One Ide...

Read Full Article →

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

Read Full Article →

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of comp...

Read Full Article →

The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.

Read Full Article →

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good ... The post Why inaccessible cybersecurity is a security risk: our path to accessibility appeared first on Blog Detectify .

Read Full Article →

VoidLink's framework marks the first evidence of fully AI-designed and built advanced malware, beginning a new era of AI-generated malware

Read Full Article →

Read Full Article → *(Covered by: 0day Fans)*

An email from Claude landed in my inbox Friday morning with a subject line that stopped me cold: “Using Claude for your everyday life.” Related: AI’s fortune teller effect Not “Unlock the power of AI” or “Transform your productivity.” Just… … (more…) The post MY TAKE: From ‘holy mackeral’ to ‘dai...

Read Full Article →

Misaligned agents are just one layer of the AI security challenge that startup Witness AI is trying to solve. It detects employee use of unapproved tools, blocks attacks, and ensures compliance.

Read Full Article →

Windows has supported computer telephony integration for decades, providing applications with the ability to manage phone devices, lines, and calls. While modern deployments increasingly rely on cloud-based telephony solutions, classic telephony services remain available out of the box in Windows...

Read Full Article →

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Read Full Article →

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

Read Full Article →

Developers are frequently granting Claude Code permission to download, execute, and delete code, creating fertile ground for prompt injection attacks.

Read Full Article →

I’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally . It’s special here, like a second home that just feels…

Read Full Article →

Consuming from Microsoft-Windows-Threat-Intelligence without Antimalware-PPL or kernel patching/driver loading.

Read Full Article →

NEW YORK, Jan. 15, 2026, CyberNewswire — BreachLock , a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced … (...

Read Full Article →

MCLEAN, Va., Jan.15, 2026, CyberNewswire — A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and … (more…) The post News alert: A...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Read Full Article →

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Read Full Article →

Key findings Introduction In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself Sicarii began advertising its services across multiple underground platforms. The group’s name references the Sicarii, a 1st-century Jewish assassins group that opposed Roman r...

Read Full Article →

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Read Full Article →

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

The new framework maintains long-term access to Linux systems while operating reliably in cloud and container environments

Read Full Article →

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and ...

Read Full Article →

Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a vulnerability in SmarterTools’ SmarterMail solution, accompanied by an advi...

Read Full Article →

In 2025, Trump brought tech executives into power to dismantle regulators and write their own rules. But the instabilities they’re creating may be their downfall.

Read Full Article →

Key takeaways Introduction GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the bot...

Read Full Article →

 I've been thinking and writing about AI for [exactly a decade now](/blog/the-real-internet-of-things), and last week someone claimed I said two things in 2023 that I don't think I said. (1. That we'd have AGI in 6 months, ...

Read Full Article →

Disclaimer: This article is intended for educational purposes and security specialists conducting authorized testing. The author assumes no responsibility for any misuse of the information provided. Distribution of malicious software, system disruption, and privacy violations are punishable by la...

Read Full Article →

### Summary A buffer overflow and stack information leak affecting the ARM Ampere Management Mode (MM) Boot Error Record Table (BERT) driver. This code is bundled into the ARM Unified Extensible F...

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article → *(Covered by: UpGuard Blog)*

Expand your organization's vendor risk management toolbox by utilizing this free GDPR vendor questionnaire template.

Read Full Article →

Learn which features to look for when choosing a tool for tracking PCI DSS compliance. The right tool will help you avoid costly violations.

Read Full Article →

Learn which features to look for in an ideal cyber risk remediation product for healthcare services. The right choice will reduce data breach impact.

Read Full Article →

A free cybersecurity guide for any business in the healthcare industry. Includes data breach and ransomware attack defense strategies for 2026.

Read Full Article →

Learn how to comply with versions 4.0 and 4.0.1 of PCI DSS.

Read Full Article →

Learn how to implement an effective security strategy for minimizing the impact of ransomware attacks.

Read Full Article →

Monitoring these key metrics will help you track your PCI DSS compliance efforts.

Read Full Article →

This article covers how to prepare for a PCI DSS onsite audit and maintain compliance with PCI requirements.

Read Full Article →

Learn the most commonly used phishing attacks and how to identify them.

Read Full Article →

116 data breach statistics that cover risk, cost, prevention, industry trends, and more. Assess and analyze these stats and learn to prevent data breaches.

Read Full Article →

Read Full Article →

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

Kaspersky Unified Monitoring and Analysis Platform, version 4.2: detecting compromised accounts using AI, updated correlator, and other innovations.

Read Full Article →

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42 .

Read Full Article →

Securing AI-powered applications requires more than just safeguarding prompts. Organizations must adopt a holistic approach that includes monitoring the AI supply chain, assessing frameworks, SDKs, and orchestration layers for vulnerabilities, and enforcing strong runtime controls for agents and ...

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to existing detection coverage, and flags poten...

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

The 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations today: How can we harness the power of generative while safeguarding sensitive data? The post New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data appe...

Read Full Article →

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.

Read Full Article →

AI toys have been found discussing knives, drugs, sex, and mature games with children. We dive into the latest research results and the risks to security and privacy.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization

Read Full Article →

Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog .

Read Full Article →

How to safely use Android devices in the face of 2026’s new security threats

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Read Full Article →

Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory

Read Full Article →

Key security controls to implement in your organization to protect against malicious AI agent behavior.

Read Full Article →

Read Full Article →

Categories: Sophos Insights Tags: Sophos AI, Gen AI, Year in Review

Read Full Article →

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. The post From runtime risk to real‑time defense: Securing AI agents appeared first on Microsoft Security Blog .

Read Full Article →

A new study shows that verse-based prompts can slash the effectiveness of AI safety constraints. We’re breaking down an experiment involving 25 language models and its key takeaways.

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Discover how Ford, Icertis, and TriNet modernized security with Microsoft—embedding Zero Trust, automating defenses, and enabling secure AI innovation at scale. The post Microsoft Security success stories: Why integrated security is the foundation of AI transformation appeared first on Microsoft ...

Read Full Article →

SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings.

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42 .

Read Full Article →

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint appeared first on Microsoft Security Blog .

Read Full Article →

AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. The post A new era of agents, a new era of posture appeared first on Microsoft Security Blog .

Read Full Article →

With the WhisperPair attack, a stranger can pair their device with your headphones to keep tabs on your location.

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42 .

Read Full Article →

Discover four key identity and access priorities for the new year to strengthen your organization's identity security baseline. The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog .

Read Full Article →

How can organizations find and fix systems vulnerable to Y2K38 — the Unix epoch time overflow problem, also known as Epochalypse?

Read Full Article →

Here’s how cybercriminals cash in on companies’ online doppelgängers, and what can be done about it.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Ordinary photos from your social media can be turned into tools for AI-driven sextortion and deepfakes. How can you protect your privacy and security?

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

An independent study of companies’ transparency and data usage practices in cybersecurity products.

Read Full Article →

The critical ServiceNow Virtual Agent vulnerability highlights a vital lesson: securing agentic AI requires a return to traditional AppSec foundations. While AI can amplify risks, the root causes often stem from classic failures in authentication and authorization.

Read Full Article →

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42 .

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42 .

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

For years, Amazon Go stores stood at the pinnacle of retail store technology, showcasing a massive number of high-resolution digital cameras in each store that could visually track every customer and how that shopper interacted with every product. The stores showcased Amazon’s technological super...

Read Full Article →

AI 에이전트를 배포한 기업은 성능을 미세 조정하는 과정에서 비용 때문에 충격을 받을지도 모른다. 몇몇 설문조사에 따르면, 기업의 약 80%가 이미 AI 에이전트를 배포했지만, 대부분 기업은 에이전트를 학습시키고 결과물을 평가하는 데 드는 비용 구조를 이해하지 못하고 있다. 전문가들은 이 때문에 예상을 크게 뛰어넘는 비용이 발생할 수 있다고 경고한다. AI 옵저버빌리티 기업 몬테 카를로(Monte Carlo)의 CTO 리오르 가비시는 많은 조직이 “배포 후 혼란”을 막기 위해 에이전트 문제를 사전에 잡아내는 최적의 방법을 여전...

Read Full Article →

なぜエージェントは「LLM」より危ないのか AIエージェントの危険性は「言い間違い」や「誤答」だけでは説明できない、という点だ。LLM（大規模言語モデル）単体のリスクは、主に生成物の品質や不適切発言、幻覚など、出力の内容に焦点が当たりやすい。しかしエージェントは、生成した文章を“行動”に変換してしまう。ここにセキュリティの質的な変化がある。 エージェントが持つ特徴を言葉にすると、自律性・連鎖性・権限性の3つが核になる。自律性とは、与えられた目的を達成するために、必要そうな手順を自分で組み立てて進める性質だ。連鎖性とは、一つの判断が次の入力を生み、その入力が次の判断を誘発し、結果的に長い実...

Read Full Article →

'I did not think it was going to happen to me, but here we are' Nearly every company, from tech giants like Amazon to small startups, has first-hand experience with fake IT workers applying for jobs - and sometimes even being hired. …

Read Full Article →

There’s a lot of hype about AI coding tools and the gains developers are seeing when it comes to speed and accuracy. But are developers also offloading some of their thinking to AI when they use them as copilots? Anthropic researchers recently put this to the test, examining how quickly software ...

Read Full Article →

Microsoft latest earnings report has caused a few tremors in the market over fears that the company has over-committed its resources when investing in AI, and that same issue could also have repercussions for enterprises. In addition, some financial analysts have concerns about the future of Open...

Read Full Article →

Zero Trust has been the industry’s North Star for a decade, yet most enterprises still struggle to operationalize it. The principle “never trust, always verify” is easy to say, hard to do. According to Gartner, 63% of organizations worldwide have implemented some form of zero trust strategy, yet ...

Read Full Article →

Something big is landing in Miami. From March 30 to April 2, 2026, IGEL Now & Next returns to the legendary Fontainebleau Miami Beach, where innovation meets ocean air and the next era of endpoint security takes the stage. Now & Next is more than just another conference. It’s a checkpoint for lea...

Read Full Article →

Every industry reaches a point where its tools must evolve faster than its threats. For end-user computing (EUC), the event at the forefront of endpoint security innovation is this spring at IGEL Now & Next 2026 in Miami. For technology leaders, Now & Next is more than a gathering to collaborate,...

Read Full Article →

It’s easy to fall down the rabbit hole that is the hype surrounding Anthropic’s code agent Claude Code , a hype that really took off during the Christmas holidays and — at least in tech circles — is reminiscent of ChatGPT’s arrival three years ago. Claude Code , already being called both “the new...

Read Full Article →

Many people’s daily browsing is now done on their mobile devices. So it’s more important than ever to have a great VPN that works well on your phone. While some services work best on Windows, others particularly shine when used on Android devices, and I’ve curated a list of my favorites to help y...

Read Full Article →

Ars spoke to several software devs about AI and found enthusiasm tempered by unease.

Read Full Article →

Parent company Cognizant hit with multiple lawsuits Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across mul...

Read Full Article →

Oracle is considering cutting 20,000 to 30,000 jobs and selling some of its activities as US banks pull back from financing the company’s AI data-center expansion, according to investment bank TD Cowen. The job cuts would free up $8 billion to $10 billion in cash flow, TD Cowen said in a research...

Read Full Article →

Google recently announced in a statement that it has disrupted the “world’s largest residential proxy network.” It was able to remain undetected for a long time, hijacking innocent users’ private devices (including smartphones, PCs, and smart home devices) and using them as gateways for distribut...

Read Full Article →

AI vision systems can be very literal readers Indirect prompt injection occurs when a bot takes input data and interprets it as a command. We've seen this problem numerous times when AI bots were fed prompts via web pages or PDFs they read. Now, academics have shown that self-driving cars and aut...

Read Full Article →

GPT-4o gets second death sentence after last year's reprieve, but this time barely anyone's bothered OpenAI is sunsetting some of its ChatGPT models next month, a move it knows "will feel frustrating for some users."…

Read Full Article →

Organizations deploying AI agents may be in for a nasty surprise when it comes to the cost of tuning their performance. According to some surveys , nearly 80% of enterprises have deployed AI agents, but most don’t understand the cost of training them and evaluating their outputs, which can result...

Read Full Article →

Findings from a new study by Epoch AI, a non-profit research institute, appear to poke major holes in the notion that AI firms, and specifically OpenAI, will eventually become profitable. The research paper written by Jaime Sevilla, Hannah Petrovic and Anson Ho, suggests that while running an AI ...

Read Full Article →

Anthropic's latest paper on "user disempowerment" has some troubling findings.

Read Full Article →

A VPN, or virtual private network, is one of the best tools you can use to boost your online privacy and security. But in the vast ocean of available services, it can be exhausting trying to find the best VPN for your needs. Thankfully, we here at PCWorld are VPN experts and we’re sharing decades...

Read Full Article →

Apple overnight updated the Apple Platform Security guide , its Bible for everyone involved in Apple security. The new edition confirms that M5 Macs now benefit from rock solid protection that should protect them against some of the most sophisticated attacks. The guide confirms that Memory Integ...

Read Full Article →

Security experts at the Computer Security and Industrial Cryptography research group (COSIC) are warning of a serious Bluetooth security vulnerability that could affect millions of headphones, speakers, and other wireless accessories worldwide. If you have any Bluetooth devices, you should check ...

Read Full Article →

Big Blue leaning on software smarts to modernize COBOL estates and cut costs IBM's leader has trumpeted an AI-on-the-mainframe future as generative AI fills in the COBOL gap left by earlier generations of techies.…

Read Full Article →

Microsoft users are reporting a particularly difficult-to-detect scam: phishing emails sent from a genuine Microsoft email address that’s classified as “trustworthy” by the company itself. The emails appear to be official, but they’re demanding high-value payments and leading victims straight int...

Read Full Article →

Google is looking to expand Chrome’s role in enterprise productivity with a new auto-browse feature built on its Gemini 3 model that it says can navigate websites, gather information, and process it, reducing manual data entry and repetitive clicks in professional workflows. The feature is availa...

Read Full Article →

Using the antivirus trial that came with your PC? Or perhaps you’ve just been sitting it out with Windows Security? You may be able to do better. Why only may do better? It all depends on your needs—factors like your household, level of tech savvy, and willingness to directly manage your protecti...

Read Full Article →

Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Ski...

Read Full Article →

The US Department of Energy (DoE) program that would see three new experimental commercial nuclear reactors launched by July 4 is the driver behind the secret rewriting of nuclear safety and security standards, says a report released Wednesday by NPR. It said, “sweeping changes [which have not be...

Read Full Article →

With many AI projects failing , there’s no one-size-fits-all formula for advancing AI proofs of concept to real-world use in the corporate world. But two companies, Ernst & Young (EY) and Lumen, have had success — though they’ve tackled the issue in dramatically different ways. EY, being in a reg...

Read Full Article →

WinRAR, a tool for unpacking compressed files , is one of those pillars of everyday PC use that’s kind of faded into the background. I used to install it on every computer setup, like VLC and Irfanview. But according to a report from security researchers at Google, a long-known vulnerability in W...

Read Full Article →

Microsoft recently published a security advisory warning of a newly discovered zero-day vulnerability in Office applications. The vulnerability, designated CVE-2026-21509 , is classified as “high” risk. According to the advisory, this vulnerability can be exploited to bypass security features in ...

Read Full Article →

Spam and scams generally go hand-in-hand. Accordingly, we all get flooded daily from various angles across multiple email and messaging services, but they’re not the only ways of getting hit. As annoying as they are, scammers are a smart bunch. Which is why my guard is now up after being contacte...

Read Full Article →

Earlier this month, Google started rolling out a new feature that lets users change their Gmail addresses —and it’s already being exploited by cybercriminals and malicious actors. The new feature allows one’s original Gmail address to remain as an alias, so that incoming emails continue to land i...

Read Full Article →

Over the course of the past year, security researchers at Specops Software examined six billion leaked passwords and subsequently published a comprehensive report on their findings. This report not only provides insight into the most commonly used passwords, but also into the current threat posed...

Read Full Article →

Password manager 1Password has launched a new feature in its browser extension that provides extra protection against phishing, reports Engadget . The new feature warns users when they manually paste login details on a website that isn’t linked to a saved login in 1Password. A pop-up message will...

Read Full Article →

Last week, Verizon had a massive outage. Millions of wireless customers couldn’t get a signal, instead stuck on emergency service. If you were affected, you definitely knew it—your phone was stuck on “SOS” mode, only capable of calling 911. Service was eventually restored by the evening, with Ver...

Read Full Article →

Torrenting, or P2P (peer-to-peer) file sharing, is a convenient way to download large files quickly. But it isn’t without its risks. Not only is there the risk of accidentally downloading a malicious file or malware, but there’s a privacy risk as well—your ISP can see all your online activity and...

Read Full Article →

Read Full Article →

Whether you want extra security while using public Wi-Fi, or to unlock content on your favorite streaming services, the right free VPN for your Android device can help you do it without having to pay a dime. The problem when looking for a good free VPN, though, is that there are a ton available o...

Read Full Article →

Currently trending CVE - Hype Score: 10 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web ...

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

An unauthenticated remote code

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 5 - n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditi...

Read Full Article →

Currently trending CVE - Hype Score: 5 - An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

Read Full Article →

Currently trending CVE - Hype Score: 5 - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion...

Read Full Article →

Currently trending CVE - Hype Score: 1 - A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out o...

Read Full Article →

Currently trending CVE - Hype Score: 1 - A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.

Read Full Article →

A list of topics we covered in the week of January 26 to February 1 of 2026

Read Full Article → *(Covered by: Malwarebytes Labs)*

A vulnerability was found in Cybozu Garoon up to 6.0.3 and classified as problematic . The affected element is an unknown function of the component Message Handler . Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-22881 . It is possible to l...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as problematic , was found in Cybozu Garoon up to 6.0.3 . This issue affects some unknown processing of the component Portal Setting Handler . Such manipulation leads to improper handling of extra values. This vulnerability is listed as CVE-2026-22888 . The a...

Read Full Article →

A vulnerability, which was classified as critical , has been found in ASUS Business Manager . This vulnerability affects unknown code of the component Secure Delete Driver . This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-13348 . The attack is restricted ...

Read Full Article →

A vulnerability classified as critical was found in Samsung Electronics MagicINFO 9 Server 21.1050/21.1052/21.1080.0 . This affects an unknown part of the component HTML File Handler . The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-25200 . The attack...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as problematic has been found in Library Viewer Plugin up to 3.1.x on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-15396 . Remote exploitation of the attack ...

Read Full Article →

A vulnerability described as problematic has been identified in Five Star Restaurant Reservations Plugin up to 2.7.8 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to cross-site request forgery. The identification of this vulnerability ...

Read Full Article →

A vulnerability labeled as very critical has been found in OpenClaw, Clawdbot and Moltbot up to 2026.1.28 . This impacts an unknown function of the component Websocket Connection Handler . Such manipulation of the argument gatewayUrl leads to incorrect resource transfer. This vulnerability is uni...

Read Full Article →

A vulnerability categorized as critical has been discovered in RaspAP raspap-webgui up to 3.3.5 . The impacted element is an unknown function. The manipulation results in os command injection. This vulnerability is known as CVE-2026-24788 . It is possible to launch the attack remotely. No exploit...

Read Full Article →

A vulnerability was found in User Profile Builder Plugin up to 3.15.1 on WordPress. It has been rated as critical . The affected element is an unknown function of the component Password Reset Handler . The manipulation leads to improper privilege management. This vulnerability is traded as CVE-20...

Read Full Article →

A vulnerability was found in Red Hat Satellite 6 . It has been declared as critical . Impacted is an unknown function of the component foreman_kubevirt . Executing a manipulation can lead to improper certificate validation. This vulnerability appears as CVE-2026-1531 . The attack may be performed...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in JeecgBoot 3.9.0 and classified as critical . This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API . Such manipulation of the argument keyword leads to sql injection. This vulnerability is docum...

Read Full Article →

A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as problematic . This affects an unknown part. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2026-1745 . Remote exploitation of the attack is possib...

Read Full Article →

A vulnerability, which was classified as problematic , was found in D-Link DSL-6641K N8.TR069.20131126 . Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js . The manipulation of the argument Username results in cross site scripting. This vulnerability only affects pro...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500 . Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing . The manipulation leads to authentication bypass by capture-replay...

Read Full Article →

A vulnerability classified as problematic was found in Simplephpscripts Simple CMS 2.1 . Affected is an unknown function of the component editUser Module . Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2021-47917 . The attack can be launched remot...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as problematic has been found in Epson EasyMP Network Projection 2.81 . This impacts an unknown function of the file C:\Program Files (x86)\Epson Projector\EasyMP Network Projection V2\ of the component EMP_NSWLSV Service . Performing a manipulation results in unquoted ...

Read Full Article →

A vulnerability described as problematic has been identified in Weird-Solutions TFTP Turbo 4.6.1273 . This affects an unknown function of the component Service . Such manipulation leads to unquoted search path. This vulnerability is referenced as CVE-2020-37063 . The attack can only be performed ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability identified as problematic has been detected in Enigmasoftware SpyHunter 4 . Impacted is an unknown function of the component Service . The manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2020-37055 . Local access is required to approach...

Read Full Article →

A vulnerability categorized as problematic has been discovered in Iskysoft Application Framework Service 2.4.3.241 . This issue affects some unknown processing. Executing a manipulation can lead to unquoted search path. This vulnerability is handled as CVE-2020-37048 . It is possible to launch th...

Read Full Article →

A vulnerability was found in Veritas NetBackup 7.0 . It has been rated as problematic . This vulnerability affects unknown code of the file C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe of the component INET Daemon Service . Performing a manipulation results in unquoted search path. This vul...

Read Full Article →

A vulnerability was found in Avast SecureLine 5.5.522.0 . It has been declared as problematic . This affects an unknown part of the component Service . Such manipulation leads to unquoted search path. This vulnerability is traded as CVE-2020-37037 . An attack has to be approached locally. Further...

Read Full Article →

A vulnerability was found in Banco Guayaquil App 8.0.0 on iOS. It has been classified as problematic . Affected by this issue is some unknown functionality of the component POST Request Handler . This manipulation of the argument TextBox Name Profile causes cross site scripting. This vulnerabilit...

Read Full Article →

A vulnerability was found in smarterDroid WiFi File Transfer 1.0.8 and classified as problematic . Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2022-50951 . The attack can be launched remotely. ...

Read Full Article →

A vulnerability has been found in Webile 1.0.1 and classified as critical . Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is documented as CVE-2022-50950 . The attack can be initiated remotely. There is not any exploit available.

Read Full Article →

A vulnerability, which was classified as problematic , was found in jdwebdesigner Affiliate Pro 1.7 . This impacts an unknown function of the component Index Module . Executing a manipulation of the argument fullname/username/email can lead to cross site scripting. This vulnerability is registere...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in QWE Labs QWE DL 2.0.1 . This affects an unknown function. Performing a manipulation of the argument path results in cross site scripting. This vulnerability is cataloged as CVE-2023-54343 . It is possible to initiate the att...

Read Full Article →

A vulnerability classified as problematic was found in CriticalGears PayPal PRO Payment Terminal 3.1 . The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2021-47885 . The attack may be performed from remote. There is n...

Read Full Article →

A vulnerability classified as problematic has been found in Inciga Web 2.8.2 . The affected element is the function EventListener.handleEvent of the file icinga.min.js . This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2022-50942 . The attack is possible to be c...

Read Full Article →

A vulnerability described as problematic has been identified in WebMO Job Manager 20.0 . Impacted is an unknown function of the component Search Parameter Handler . The manipulation of the argument filterSearch/filterSearchType results in cross site scripting. This vulnerability is identified as ...

Read Full Article →

A vulnerability marked as problematic has been reported in Ultimate POS 4.4 . This issue affects some unknown processing. The manipulation of the argument product name leads to cross site scripting. This vulnerability is referenced as CVE-2021-47908 . Remote exploitation of the attack is possible...

Read Full Article →

A vulnerability labeled as problematic has been found in NetArt Media Easy Cart Shopping Cart 2021 . This vulnerability affects unknown code of the component Search Module . Executing a manipulation of the argument keyword can lead to cross site scripting. The identification of this vulnerability...

Read Full Article →

A vulnerability identified as problematic has been detected in Deepinstinct Deep Instinct Windows Agent 1.2.29.0 . This affects an unknown part of the file C:\Program Files\HP Sure Sense\DeepMgmtService.exe . Performing a manipulation results in unquoted search path. This vulnerability was named ...

Read Full Article →

A vulnerability categorized as critical has been discovered in Scott Ferreira Free Photo & Video Vault 0.0.2 . Affected by this issue is some unknown functionality of the component Environment Variable Handler . Such manipulation of the argument environment leads to path traversal. This vulnerabi...

Read Full Article →

A vulnerability was found in halfdata Stripe Green Downloads Plugin 2.03 on Wordpress. It has been rated as problematic . Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2022-50797 . The attack can be ...

Read Full Article →

A vulnerability was found in Techraft Digital Multivendor Marketplace Online Store 2.4 . It has been declared as critical . Affected is an unknown function. The manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2021-47909 . It is possible to launch the a...

Read Full Article →

A vulnerability was found in MrPlugins BootCommerce 3.2.1 . It has been classified as problematic . This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-50941 . It is possible to initiate the attack remotely. There is no exploi...

Read Full Article →

A vulnerability has been found in PHPSUGAR PHP Melody 3.0 and classified as problematic . The impacted element is an unknown function of the component WYSIWYG Editor . Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2021-47913 . The attack is possi...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as problematic , has been found in ajay138 Knap Advanced PHP Login 3.1.3 . Impacted is an unknown function. This manipulation of the argument Name causes cross site scripting. This vulnerability is registered as CVE-2022-50940 . Remote exploitation of the att...

Read Full Article →

A vulnerability marked as critical has been reported in PHPSUGAR PHP Melody 3.0 . Affected by this issue is some unknown functionality of the component Video Edit Module . Performing a manipulation of the argument vid results in sql injection. This vulnerability is identified as CVE-2021-47915 . ...

Read Full Article →

A vulnerability labeled as critical has been found in EFM ipTIME A8004T 14.18.2 . Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service . Such manipulation leads to unrestricted upload. This vulnerability is referenced a...

Read Full Article →

A vulnerability identified as critical has been detected in EFM ipTIME A8004T 14.18.2 . Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface . This manipulation of the argument cmd causes backdoor. The identification of this vulnerability...

Read Full Article →

A vulnerability categorized as critical has been discovered in EFM ipTIME A8004T 14.18.2 . This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface . The manipulation results in improper authentication. This vulnerability ...

Read Full Article →

A vulnerability was found in Free5GC pcf up to 1.4.1 . It has been rated as problematic . This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go . The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-202...

Read Full Article →

A vulnerability was found in Open5GS up to 2.7.6 . It has been declared as problematic . The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC . Executing a manipulation of the argument pdr can lead to reachable assertion. This vulnerability is...

Read Full Article →

A vulnerability was found in Open5GS up to 2.7.6 . It has been classified as problematic . The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler . Performing a manipulation results in reachable a...

Read Full Article →

A vulnerability was found in Open5GS up to 2.7.6 and classified as problematic . Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC . Such manipulation leads to reachable assertion. This vulnerability i...

Read Full Article →

A vulnerability has been found in Yealink MeetingBar A30 133.321.0.3 and classified as critical . This issue affects some unknown processing of the component Diagnostic Handler . This manipulation causes command injection. This vulnerability appears as CVE-2026-1735 . It is feasible to perform th...

Read Full Article →

A vulnerability, which was classified as problematic , was found in Zhong Bang CRMEB up to 5.6.3 . This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint . The manipulation results in missing authorization. This vuln...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in Zhong Bang CRMEB up to 5.6.3 . This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni . The manipulation of the argument order_id leads to improper authorization. This vulnerability is d...

Read Full Article →

A vulnerability classified as critical was found in SunFounder Pironman Dashboard up to 1.3.13 . Affected by this issue is some unknown functionality. Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is registered as CVE-2026-25069 . It is possible ...

Read Full Article →

Mark Emem reports: A US accounting firm has agreed to pay hundreds of thousands of dollars to settle a class action lawsuit filed over a data breach. According to the settlement administrator’s portal, RINA Accountants & Advisors will set up a $400,000 settlement fund to compensate victims of the...

Read Full Article →

Abraham Gutman reports: Comcast is one step closer to settling 24 class action lawsuits over a 2023 data breach that potentially impacted over 30 million former and current customers. A $117.5 million settlement agreement received preliminary approval from a federal judge in the Eastern District ...

Read Full Article →

While Zack Whittaker and I work to finish up a report on threats security researchers and journalists receive, there has been more and more news about threats to journalists and journalism. The arrests of Don Lemon and Geraldine Fort for reporting on a protest in a church could easily be construe...

Read Full Article →

A vulnerability classified as problematic has been found in ays-pro Popup Box Plugin up to 6.1.1 on WordPress. Affected by this vulnerability is the function publish_unpublish_popupbox . Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-1...

Read Full Article →

A **critical vulnerability**

Read Full Article → *(Covered by: VulnDB)*

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19-rc4 . This impacts the function vortex_probe1 . This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2026-23020 . The attack is only possible within the local network. No exploit exi...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability labeled as problematic has been found in hayyatapps Sell BTC Plugin up to 1.5 on WordPress. This affects the function orderform_data of the component Orders Page . The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14554 . The attack can...

Read Full Article →

A critical vulnerability

Read Full Article → *(Covered by: VulnDB)*

A vulnerability has been found in Linux Kernel up to 6.6.121/6.12.66/6.18.6/6.19-rc5 and classified as critical . Affected by this issue is some unknown functionality of the component dmaengine . The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-71190 . Access to the...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , was found in Linux Kernel up to 6.6.121/6.12.66/6.18.6/6.19-rc5 . Affected by this vulnerability is the function rockchip_usb2phy_probe of the component inno-usb2 . Executing a manipulation can lead to double free. This vulnerability appears as ...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.6/6.19-rc5 . It has been rated as critical . This affects the function iget_failed . This manipulation causes deadlock. The identification of this vulnerability is CVE-2026-23036 . The attack needs to be done within the local network. There is ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , has been found in Linux Kernel up to 6.18.5/6.19-rc4 . The impacted element is the function btrfs_read_locked_inode . This manipulation causes allocation of resources. This vulnerability appears as CVE-2026-23018 . The attacker needs to be prese...

Read Full Article →

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.65/6.18.5/6.19-rc4 . Impacted is the function btrfs_evict_inode . The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-71184 . The attack requires being on the local networ...

Read Full Article →

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19-rc1 . This vulnerability affects the function j1939_session_activate . Performing a manipulation results in state issue. This vulnerability is cataloged as CVE-2025-71182 . The attack must originate from the local net...

Read Full Article →

A vulnerability identified as critical has been detected in Linux Kernel up to 6.19-rc4 . Affected by this issue is some unknown functionality of the component IRQ Handler . This manipulation causes stack-based buffer overflow. This vulnerability is tracked as CVE-2025-71180 . The attack is only ...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.18.5/6.19-rc4 . It has been classified as critical . This affects the function nf_conntrack_cleanup_net_list of the component frags . Performing a manipulation results in state issue. This vulnerability was named CVE-2026-23016 . The attack needs ...

Read Full Article →

A vulnerability was found in Linux Kernel up to 6.1.160/6.6.120/6.12.65/6.18.5/6.19-rc4 and classified as critical . The impacted element is the function btrfs_log_new_name of the file fs/btrfs/inode.c . Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article → *(Covered by: Bitdefender Hot For Security, Graham Cluley)*

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses....

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users:

Read Full Article →

Key Takeaways: The Essentials of ROC vs. CTEM Modern enterprises face a constant flood of data from dozens of siloed security tools, creating a fragmented view of risk. Continuous threat exposure management (CTEM) offers a framework to bring exposures together from these tools, and a risk operati...

Read Full Article →

Six Predictions for the AI-Driven SOC – Subo Guha, Senior Vice President, Product Management, Stellar Cyber San Jose, Calif. – Jan. 30, 2026 Agentic AI as applied to the cybersecurity market is expected to grow from $738.2 million in 2024 to an estimated $1.73 billion The post Cybersecurity Predi...

Read Full Article →

Bitdefender security researchers have identified a new Android malware campaign that used the Hugging Face public-facing infrastructure to host its malicious files.

Read Full Article →

Jonathon Ambarian provides an update on a breach previously reported on DataBreaches.net: In October, MTN reported on a major data breach involving customers with Blue Cross Blue Shield of Montana. Now, as a state investigation into the breach continues, the next steps could be playing out in cou...

Read Full Article →

ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.

Read Full Article →

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns...

Read Full Article →

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harve...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 30, 2026 –Watch the YouTube video 2026 is here, and the cloud security landscape is shifting rapidly. AI is reshaping how attackers operate, supply chains remain under siege, and the definition of The post...

Read Full Article →

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. W...

Read Full Article →

Details are currently thin, but one thing is clear: paying more is unlikely to buy users meaningful privacy or less tracking.

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

Key Takeaways Compliance Breaks When Proof Lags Infrastructure Cloud compliance has changed. It is no longer an audit milestone. It is a continuous expectation. Boards demand visibility into regulatory exposure. Regulators expect evidence, not intent. Enterprise customers want assurance in real t...

Read Full Article →

Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks.

Read Full Article →

Here’s your reminder that if federal regulators like HHS OCR don’t investigate and penalize you after a data breach involving patient data, state attorneys general may, and class-action lawyers may also come after you in federal or state courts. In some cases, like this one, federal, state, and c...

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 29, 2026 –Watch the YouTube video The Mob Museum’s timely new exhibit “Digital Underworld” explores the rise of cybercrime as the newest frontier of organized crime, and it’s captured in a new The post The...

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request:

Read Full Article →

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. Th...

Read Full Article →

Google has quietly ended the built-in Dark Web Report feature that once alerted users when their personal information showed up in underground breach databases. Although the tool hasn’t yet vanished from every Google account, its core functionality stopped working on January 15, meaning it no lon...

Read Full Article →

Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.

Read Full Article →

What founders and CEOs are saying about this year’s conference Register – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 27, 2026 For 35 years, RSAC has been a driving force behind the world’s cybersecurity community. The power of community is a key focus for the The post RSAC 2026—Where ...

Read Full Article →

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, g...

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 27, 2026 –Read the full story in Government Technology Dan Lohrmann is calling all government CISOs (and yes, CTOs, CIOs, CFOs, COOs, and even a few corporate CEOs can listen in): In The post Talking Point...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 26, 2026 –Read the full story in Barracuda Clearly, it’s important to cast a wide net when estimating the costs of cybercrime, notes a Barracuda blog post by Tony Burgess, a twenty-year veteran The post Wi...

Read Full Article →

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary....

Read Full Article →

Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 23, 2026 –Read the full story in SkillUp Cybercrime was predicted to cost the world $10.5 trillion annually in 2025, and to reach $12.2 trillion by 2031, according to Cybersecurity Ventures, and there’s Th...

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Key Takeaways The Risk Introduced by Implicit Trust in Public Container Images Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. How...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 22, 2026 –Read the full story in SOC Radar In 2025, ransomware moved beyond isolated IT incidents and became a systemic risk, capable of disrupting national supply chains, critical services, and The post T...

Read Full Article →

Customer data allegedly stolen during a ransomware attack on sportswear giant Under Armour is now circulating on the dark web.

Read Full Article →

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPP). This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated, only a small s...

Read Full Article →

An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 21, 2026 –Read the full story in The CTO Club With new cyber vulnerabilities emerging daily, it’s not enough to rely solely on the tools at hand—keeping your team informed and The post Best Cybersecurity N...

Read Full Article →

Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice.

Read Full Article →

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses...

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory ac...

Read Full Article →

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public upda...

Read Full Article →

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result...

Read Full Article →

Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c . Under worst-case conditions, this results in a one-byte stack overflo...

Read Full Article →

Key Takeaways The Signals Are Loud, the Dashboards Are Full, Yet Decisive Action Remains Elusive By the end of 2025, many security leaders reached a quiet conclusion. The challenge was no longer a lack of tools, telemetry, or frameworks. Most enterprises already had all three. What remained unres...

Read Full Article →

Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. Description Safetica is a Data Loss Prevention (DLP) and Insider Risk Management (I...

Read Full Article →

Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If ...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 20, 2026 –Read the full story in World Economic Forum “Cybersecurity is the foundation for our digital world. It is at the heart of trust and will allow society to fully The post Mastercard CEO Michael Mie...

Read Full Article →

Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_...

Read Full Article →

Managed Detection and Response (MDR) delivers 24/7 threat detection, intelligence-led hunting, and rapid response—moving organizations beyond basic monitoring to active defense. MDR providers combine advanced analytics, AI, and human expertise to deliver scalable MDR services tailored to regional...

Read Full Article →

Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io . The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google Dr...

Read Full Article →

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. W...

Read Full Article →

Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today’s landscape.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed bef...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Key Takeaways The Current Picture Serverless adoption is accelerating as organizations prioritize speed, scalability, and operational efficiency. According to the Data Bridge Market Research’s Global Serverless Security Market Report, the serverless security market reached USD 12.08 billion in 20...

Read Full Article →

Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions...

Read Full Article →

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dati...

Read Full Article →

Silver Spring, Maryland, 15th January 2026, CyberNewsWire The post Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security appeared first on The Security Ledger with Paul F. Roberts .

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post descri...

Read Full Article →

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrain...

Read Full Article →

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message...

Read Full Article →

In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on tech...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for January 2026 This month’s release addresses 115 vulnerabili...

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

Stop ransomware before encryption begins. Learn how intelligence-driven detection tools can help identify precursor behaviors and reduce false positives for faster response.

Read Full Article →

December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React framework.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies . In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k uniq...

Read Full Article →

Overview The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands...

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Read Full Article →

As we move into 2026, 2025 stands out as a defining year for the Qualys Cloud Agent. In 2025, Cloud Agent delivered deeper visibility into running systems and applications, stronger security controls, expanded support across operating systems and architectures, and meaningful platform modernizati...

Read Full Article →

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

Read Full Article →

Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore ct...

Read Full Article →

In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses . The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.

Read Full Article →

Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends defenders must prepare for in 2026.

Read Full Article →