Weekly Scan: Cloud, Cybersecurity, AI News — Feb 02, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2025-62673 | TP-Link Archer AX53 v1.0 up to 1.3.1 tdpserver heap-based overflow (9 mentions)
• CVE-2025-58348 | Samsung Mobile Processor/Wearable Processor Exynos up to 2200 Wi-Fi Driver confg_tspec memory allocation (9 mentions)
• CVE-2025-14321 (5 mentions)

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Read Full Article →

A less busy month in appsec, AI, and regulation, but still interesting stories

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police.....

Read Full Article →

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article →

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC. The post What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing appeared first on CyberScoop .

Read Full Article →

How OpenAI built an in-house AI data agent that uses GPT-5, Codex, and memory to reason over massive datasets and deliver reliable insights in minutes.

Read Full Article →

On February 13, 2026, alongside the previously announced retirement⁠ of GPT‑5 (Instant, Thinking, and Pro), we will retire GPT‑4o, GPT‑4.1, GPT‑4.1 mini, and OpenAI o4-mini from ChatGPT. In the API, there are no changes at this time.

Read Full Article →

Taisei Corporation uses ChatGPT Enterprise to support HR-led talent development and scale generative AI across its global construction business.

Read Full Article →

Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.

Read Full Article →

Read Full Article →

Prism is a free LaTeX-native workspace with GPT-5.2 built in, helping researchers write, collaborate, and reason in one place.

Read Full Article →

How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency

Read Full Article →

A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work.

Read Full Article →

Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2.

Read Full Article →

ChatGPT Go is now available worldwide, offering expanded access to GPT-5.2 Instant, higher usage limits, and longer memory—making advanced AI more affordable globally.

Read Full Article →

How Netomi scales enterprise AI agents using GPT-4.1 and GPT-5.2—combining concurrency, governance, and multi-step reasoning for reliable production workflows.

Read Full Article →

Tolan built a voice-first AI companion with GPT-5.1, combining low-latency responses, real-time context reconstruction, and memory-driven personalities for natural conversations.

Read Full Article →

Learn how to move from vision to practice with the Prescriptive Path, a framework for operationalizing AI security at scale. By replacing fragmented tools with a unified platform, you can build trust and secure AI-native applications at machine speed.

Read Full Article →

Snyk introduces the AI Security Fabric and a prescriptive path to help organizations secure software at the speed of AI. Discover how to operationalize AI security and scale innovation without compromising on safety.

Read Full Article →

Amazon Bedrock now supports server-side tools in the Responses API using OpenAI API-compatible service endpoints. Bedrock already supports client-side tool use with the Converse, Chat Completions, and Responses APIs. Now, with the launch of server-side tool use for Responses API, Amazon Bedrock c...

Read Full Article →

You can now change the server-side encryption type of encrypted objects in Amazon S3 without any data movement. You can use the UpdateObjectEncryption API to atomically change the encryption key of your objects regardless of the object size or storage class. With S3 Batch Operations, you can use ...

Read Full Article →

AWS Network Firewall now provides visibility into generative AI (GenAI) application traffic and supports traffic filtering based on web categories. This new capability simplifies governance by enabling you to identify and control access to GenAI services, social media platforms, streaming sites, ...

Read Full Article →

Amazon Neptune Analytics is now available in US West (N. California), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Europe (Stockholm), Europe (Paris), and South America (São Paulo) regions. You can now create and manage Neptune Analytics graphs in these new regions and ru...

Read Full Article →

Today, Amazon announces the general availability of Amazon Elastic Compute Cloud (Amazon EC2) G7e instances, accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large lang...

Read Full Article →

On January 20, 2026 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 are now available for download . Amazon Corretto is a no-cost, multi-platform, production-ready dis...

Read Full Article →

Read Full Article → *(Covered by: Hong Kong PCPD)*

Read Full Article →

The post React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks appeared first on Daily CyberSecurity .

Read Full Article →

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers.

Read Full Article →

The post CVE-2026-24936: Critical ASUSTOR Flaw (CVSS 9.5) Allows Remote System Takeover appeared first on Daily CyberSecurity .

Read Full Article →

The post Poisoned Comments: Critical Orval Flaw (CVE-2026-25141) Injects Code appeared first on Daily CyberSecurity .

Read Full Article →

The post CVE-2026-25137: Critical Odoo on NixOS Flaw Exposes Databases appeared first on Daily CyberSecurity .

Read Full Article →

The post Game Over: Interlock Ransomware Weaponizes Anti-Cheat Zero-Day to Kill EDR appeared first on Daily CyberSecurity .

Read Full Article →

Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networks. The post Cantwell claims telecoms blocked release of Salt Typhoon report appeared first on CyberScoop .

Read Full Article →

What Makes Non-Human Identities Critical for Cloud Security? Have you considered how organizations can effectively secure their digital assets in cloud platforms? While we delve deeper into the digital space, the focus on securing data through robust Non-Human Identity (NHI) management has become...

Read Full Article →

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC. The post What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing appeared first on CyberScoop .

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article → *(Covered by: Shostack + Friends Blog)*

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

An unexpected book review.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

My newest post over at Dark Reading ponders regulation.

Read Full Article →

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Read Full Article →

What have we learned and what steps can we take?

Read Full Article →

A breakdown of CTFs and eSports

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

Let's talk CAKED, a threat model for managed attribution.

Read Full Article →

For my first blog post of 2020, I want to look at threat modeling machine learning systems.

Read Full Article →

Exploring supply chain threat modeling with Alexa

Read Full Article →

Understanding the way intrusions really happen is a long-standing interest of mine.

Read Full Article →

I want to call out some impressive aspects of a report by Proofpoint.

Read Full Article →

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Read Full Article →

I have something to disclose...

Read Full Article →

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment

Read Full Article →

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021

Read Full Article →

Threat modeling doesn't need to be a slow, heavyweight activity!

Read Full Article →

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.

Read Full Article →

Interesting appsec posts: machine learning, performance, and C4

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Text captured from GPT-3

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Pointer to Adam’s latest Darkreading article

Read Full Article →

More thoughts about AI and threat modeling

Read Full Article →

Like the Force, each threat has a light side, and a dark side.

Read Full Article →

The serious side of the book

Read Full Article →

Read Full Article →

Reflecting on the framing of the Threats book

Read Full Article →

Some diagrams to help clarify machine learning threats

Read Full Article →

Some inferences from layoffs in responsible AI teams

Read Full Article →

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Phishing behaviors, as observed in the wild.

Read Full Article →

Read Full Article →

Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Adam featured on ML Sec Ops podcast

Read Full Article →

We can learn a lot from comparing retrospectives

Read Full Article →

Principles are lovely, but do they lead us to actionable results?

Read Full Article →

Read Full Article →

2024 is bringing lots of AI, and Liability, too

Read Full Article →

BlackHat invites human factors work

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

Thoughts on the British Library incident

Read Full Article →

Exploring LLM-driven coding as I get ready for Archimedes

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

What do we need to assess if memory safe langages are 'sufficient'?

Read Full Article →

Read Full Article →

A less busy month in appsec, AI, and regulation, but still interesting stories

Read Full Article → *(Covered by: Shostack + Friends Blog)*

The most important stories around threat modeling, appsec and secure by design for May, 2024.

Read Full Article →

A new universal threat model - what can we learn from it?

Read Full Article →

How to effectively threat model authentication.

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Cyber Public Health is prompting fascinating conversations

Read Full Article →

A new paper on 'Pandemic Scale Cyber Events

Read Full Article →

Some thoughts on 25 years of the CVE program

Read Full Article →

A few thoughts from a clickbait headline

Read Full Article →

Emerging research on Cyber Public Health

Read Full Article →

Do diagrams leverage the brain in a different way?

Read Full Article →

Our comments on the National Cyber Incident Plan

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

Clarifying how to threat model AI

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

Big news for LLMs in threat modeling!

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

What’s next for the CVE program?

Read Full Article →

What Andor can teach us about Information disclosure threats

Read Full Article →

Andor teaches us about insider threats

Read Full Article →

Automation sounds great, but what about the essence and beauty?

Read Full Article →

We think you should publish your threat model, and we’re publishing our arguments.

Read Full Article →

What can we learn from Google’s approach to AI Agent Security

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Threat modeling finds threats; risk management helps us deal with the tricky ones.

Read Full Article →

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

Everyone wants robots to help with threat models. How’s that working out?

Read Full Article →

LLMs will change threat modeling. Will it be for the better?

Read Full Article →

LLM Insurance is, and will remain, a great source of insurer profits.

Read Full Article →

Understanding ‘prompt engineering’

Read Full Article →

Read up on Adam's New Thing from October

Read Full Article →

Prompted by participants, a few closing thoughts for 2025

Read Full Article →

GPS attacks trigger revisiting threat models

Read Full Article →

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. The post Ivanti’s EPMM is under active attack, thanks to two critical zero-days appeared first on CyberScoop .

Read Full Article →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLa...

Read Full Article → *(Covered by: Security Affairs)*

CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks.

Read Full Article →

Security researchers from cloud cybersecurity firm Wiz disclosed a critical vulnerability in Moltbook, a newly launched social network designed for AI agents, that allowed them to breach the platform’s backend and access private information in under three minutes. Moltbook is a newly launched soc...

Read Full Article →

Feb 03, 2026 - Jeremy Snyder - The rise of generative AI has changed how businesses operate. In almost every company, leaders are looking for ways to use AI to work faster and smarter. However, this shift has created a major challenge for security teams. Most of the AI activity inside an organiza...

Read Full Article →

After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren't quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram "Crime-as-a-Service" group that was part of a Chinese Guarantee Syndicate. For context, these posts ...

Read Full Article →

DataDome's AI-powered bot protection now integrates with Varnish CDN's European infrastructure—delivering real-time security and full data sovereignty. The post DataDome Integrates Bot Protection with Varnish Software’s New Sovereign CDN appeared first on Security Boulevard .

Read Full Article →

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critica...

Read Full Article →

40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin

Read Full Article →

Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro ...

Read Full Article → *(Covered by: Security Affairs)*

Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft...

Read Full Article →

Threat actors tore through an Amazon Web Services environment in under eight minutes, chaining together credential theft, privilege escalation, lateral movement, and GPU resource abuse with the help of large language models, an attack so fast that defenders had virtually no time to react. Accordi...

Read Full Article →

Panera Bread customer data leaked on the dark web, allowing researchers to determine how many people were hit.

Read Full Article →

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With ...

Read Full Article →

A new ransomware-as-a-service operation dubbed “Vect” features custom malware

Read Full Article →

OpenClaw (aka Moltbot and Clawdbot) is vulnerable to one-click remote code execution attacks. The post Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant appeared first on SecurityWeek .

Read Full Article →

Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gle...

Read Full Article →

Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026

Read Full Article →

Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data.

Read Full Article →

TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s ... The post Introducing Detectify Internal Scanning for internal scanning behind the firewal...

Read Full Article →

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that e...

Read Full Article → *(Covered by: Security Affairs)*

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF

Read Full Article →

The popular open-source text editor Notepad++ was targeted in a sophisticated supply chain attack that allowed Chinese state-sponsored hackers to deliver malware through compromised software updates, the project’s maintainer disclosed in a blog post . The attack, which ran from June through Decem...

Read Full Article →

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did...

Read Full Article → *(Covered by: Security Affairs)*

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the sho...

Read Full Article →

Discover how Mercari, Japan's largest marketplace app, transformed their mobile security program with Oversecured, uncovering critical vulnerabilities missed by previous tools and achieving reliable automated scanning at scale.

Read Full Article →

Early experimentation with agentic AI has given CISOs a preview of the possible cybersecurity nightmares ahead . But with autonomous agent adoption expected to soar throughout 2026, CISOs’ lack of visibility into agentic identities, activities, and decision-making is set to get far worse in quick...

Read Full Article →

Today’s applications are based on numerous components, each of which, along with the development environments themselves, represents an attack surface. Regardless of whether companies develop code in-house or rely on third-party vendors, CISOs, security experts, and developers should pay particul...

Read Full Article →

Ruhe bewahren und keine übereilten Sachen machen, empfiehlt Podcast-Gast Joanna Lang-Recht. intersoft consulting services AG Montagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. De...

Read Full Article →

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of ...

Read Full Article →

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to us...

Read Full Article →

The post The Final Countdown: OpenAI to Retire GPT-4o—But There’s a Catch for Enterprise Users appeared first on Daily CyberSecurity .

Read Full Article →

Even as they become ever more stealthy with AI-driven tools, threat actors are not giving up on simple, tried-and-true phishing — because it still works. According to new research, attackers are still making mischief with PDFs, the old business standby, and are exploiting growing trust in service...

Read Full Article →

Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies. The post As feds pull back, states look inward for election security support appeared first on CyberScoop .

Read Full Article →

Read Full Article →

A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.

Read Full Article →

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills we...

Read Full Article → *(Covered by: Security Affairs)*

The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers. The post China-based espionage group compromised Notepad++ for six months appeared first on CyberScoop .

Read Full Article →

Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the gr...

Read Full Article → *(Covered by: Security Affairs)*

A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.

Read Full Article →

Some customers see credit card information also exposed, with police already notified.

Read Full Article →

The infamous Qilin group strikes again, this time targeting a major US airport.

Read Full Article →

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 relea...

Read Full Article →

Following their attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Read Full Article →

NSA released new guidelines to help organizations achieve target-level Zero Trust maturity

Read Full Article →

Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.

Read Full Article →

A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure

Read Full Article →

Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped...

Read Full Article → *(Covered by: Security Affairs)*

TriZetto Provider Solutions breach was spotted in October 2025 after hackers lurked for almost a year.

Read Full Article →

The first time you’ll hear, “We’re always in incident mode,” it won’t be said with drama. It will be said the way you mention the weather. Grey again. Pager again. And that’s the problem. When a constant alarm becomes normal, your team stops asking the only question that matters. Why do we keep e...

Read Full Article →

Security researchers at Point Wild have disclosed a new Windows malware campaign that uses a multi-stage infection chain to establish persistent, memory-resident access on compromised systems and steal sensitive data. The analysis found the malware relying on standard Windows components for execu...

Read Full Article →

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident show...

Read Full Article →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espi...

Read Full Article → *(Covered by: Security Affairs)*

For 20 years, tech has moved fast and broken things. The result: a cybersecurity crisis built on rushed code and vulnerable software. It's time to replace speed-at-all-costs with a security-first approach. The post We moved fast and broke things. It’s time for a change. appeared first on CyberSco...

Read Full Article →

Bitdefender has discovered a new Android malware campaign that uses Hugging Face

Read Full Article →

Last month, while running a routine access audit on our Azure environment, I came across a service account called svc-dataloader-poc. It had not been touched in 793 days — two years of sitting dormant. When I checked its permissions, my stomach dropped: Owner-level access to three production subs...

Read Full Article →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker w...

Read Full Article → *(Covered by: Security Affairs)*

IT security was a critical element of retired US Col. Barry Hensley’s 24-year military career as an Army Signal Officer, as he was often responsible for the engineering and installation of “military networks, whether in garrison or in support of combat troops deployed.” “The pinnacle of my milita...

Read Full Article →

Responsible disclosure is built on an assumption that “doing the right thing” will be met with timely action, fair treatment, and professional respect, if not a bounty award. Increasingly, that assumption is failing. And when it does, organizations alienate researchers and create regulatory, lega...

Read Full Article →

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions pu...

Read Full Article →

Beyond ACLs: Mapping Windows Privilege Escalation Paths with

Read Full Article →

US authorities take control of over $400 million in crypto, cash, and property tied to Helix, a major darknet bitcoin mixing service used by drug markets.

Read Full Article →

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitt...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus cred...

Read Full Article →

IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the c...

Read Full Article →

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.

Read Full Article →

If there’s one thing guaranteed to grab attention in the computer security world, it’s announcing yourself without fully explaining what it is you plan to do. This week, the Linux world got a taste of this enigmatic marketing ploy with the launch out of stealth of Berlin-based Linux security outf...

Read Full Article →

Labyrinth Chollima is morphing into three separate entities, engaging in cyber-espionage, and crypto theft, against firms in the west.

Read Full Article →

When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule ...

Read Full Article →

The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure. The post Google’s disruption rips millions out of devices out of malicious network appeared fi...

Read Full Article →

From an Anthropic blog post : In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates ...

Read Full Article → *(Covered by: Bruce Schneier Blog)*

The consequences of neglecting software integrity are severe and more visible than ever.

Read Full Article →

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were conf...

Read Full Article →

Marquis wants SonicWall to pay for the damages, but firewall maker asks for proof that two incidents are linked.

Read Full Article →

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, ...

Read Full Article →

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

Read Full Article →

Beijing is aggressively exploiting global data for strategic purposes. AI-powered cybersecurity is essential to Washington’s counter-offensive to win the global market. The post Cybersecurity can be America’s secret weapon in the AI race appeared first on CyberScoop .

Read Full Article →

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to ...

Read Full Article →

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities...

Read Full Article →

Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.

Read Full Article →

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Read Full Article →

After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant. Related: Microsofts see a ‘protopian’ AI future Claude is four to five times slower generating responses. But something emerged that matters more than … (more…) The post MY TAKE...

Read Full Article →

The fintech giant said it plans to "seek recoupment of any expenses" from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations.

Read Full Article →

"Years of hard work" ruined, an operator cries, as the FBI places the usual banner on clearweb sites.

Read Full Article →

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 ...

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.

Read Full Article →

Outtake makes an agentic cybersecurity platform to help enterprises detect identity fraud. Its angel investors read like a who's who of tech industry names.

Read Full Article →

A high severity flaw in WinRAR allows crooks to execute malware remotely.

Read Full Article →

HaveIBeenPwned confirms extent of the SoundCloud incident, allowing users to see if they're affected.

Read Full Article →

Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026

Read Full Article →

Mustang Panda gave CoolClient new bells and whistles, including clipboard monitoring.

Read Full Article →

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9)...

Read Full Article →

ShinyHunters stole names, addresses, and more, from Panera Bread systems.

Read Full Article →

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on t...

Read Full Article →

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, P...

Read Full Article →

When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remain...

Read Full Article →

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Read Full Article →

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single...

Read Full Article →

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China’s Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wipe...

Read Full Article →

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.

Read Full Article →

Scattered LAPSUS$ Hunters are targeting major firms with sophisticated voice phishing attacks.

Read Full Article →

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contain

Read Full Article →

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.

Read Full Article →

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While t...

Read Full Article →

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. ...

Read Full Article →

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research L...

Read Full Article →

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicio...

Read Full Article →

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.

Read Full Article →

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Departmen...

Read Full Article →

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Read Full Article →

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers as part of an operation intended to cause a power outage and other disruption to services, says European security

Read Full Article →

MIAMI, Jan. 22, 2026, CyberNewswire — Halo Security , a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.… (more…) The post N...

Read Full Article →

Cybersecurity professionals in Latin America are least likely to have faith in their countries' preparedness for cyberattacks on critical infrastructure, the World Economic Forum says.

Read Full Article →

TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach.

Read Full Article →

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.

Read Full Article →

North Korea-linked threat group KONNI targets countries across APAC, specifically in blockchain sectors, with AI-generated malware

Read Full Article →

Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what large language models ( LLMs ) d...

Read Full Article →

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything; * A g...

Read Full Article →

### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python zipfile based t...

Read Full Article →

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.

Read Full Article →

AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk … (more…) The post SHARED INTEL ...

Read Full Article →

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital , a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital , an independent study commissioned by Airlock Digital and conducted … (more…) The post News alert...

Read Full Article →

ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security , today announces a major upgrade to One Identity Manager, a top-rated IGA solution , strengthening identity governance as a critical security control for … (more…) The post News alert: One Ide...

Read Full Article →

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

Read Full Article →

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of comp...

Read Full Article →

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good ... The post Why inaccessible cybersecurity is a security risk: our path to accessibility appeared first on Blog Detectify .

Read Full Article →

VoidLink's framework marks the first evidence of fully AI-designed and built advanced malware, beginning a new era of AI-generated malware

Read Full Article →

Read Full Article → *(Covered by: 0day Fans)*

An email from Claude landed in my inbox Friday morning with a subject line that stopped me cold: “Using Claude for your everyday life.” Related: AI’s fortune teller effect Not “Unlock the power of AI” or “Transform your productivity.” Just… … (more…) The post MY TAKE: From ‘holy mackeral’ to ‘dai...

Read Full Article →

Windows has supported computer telephony integration for decades, providing applications with the ability to manage phone devices, lines, and calls. While modern deployments increasingly rely on cloud-based telephony solutions, classic telephony services remain available out of the box in Windows...

Read Full Article →

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Read Full Article →

Developers are frequently granting Claude Code permission to download, execute, and delete code, creating fertile ground for prompt injection attacks.

Read Full Article →

I’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally . It’s special here, like a second home that just feels…

Read Full Article →

Consuming from Microsoft-Windows-Threat-Intelligence without Antimalware-PPL or kernel patching/driver loading.

Read Full Article →

NEW YORK, Jan. 15, 2026, CyberNewswire — BreachLock , a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced … (...

Read Full Article →

MCLEAN, Va., Jan.15, 2026, CyberNewswire — A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and … (more…) The post News alert: A...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Read Full Article →

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Read Full Article →

Key findings Introduction In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself Sicarii began advertising its services across multiple underground platforms. The group’s name references the Sicarii, a 1st-century Jewish assassins group that opposed Roman r...

Read Full Article →

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Read Full Article →

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

The new framework maintains long-term access to Linux systems while operating reliably in cloud and container environments

Read Full Article →

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and ...

Read Full Article →

Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a vulnerability in SmarterTools’ SmarterMail solution, accompanied by an advi...

Read Full Article →

In 2025, Trump brought tech executives into power to dismantle regulators and write their own rules. But the instabilities they’re creating may be their downfall.

Read Full Article →

Key takeaways Introduction GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the bot...

Read Full Article →

 I've been thinking and writing about AI for [exactly a decade now](/blog/the-real-internet-of-things), and last week someone claimed I said two things in 2023 that I don't think I said. (1. That we'd have AGI in 6 months, ...

Read Full Article →

Disclaimer: This article is intended for educational purposes and security specialists conducting authorized testing. The author assumes no responsibility for any misuse of the information provided. Distribution of malicious software, system disruption, and privacy violations are punishable by la...

Read Full Article →

### Summary A buffer overflow and stack information leak affecting the ARM Ampere Management Mode (MM) Boot Error Record Table (BERT) driver. This code is bundled into the ARM Unified Extensible F...

Read Full Article →

Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA)

Read Full Article → *(Covered by: UpGuard Blog)*

Expand your organization's vendor risk management toolbox by utilizing this free GDPR vendor questionnaire template.

Read Full Article →

Learn which features to look for when choosing a tool for tracking PCI DSS compliance. The right tool will help you avoid costly violations.

Read Full Article →

Learn which features to look for in an ideal cyber risk remediation product for healthcare services. The right choice will reduce data breach impact.

Read Full Article →

A free cybersecurity guide for any business in the healthcare industry. Includes data breach and ransomware attack defense strategies for 2026.

Read Full Article →

Learn how to comply with versions 4.0 and 4.0.1 of PCI DSS.

Read Full Article →

Learn how to implement an effective security strategy for minimizing the impact of ransomware attacks.

Read Full Article →

Monitoring these key metrics will help you track your PCI DSS compliance efforts.

Read Full Article →

This article covers how to prepare for a PCI DSS onsite audit and maintain compliance with PCI requirements.

Read Full Article →

Learn the most commonly used phishing attacks and how to identify them.

Read Full Article →

116 data breach statistics that cover risk, cost, prevention, industry trends, and more. Assess and analyze these stats and learn to prevent data breaches.

Read Full Article →

Read Full Article →

Read Full Article →

Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42 .

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Discover Microsoft’s holistic SDL for AI combining policy, research, and enablement to help leaders secure AI systems against evolving cyberthreats. The post Microsoft SDL: Evolving security practices for an AI-powered world appeared first on Microsoft Security Blog .

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has b...

Read Full Article →

Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.

Read Full Article →

Learn how to move from vision to practice with the Prescriptive Path, a framework for operationalizing AI security at scale. By replacing fragmented tools with a unified platform, you can build trust and secure AI-native applications at machine speed.

Read Full Article →

Snyk introduces the AI Security Fabric and a prescriptive path to help organizations secure software at the speed of AI. Discover how to operationalize AI security and scale innovation without compromising on safety.

Read Full Article →

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑stealing payloads. The post Infostealers without borders: macOS, Python stealers, and platform abuse appeared first on Microsoft Security Blog .

Read Full Article →

Why it would be useful to identify the specific hacking group behind a malware file found in your infrastructure.

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

Kaspersky Unified Monitoring and Analysis Platform, version 4.2: detecting compromised accounts using AI, updated correlator, and other innovations.

Read Full Article →

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42 .

Read Full Article →

Securing AI-powered applications requires more than just safeguarding prompts. Organizations must adopt a holistic approach that includes monitoring the AI supply chain, assessing frameworks, SDKs, and orchestration layers for vulnerabilities, and enforcing strong runtime controls for agents and ...

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to existing detection coverage, and flags poten...

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

The 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations today: How can we harness the power of generative while safeguarding sensitive data? The post New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data appe...

Read Full Article →

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.

Read Full Article →

AI toys have been found discussing knives, drugs, sex, and mature games with children. We dive into the latest research results and the risks to security and privacy.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization

Read Full Article →

Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog .

Read Full Article →

How to safely use Android devices in the face of 2026’s new security threats

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Read Full Article →

Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory

Read Full Article →

Key security controls to implement in your organization to protect against malicious AI agent behavior.

Read Full Article →

Read Full Article →

Categories: Sophos Insights Tags: Sophos AI, Gen AI, Year in Review

Read Full Article →

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. The post From runtime risk to real‑time defense: Securing AI agents appeared first on Microsoft Security Blog .

Read Full Article →

A new study shows that verse-based prompts can slash the effectiveness of AI safety constraints. We’re breaking down an experiment involving 25 language models and its key takeaways.

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Discover how Ford, Icertis, and TriNet modernized security with Microsoft—embedding Zero Trust, automating defenses, and enabling secure AI innovation at scale. The post Microsoft Security success stories: Why integrated security is the foundation of AI transformation appeared first on Microsoft ...

Read Full Article →

SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings.

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42 .

Read Full Article →

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint appeared first on Microsoft Security Blog .

Read Full Article →

With the WhisperPair attack, a stranger can pair their device with your headphones to keep tabs on your location.

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42 .

Read Full Article →

How can organizations find and fix systems vulnerable to Y2K38 — the Unix epoch time overflow problem, also known as Epochalypse?

Read Full Article →

Here’s how cybercriminals cash in on companies’ online doppelgängers, and what can be done about it.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Ordinary photos from your social media can be turned into tools for AI-driven sextortion and deepfakes. How can you protect your privacy and security?

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42 .

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42 .

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

Faster, bigger, smarter — the efforts of manufacturers and customers to capitalize on the current AI boom will continue to drive strong growth in the IT market in 2026. Market researchers at Gartner predict that global IT spending will reach $6.15 trillion this year — almost 11% more than in 2025...

Read Full Article →

Don't relax: This is a 'when, not if' scenario AI agents and other systems can't yet conduct cyberattacks fully on their own - but they can help criminals in many stages of the attack chain, according to the International AI Safety report.…

Read Full Article →

Two AI giants shake market confidence after investment fails to materialize.

Read Full Article →

Paris prosecutor: Illegal content probe includes pornographic images of minors.

Read Full Article →

GreyNoise's Glenn Thorpe counts the cost of missed opportunities On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.…

Read Full Article →

Towards the end of January, security researchers at Cybernews published a study on AI apps in the Google Play Store. The study revealed that numerous AI apps had inadequate security, leading them to inadvertently leak data from Google’s cloud servers. The result? A whopping total of 730 million T...

Read Full Article →

Engineering leaders face many situations where the data is incomplete, unclear or changing quickly. Architecture evolves. Customer needs shift. Incidents surface without clean patterns. Metrics point in different directions. Teams disagree on what the problem is. Yet leaders still must make decis...

Read Full Article →

Updated on February 3rd, 2026: New details have come to light regarding how attackers exploit this vulnerability. We’ve added a section explaining it down below. Microsoft recently published a security advisory warning of a newly discovered zero-day vulnerability in Office applications. The vulne...

Read Full Article →

The global economy has already moved past the great AI experiment of 2023–2024. Until 2022, AI was just a buzzword and was limited to individual adoption. But by 2025, AI tools will have become an integrated part of our daily lives in some form. We are using AI to polish our emails, suggestions o...

Read Full Article →

As we move forward in 2026, the IT landscape is undergoing its most transformative period in decades. The forces of digital transformation, persistent security threats and economic uncertainty are converging to redefine how organizations build, secure and manage technology. For IT leaders, the mi...

Read Full Article →

DDoSer of 'strategically important' websites admitted to most charges Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.…

Read Full Article →

책임 있는 공개(responsible disclosure)는 ‘옳은 일을 하면’ 신속한 대응과 공정한 대우, 존중을 받게 되며, 경우에 따라서는 보상까지 뒤따른다는 전제를 바탕으로 작동해 왔다. 그러나 이런 전제는 점차 현실과 어긋나고 있다. 이때 기업은 보안 연구자와의 신뢰 관계를 잃고, 규제·법적·평판상의 리스크를 동시에 떠안을 수 있다. 최근 몇 년간 보안 연구자는 책임 있게 공개한 취약점에 대해 기업의 공식적인 인정을 받기까지 수개월, 길게는 1년 이상을 기다려야 했다. 그 사이 해당 취약점이 조용히 고객을 위험에 노출...

Read Full Article →

Moltbot, the cutting-edge, open-source AI “sidekick” formerly known as Clawdbot, recently rebranded as OpenClaw and is now crazy popular. It came out of nowhere to become the first viral AI agent with 70,000 GitHub Stars in a month . Its creator, Peter Steinberger, claims it’s “the AI that actual...

Read Full Article →

The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructu...

Read Full Article →

"This marks not just the next chapter, but the next book in SpaceX and xAI's mission."

Read Full Article →

Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.…

Read Full Article →

Linux kernel maintainer honored at Brussels ceremony for decades of critical infrastructure work.

Read Full Article →

Across industries, CIOs are rolling out generative AI through SaaS platforms, embedded copilots, and third-party tools at a speed that traditional governance frameworks were never designed to handle. AI now influences customer interactions, hiring decisions, financial analysis, software developme...

Read Full Article →

For years, Amazon Go stores stood at the pinnacle of retail store technology, showcasing a massive number of high-resolution digital cameras in each store that could visually track every customer and how that shopper interacted with every product. The stores showcased Amazon’s technological super...

Read Full Article →

A Windows launch isn’t the end a process — it’s really just the beginning. Microsoft continually works on improving Windows 11 by fixing bugs, releasing security patches, and occasionally adding new features. In this story we summarize what you need to know about each update released to the publi...

Read Full Article →

It’s easy to fall down the rabbit hole that is the hype surrounding Anthropic’s code agent Claude Code , a hype that really took off during the Christmas holidays and — at least in tech circles — is reminiscent of ChatGPT’s arrival three years ago. Claude Code , already being called both “the new...

Read Full Article →

Many people’s daily browsing is now done on their mobile devices. So it’s more important than ever to have a great VPN that works well on your phone. While some services work best on Windows, others particularly shine when used on Android devices, and I’ve curated a list of my favorites to help y...

Read Full Article →

Over the next few years, agentic AI is expected to bring not only rapid technological breakthroughs, but a societal transformation, redefining how we live, work and interact with the world . And this shift is happening quickly. “By 2028, 33% of enterprise software applications will include agenti...

Read Full Article →

Google recently announced in a statement that it has disrupted the “world’s largest residential proxy network.” It was able to remain undetected for a long time, hijacking innocent users’ private devices (including smartphones, PCs, and smart home devices) and using them as gateways for distribut...

Read Full Article →

Findings from a new study by Epoch AI, a non-profit research institute, appear to poke major holes in the notion that AI firms, and specifically OpenAI, will eventually become profitable. The research paper written by Jaime Sevilla, Hannah Petrovic and Anson Ho, suggests that while running an AI ...

Read Full Article →

A VPN, or virtual private network, is one of the best tools you can use to boost your online privacy and security. But in the vast ocean of available services, it can be exhausting trying to find the best VPN for your needs. Thankfully, we here at PCWorld are VPN experts and we’re sharing decades...

Read Full Article →

Apple overnight updated the Apple Platform Security guide , its Bible for everyone involved in Apple security. The new edition confirms that M5 Macs now benefit from rock solid protection that should protect them against some of the most sophisticated attacks. The guide confirms that Memory Integ...

Read Full Article →

Security experts at the Computer Security and Industrial Cryptography research group (COSIC) are warning of a serious Bluetooth security vulnerability that could affect millions of headphones, speakers, and other wireless accessories worldwide. If you have any Bluetooth devices, you should check ...

Read Full Article →

Microsoft users are reporting a particularly difficult-to-detect scam: phishing emails sent from a genuine Microsoft email address that’s classified as “trustworthy” by the company itself. The emails appear to be official, but they’re demanding high-value payments and leading victims straight int...

Read Full Article →

Using the antivirus trial that came with your PC? Or perhaps you’ve just been sitting it out with Windows Security? You may be able to do better. Why only may do better? It all depends on your needs—factors like your household, level of tech savvy, and willingness to directly manage your protecti...

Read Full Article →

WinRAR, a tool for unpacking compressed files , is one of those pillars of everyday PC use that’s kind of faded into the background. I used to install it on every computer setup, like VLC and Irfanview. But according to a report from security researchers at Google, a long-known vulnerability in W...

Read Full Article →

Spam and scams generally go hand-in-hand. Accordingly, we all get flooded daily from various angles across multiple email and messaging services, but they’re not the only ways of getting hit. As annoying as they are, scammers are a smart bunch. Which is why my guard is now up after being contacte...

Read Full Article →

Earlier this month, Google started rolling out a new feature that lets users change their Gmail addresses —and it’s already being exploited by cybercriminals and malicious actors. The new feature allows one’s original Gmail address to remain as an alias, so that incoming emails continue to land i...

Read Full Article →

Over the course of the past year, security researchers at Specops Software examined six billion leaked passwords and subsequently published a comprehensive report on their findings. This report not only provides insight into the most commonly used passwords, but also into the current threat posed...

Read Full Article →

Password manager 1Password has launched a new feature in its browser extension that provides extra protection against phishing, reports Engadget . The new feature warns users when they manually paste login details on a website that isn’t linked to a saved login in 1Password. A pop-up message will...

Read Full Article →

Last week, Verizon had a massive outage. Millions of wireless customers couldn’t get a signal, instead stuck on emergency service. If you were affected, you definitely knew it—your phone was stuck on “SOS” mode, only capable of calling 911. Service was eventually restored by the evening, with Ver...

Read Full Article →

Read Full Article →

Currently trending CVE - Hype Score: 14 - The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a PO...

Read Full Article →

Currently trending CVE - Hype Score: 8 - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 8 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Read Full Article →

Currently trending CVE - Hype Score: 8 - A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.

Read Full Article →

Currently trending CVE - Hype Score: 4 - This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The i...

Read Full Article →

Currently trending CVE - Hype Score: 3 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The ...

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

Read Full Article →

A vulnerability labeled as critical has been found in devcode-it openstamanager up to 2.9.8 . Affected by this issue is some unknown functionality of the component Stampe Module . Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2025-69215 . The attack may be ...

Read Full Article →

A vulnerability identified as critical has been detected in WP FOFT Loader Plugin up to 2.1.39 on WordPress. Affected by this vulnerability is the function WP_FOFT_Loader_Mimes::file_and_ext . Performing a manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-175...

Read Full Article →

A vulnerability categorized as problematic has been discovered in GNOME libsoup . Affected is the function soup_filter_input_stream_read_line of the component Chunked Handler . Such manipulation leads to http request smuggling. This vulnerability is documented as CVE-2026-1801 . The attack can be...

Read Full Article →

A vulnerability was found in Creativeitem Academy LMS 7.0 . It has been rated as problematic . This impacts an unknown function of the file /academy/blogs . This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-71179 . Remote exploitation of the attack is pos...

Read Full Article →

A vulnerability was found in Craft CMS up to 4.10.0/5.5.1 . It has been declared as problematic . This affects an unknown function of the component Store Management Section . The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-25522 . The attack may be la...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in podinfo up to 6.9.0 . It has been classified as critical . The impacted element is an unknown function of the file /store of the component POST Handler . The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2025-70849 . The attack may be ...

Read Full Article →

A vulnerability was found in ERPNext up to 15.88.1 and classified as problematic . The affected element is an unknown function of the component CSV Import . Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-65923 . The attack can be launched remo...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability has been found in Craft CMS up to 4.10.0/5.5.1 and classified as problematic . Impacted is an unknown function. Performing a manipulation of the argument Description results in cross site scripting. This vulnerability is identified as CVE-2026-25489 . The attack can be initiated r...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , has been found in JeeWMS up to 1.0 . This vulnerability affects unknown code of the file /systemControl.do . This manipulation of the argument id1/id2 causes sql injection. The identification of this vulnerability is CVE-2025-70311 . It is possi...

Read Full Article →

A vulnerability described as problematic has been identified in Craft CMS up to 5.5.1 . Affected by this vulnerability is an unknown functionality of the component Store Management Section . Executing a manipulation of the argument Shipping Methods Name can lead to cross site scripting. This vuln...

Read Full Article →

A vulnerability identified as problematic has been detected in Craft CMS up to 4.10.0/5.5.1 . This affects an unknown function of the component Product Type Name Handler . This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-25484 . The attack may be initiated rem...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Quick Heal Total Security 23.0.0 . It has been rated as critical . The affected element is an unknown function. The manipulation leads to permission issues. This vulnerability is documented as CVE-2025-69875 . The attack needs to be performed locally. There is not any...

Read Full Article →

A vulnerability was found in HCL AION 2.0 . It has been classified as problematic . This issue affects some unknown processing. Performing a manipulation results in sensitive cookie with improper samesite attribute. This vulnerability is cataloged as CVE-2025-52628 . It is possible to initiate th...

Read Full Article →

A vulnerability was found in Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 and classified as problematic . This vulnerability affects unknown code of the file /script/.env of the component Configuration Data Handler . Such manipulation of the argument APP_KEY leads to direct request. T...

Read Full Article →

A vulnerability has been found in TP-Link Archer BE230 v1.2 up to 1.2.3 and classified as problematic . This affects an unknown part. This manipulation causes denial of service. This vulnerability is tracked as CVE-2026-22220 . The attack is only possible within the local network. No exploit exis...

Read Full Article →

A vulnerability, which was classified as problematic , was found in TP-Link AXE75 . Affected by this issue is some unknown functionality of the component L2TP/IPSec . The manipulation results in protection mechanism failure. This vulnerability is identified as CVE-2026-0620 . The attack can be ex...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in HCL AION 2.0 . Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-52631 . Remote exploitation of the attack is possible....

Read Full Article →

A vulnerability classified as problematic was found in TP-Link Archer BE230 v1.2 up to 1.2.3 . Affected is an unknown function of the component Configuration File Handler . Executing a manipulation can lead to resource consumption. The identification of this vulnerability is CVE-2026-22228 . The ...

Read Full Article →

A vulnerability classified as critical has been found in FUXA 1.2.7 . This impacts an unknown function of the file server/api/jwt-helper.js . Performing a manipulation results in hard-coded credentials. This vulnerability was named CVE-2025-69971 . The attack may be initiated remotely. There is n...

Read Full Article →

A vulnerability described as critical has been identified in TOTOLINK A950RG 4.1.2cu.5204_B20210112 . This affects the function setIpQosRules in the library /lib/cste_modules/Firewall.so . Such manipulation of the argument Comment leads to stack-based buffer overflow. This vulnerability is unique...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability marked as critical has been reported in ZSPACE Q2C NAS . The impacted element is an unknown function of the component Samba Protocol . This manipulation causes improper access controls. This vulnerability is handled as CVE-2025-69431 . It is feasible to perform the attack on the p...

Read Full Article →

A vulnerability identified as problematic has been detected in HCL AION 2.0 . Impacted is an unknown function. The manipulation leads to use of persistent cookies containing sensitive information. This vulnerability is traded as CVE-2025-52633 . It is possible to initiate the attack remotely. The...

Read Full Article →

A vulnerability categorized as problematic has been discovered in HCL AION 2.0 . This issue affects some unknown processing of the component Password Field Handler . Executing a manipulation can lead to insufficiently protected credentials. This vulnerability appears as CVE-2025-52623 . The attac...

Read Full Article →

A vulnerability was found in FUXA 1.2.7 . It has been rated as critical . This vulnerability affects unknown code of the file /api/upload of the component API Endpoint . Performing a manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-69981 . The attack is poss...

Read Full Article →

A vulnerability was found in NetBox up to 2.11.0 . It has been declared as problematic . This affects an unknown part of the component ProtectedError Handler . Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-69848 . The attack can be executed remotely...

Read Full Article →

A vulnerability was found in Yottamaster DM2, DM3 and DM200 . It has been classified as critical . Affected by this issue is some unknown functionality. This manipulation causes symlink following. This vulnerability is registered as CVE-2025-69430 . The attack requires access to the local network...

Read Full Article →

A vulnerability was found in FUXA 1.2.7 and classified as critical . Affected by this vulnerability is an unknown functionality of the file server/settings.default.js of the component API Endpoint . The manipulation results in improper authentication. This vulnerability is cataloged as CVE-2025-6...

Read Full Article →

A vulnerability has been found in CyberArk Endpoint Privilege Manager Agent up to 25.10.0 and classified as problematic . Affected is an unknown function of the component Administration Task Handler . The manipulation leads to Local Privilege Escalation. This vulnerability is listed as CVE-2025-6...

Read Full Article →

A vulnerability, which was classified as critical , was found in ORICO NAS CD3510 up to 1.9.12 . This impacts an unknown function. Executing a manipulation can lead to symlink following. This vulnerability is tracked as CVE-2025-69429 . The attack is only possible within the local network. No exp...

Read Full Article →

A vulnerability, which was classified as critical , has been found in TOTOLINK A950RG 4.1.2cu.5204_B20210112 . This affects the function setParentalRules . Performing a manipulation of the argument urlKeyword results in buffer overflow. This vulnerability is identified as CVE-2025-67189 . The att...

Read Full Article →

A vulnerability classified as critical has been found in FPDF up to 1.86 . The affected element is the function AddFont . This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2025-65875 . It is possible to initiate the attack remotely. There is no exploit ...

Read Full Article →

A vulnerability described as critical has been identified in FUXA 1.2.7 . Impacted is an unknown function of the component Project Handler . The manipulation results in improper access controls. This vulnerability was named CVE-2025-69983 . The attack may be performed from remote. There is no ava...

Read Full Article →

A vulnerability marked as critical has been reported in Boltz 2.0.0 . This issue affects some unknown processing of the component Pickle Handler . The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-70560 . The attack is possible to be carried out remo...

Read Full Article →

A vulnerability labeled as critical has been found in pdfminer.six 20251107 . This vulnerability affects unknown code of the component Pickle Handler . Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2025-70559 . The attack can be executed remotely. Ther...

Read Full Article →

A vulnerability identified as critical has been detected in chetans9 core-php-admin-panel . This affects an unknown part of the file includes/auth_validate.php . Performing a manipulation results in improper authentication. This vulnerability is known as CVE-2025-70758 . Remote exploitation of th...

Read Full Article →

A vulnerability categorized as critical has been discovered in avanquest Driver Updater 9.1.57803.1174 . Affected by this issue is some unknown functionality of the component Service . Such manipulation leads to permission issues. This vulnerability is traded as CVE-2025-60865 . An attack has to ...

Read Full Article →

A vulnerability was found in Blesta up to 5.13.2 . It has been rated as problematic . Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-25616 . The attack may be initiated remotely. There is no availab...

Read Full Article →

A vulnerability was found in MediaCrush up to 1.0.1 . It has been declared as critical . Affected is an unknown function of the file /upload . The manipulation results in improper authentication. This vulnerability is reported as CVE-2025-61506 . The attack can be launched remotely. No exploit ex...

Read Full Article →

A vulnerability was found in Blesta up to 5.13.2 . It has been classified as problematic . This impacts an unknown function. The manipulation leads to deserialization. This vulnerability is documented as CVE-2026-25615 . The attack can be initiated remotely. There is not any exploit available. Up...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability has been found in Tiny File Manager up to 2.6 and classified as critical . The impacted element is an unknown function. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2025-46651 . It is possible to initiate the attack remot...

Read Full Article →

A vulnerability, which was classified as problematic , was found in Tenda AC7 up to 03.03.03.01_cn . The affected element is an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2026-24434 . The attack may be performed from remote. There ...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in HCL AION 2.0 . Impacted is an unknown function of the component Content-Security-Policy Handler . This manipulation causes an unknown weakness. This vulnerability is tracked as CVE-2025-52629 . The attack is possible to be c...

Read Full Article →

A vulnerability classified as problematic was found in InternationalColorConsortium iccDEV 2.3.1.1 . This issue affects some unknown processing. The manipulation of the argument icImageEncodingType results in incorrect type conversion. This vulnerability is identified as CVE-2026-25503 . The atta...

Read Full Article →

A vulnerability classified as critical has been found in Insaat Fikir Odalari AdminPando 1.0.0 . This vulnerability affects unknown code. The manipulation of the argument username/password leads to sql injection. This vulnerability is referenced as CVE-2025-10878 . Remote exploitation of the atta...

Read Full Article →

A vulnerability described as problematic has been identified in Tenda AC7 up to 03.03.03.01_cn . This affects an unknown part. Executing a manipulation can lead to cleartext transmission of sensitive information. The identification of this vulnerability is CVE-2026-24441 . The attack may be launc...

Read Full Article →

A vulnerability marked as problematic has been reported in Tenda AC7 up to 03.03.03.01_cn . Affected by this issue is some unknown functionality of the component Web Management Interface . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-24426 . The...

Read Full Article →

A vulnerability labeled as critical has been found in TP-Link Archer AX53 v1.0 up to 1.3.1 . Affected by this vulnerability is an unknown functionality of the component tdpserver Module . Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability, which was classified as critical , was found in InternationalColorConsortium iccDEV up to 2.3.1.2 . This vulnerability affects the function icFixXml . The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-25502 . The attack may be la...

Read Full Article →

A vulnerability, which was classified as critical , has been found in NVIDIA Megatron-LM up to 0.13.x . This affects an unknown part. The manipulation leads to code injection. This vulnerability is listed as CVE-2026-24149 . The attack must be carried out locally. There is no available exploit. I...

Read Full Article →

A vulnerability classified as critical was found in pear pearweb up to 1.32.x . Affected by this issue is some unknown functionality. Executing a manipulation of the argument filename can lead to sql injection. This vulnerability is tracked as CVE-2026-25239 . The attack can be launched remotely....

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as critical has been found in pear pearweb up to 1.32.x . Affected by this vulnerability is the function user::maintains . Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2026-25240 . The attack can be initiated remotely. Ther...

Read Full Article →

A vulnerability labeled as critical has been found in Articentgroup Zip Rar Extractor Tool 1.345.93.0 . This affects an unknown function of the component ZIP File Parser . The manipulation results in path traversal. This vulnerability was named CVE-2025-63372 . The attack needs to be approached w...

Read Full Article →

A vulnerability identified as critical has been detected in HCL AION 2.0 . The impacted element is an unknown function. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-52626 . Local access is required to approach this attack. No exploit exists.

Read Full Article →

A vulnerability categorized as problematic has been discovered in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0 . The affected element is the function readOctetVector . Executing a manipulation of the argument vecsize can lead to out-of-bounds read. This vulnerability is handled as CVE-2025-64098 . ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0 . It has been rated as critical . Impacted is the function readData . Performing a manipulation of the argument length results in heap-based buffer overflow. This vulnerability is known as CVE-2025-62602 . Remote exploitation...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0 . It has been declared as critical . This issue affects some unknown processing. Such manipulation of the argument PID_IDENTITY_TOKEN/PID_PERMISSIONS_TOKEN leads to heap-based buffer overflow. This vulnerability is traded as ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Shandong Kede Electronics IoT Smart Water Meter Monitoring Platform 1.0 . It has been classified as critical . This vulnerability affects unknown code of the file imei_list.aspx . This manipulation causes sql injection. This vulnerability appears as CVE-2025-63624 . T...

Read Full Article →

A vulnerability was found in Samsung Modem Exynos up to 2025-08-29 and classified as problematic . This affects an unknown part. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-59439 . The attacker must have access to the local network to execute the atta...

Read Full Article →

A vulnerability has been found in YouDataSum CPAS Audit Management System up to 4.9 and classified as critical . Affected by this issue is some unknown functionality of the file /cpasList/findArchiveReportByDah . The manipulation leads to sql injection. This vulnerability is documented as CVE-202...

Read Full Article →

A vulnerability, which was classified as problematic , was found in HCL AION 2.0 . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to incorrect permission assignment. This vulnerability is registered as CVE-2025-52627 . The physical device can be targ...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0 . Affected is the function StatefulReader::processGapMsg . Performing a manipulation results in infinite loop. This vulnerability is cataloged as CVE-2025-64438 . It is possible to ...

Read Full Article →

A vulnerability classified as problematic has been found in Tenda AC7 up to 03.03.03.01_cn . This affects an unknown function of the component Web Management Interface . This manipulation causes insertion of sensitive information into sent data. This vulnerability is tracked as CVE-2026-24427 . T...

Read Full Article →

A vulnerability marked as problematic has been reported in TP-Link Archer AX53 v1.0 up to 1.3.1 . The affected element is an unknown function of the component tmpserver Module . The manipulation leads to key exchange without entity authentication. This vulnerability is referenced as CVE-2025-6250...

Read Full Article →

A vulnerability identified as problematic has been detected in Samsung Mobile Processor and Wearable Processor Exynos up to 2200 . This issue affects some unknown processing of the file /proc/driver/unifi0/confg_tspec of the component Wi-Fi Driver . Performing a manipulation results in uncontroll...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as critical has been found in pear pearweb up to 1.32.x . Impacted is an unknown function of the component Bug Subscription Deletion . The manipulation of the argument email leads to sql injection. This vulnerability is listed as CVE-2026-25238 . The attack may be initi...

Read Full Article →

A vulnerability marked as problematic has been reported in pear pearweb up to 1.32.x . This vulnerability affects unknown code. Performing a manipulation results in predictable seed in pseudo-random number generator (prng). This vulnerability is identified as CVE-2026-25235 . The attack can be in...

Read Full Article →

A vulnerability labeled as critical has been found in pear pearweb up to 1.32.x . This affects an unknown part of the component Category Manager . Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-25234 . It is possible to launch the attack remotely. No exploi...

Read Full Article →

A vulnerability identified as problematic has been detected in pear pearweb up to 1.32.x . Affected by this issue is some unknown functionality of the component Roadmap Handler . This manipulation causes operator precedence logic error. The identification of this vulnerability is CVE-2026-25233 ....

Read Full Article →

The January 2026 edition of LevelBlue SpiderLabs ransomware tracker noted a sharp fall in the number of attacks launched compared to December 2025. Qilin remained the top attacker, but there was a reshuffling of the remaining top five attackers for the month.

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has b...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 3, 2026 –Read the full story from BreachLock Everything you always wanted to know about penetration testing but were afraid to ask can be found in a widely popular blog post from BreachLock, a The post Wha...

Read Full Article →

As leaked datasets are merged and enriched, they become more useful to criminals. That makes recycled breach data a bigger risk for customers.

Read Full Article →

We followed a fake cloud storage payment alert through deceptive affiliate redirects, ending at a familiar destination: Freecash.

Read Full Article →

Introduction On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog. The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018. We nicknamed it “Mutagen Astro...

Read Full Article →

Browser Guard still blocks scams and phishing like it always has. But we had to rebuild the way it does that from the ground up.

Read Full Article →

Empower CISOs with actionable cybersecurity resources including maturity assessments, incident response playbooks, and vendor risk tools. Strengthen security programs using Security Colony , a self-service cybersecurity knowledge platform built by LevelBlue and SpiderLabs experts. Improve cyber r...

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

The 2026 Winter Olympics and Paralympics will draw tens of thousands of visitors to Milan, Cortina d’Ampezzo, and surrounding Alpine venues as it soon kicks off in Italy. With high demand for tickets, accommodation, and transport, major sporting events like this also create ideal conditions for s...

Read Full Article →

Kurt Knutsson recently reported on a ransomware attack in September that affected 377,082 individuals. Gulshan Management Services, Inc. is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas. Gulshan reported the inc...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 2, 2026 –Read the full story in Moneywise Cybercrime will cost the world more than $12 trillion annually by 2031, according to Cybersecurity Ventures, and most of that money will never The post U.S. Secret...

Read Full Article →

Malwarebytes' ChatGPT integration makes it the first cybersecurity provider that can deliver its expertise without ever leaving the chat

Read Full Article →

A list of topics we covered in the week of January 26 to February 1 of 2026

Read Full Article →

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate its real-world impact before releasing it to the public. The article reveals how the technology transformed inconsistent, analyst-dependent t...

Read Full Article →

Mark Emem reports: A US accounting firm has agreed to pay hundreds of thousands of dollars to settle a class action lawsuit filed over a data breach. According to the settlement administrator’s portal, RINA Accountants & Advisors will set up a $400,000 settlement fund to compensate victims of the...

Read Full Article →

Abraham Gutman reports: Comcast is one step closer to settling 24 class action lawsuits over a 2023 data breach that potentially impacted over 30 million former and current customers. A $117.5 million settlement agreement received preliminary approval from a federal judge in the Eastern District ...

Read Full Article →

While Zack Whittaker and I work to finish up a report on threats security researchers and journalists receive, there has been more and more news about threats to journalists and journalism. The arrests of Don Lemon and Geraldine Fort for reporting on a protest in a church could easily be construe...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article → *(Covered by: Bitdefender Hot For Security, Graham Cluley)*

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses....

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users:

Read Full Article →

Key Takeaways: The Essentials of ROC vs. CTEM Modern enterprises face a constant flood of data from dozens of siloed security tools, creating a fragmented view of risk. Continuous threat exposure management (CTEM) offers a framework to bring exposures together from these tools, and a risk operati...

Read Full Article →

Six Predictions for the AI-Driven SOC – Subo Guha, Senior Vice President, Product Management, Stellar Cyber San Jose, Calif. – Jan. 30, 2026 Agentic AI as applied to the cybersecurity market is expected to grow from $738.2 million in 2024 to an estimated $1.73 billion The post Cybersecurity Predi...

Read Full Article →

Bitdefender security researchers have identified a new Android malware campaign that used the Hugging Face public-facing infrastructure to host its malicious files.

Read Full Article →

Jonathon Ambarian provides an update on a breach previously reported on DataBreaches.net: In October, MTN reported on a major data breach involving customers with Blue Cross Blue Shield of Montana. Now, as a state investigation into the breach continues, the next steps could be playing out in cou...

Read Full Article →

ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.

Read Full Article →

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns...

Read Full Article →

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harve...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 30, 2026 –Watch the YouTube video 2026 is here, and the cloud security landscape is shifting rapidly. AI is reshaping how attackers operate, supply chains remain under siege, and the definition of The post...

Read Full Article →

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. W...

Read Full Article →

Details are currently thin, but one thing is clear: paying more is unlikely to buy users meaningful privacy or less tracking.

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

Key Takeaways Compliance Breaks When Proof Lags Infrastructure Cloud compliance has changed. It is no longer an audit milestone. It is a continuous expectation. Boards demand visibility into regulatory exposure. Regulators expect evidence, not intent. Enterprise customers want assurance in real t...

Read Full Article →

Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 29, 2026 –Watch the YouTube video The Mob Museum’s timely new exhibit “Digital Underworld” explores the rise of cybercrime as the newest frontier of organized crime, and it’s captured in a new The post The...

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request:

Read Full Article →

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. Th...

Read Full Article →

Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.

Read Full Article →

What founders and CEOs are saying about this year’s conference Register – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 27, 2026 For 35 years, RSAC has been a driving force behind the world’s cybersecurity community. The power of community is a key focus for the The post RSAC 2026—Where ...

Read Full Article →

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, g...

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 27, 2026 –Read the full story in Government Technology Dan Lohrmann is calling all government CISOs (and yes, CTOs, CIOs, CFOs, COOs, and even a few corporate CEOs can listen in): In The post Talking Point...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 26, 2026 –Read the full story in Barracuda Clearly, it’s important to cast a wide net when estimating the costs of cybercrime, notes a Barracuda blog post by Tony Burgess, a twenty-year veteran The post Wi...

Read Full Article →

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary....

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 23, 2026 –Read the full story in SkillUp Cybercrime was predicted to cost the world $10.5 trillion annually in 2025, and to reach $12.2 trillion by 2031, according to Cybersecurity Ventures, and there’s Th...

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Key Takeaways The Risk Introduced by Implicit Trust in Public Container Images Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. How...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisc...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 22, 2026 –Read the full story in SOC Radar In 2025, ransomware moved beyond isolated IT incidents and became a systemic risk, capable of disrupting national supply chains, critical services, and The post T...

Read Full Article →

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPP). This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated, only a small s...

Read Full Article →

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses...

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory ac...

Read Full Article →

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public upda...

Read Full Article →

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result...

Read Full Article →

Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c . Under worst-case conditions, this results in a one-byte stack overflo...

Read Full Article →

Key Takeaways The Signals Are Loud, the Dashboards Are Full, Yet Decisive Action Remains Elusive By the end of 2025, many security leaders reached a quiet conclusion. The challenge was no longer a lack of tools, telemetry, or frameworks. Most enterprises already had all three. What remained unres...

Read Full Article →

Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. Description Safetica is a Data Loss Prevention (DLP) and Insider Risk Management (I...

Read Full Article →

Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If ...

Read Full Article →

Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_...

Read Full Article →

Managed Detection and Response (MDR) delivers 24/7 threat detection, intelligence-led hunting, and rapid response—moving organizations beyond basic monitoring to active defense. MDR providers combine advanced analytics, AI, and human expertise to deliver scalable MDR services tailored to regional...

Read Full Article →

Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io . The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google Dr...

Read Full Article →

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. W...

Read Full Article →

Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today’s landscape.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed bef...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Key Takeaways The Current Picture Serverless adoption is accelerating as organizations prioritize speed, scalability, and operational efficiency. According to the Data Bridge Market Research’s Global Serverless Security Market Report, the serverless security market reached USD 12.08 billion in 20...

Read Full Article →

Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions...

Read Full Article →

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dati...

Read Full Article →

Silver Spring, Maryland, 15th January 2026, CyberNewsWire The post Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security appeared first on The Security Ledger with Paul F. Roberts .

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post descri...

Read Full Article →

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrain...

Read Full Article →

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message...

Read Full Article →

In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on tech...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for January 2026 This month’s release addresses 115 vulnerabili...

Read Full Article →

8 Critical 105 Important 0 Moderate 0 Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. ...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

Stop ransomware before encryption begins. Learn how intelligence-driven detection tools can help identify precursor behaviors and reduce false positives for faster response.

Read Full Article →

December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React framework.

Read Full Article →

This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helpi...

Read Full Article →

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies . In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k uniq...

Read Full Article →

Overview The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands...

Read Full Article →

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

Read Full Article →

Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia.

Read Full Article →

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

Read Full Article →

Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Read Full Article →

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

Read Full Article →

Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore ct...

Read Full Article →

In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses . The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.

Read Full Article →

Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends defenders must prepare for in 2026.

Read Full Article →