2026 January(366) February(0) March(0) April(0) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 2.2.26 | eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware | The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been | Virus | The Hacker News |
| 2.2.26 | Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm | Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors | Virus | The Hacker News |
| 1.2.26 | Eeny, meeny, miny, moe? How ransomware operators choose victims | Most ransomware attacks are opportunistic, not targeted at a specific sector or region | Ransom blog | SOPHOS |
| 1.2.26 | Generative AI and cybersecurity: What Sophos experts expect in 2026 | AI has dominated cybersecurity headlines for years, but as we enter 2026, the conversation is shifting from hype to hard realities. Across incident response, threat intelligence, and security operations, Sophos experts see clearer signals of where AI is truly making an impact. For IT teams already stretched thin, this isn’t theoretical — it’s reshaping daily decisions. | AI blog | SOPHOS |
| 1.2.26 | Beyond MFA: Building true resilience against identity-based attacks | As identity-driven attacks continue to rise, organizations must go beyond MFA to build resilience. Sophos experts and recent Gartner research agree: It’s time for an identity-first security strategy backed by continuous detection and response. For many organizations, keeping pace with identity threats feels overwhelming, especially as hybrid environments expand. But there’s a clear path forward. | Hacking blog | SOPHOS |
| 1.2.26 | Microsoft Office vulnerability (CVE-2026-21509) in active exploitation | On January 26, 2026, Microsoft released an out-of-band update to address a high-severity (CVSS score of 7.8) vulnerability affecting multiple Microsoft Office products. This vulnerability, tracked as CVE-2026-21509, is being actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. | Vulnerebility blog | SOPHOS |
| 1.2.26 | This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. | Cyber blog | GTI | |
| 1.2.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | Fortinet’s January patch for CVE-2025-59718 didn’t hold. On January 21, FortiGate admins began reporting that patched systems were still being exploited. Two days later, Fortinet confirmed the patch had failed to fully remediate the vulnerability. As reported by BleepingComputer, Fortinet is now recommending that admins restrict administrative access and disable FortiCloud SSO while they work on a follow-up fix. | Vulnerebility blog | Eclypsium |
| 1.2.26 | ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell | Cyble uncovers ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control. | Malware blog | Cyble |
| 1.2.26 | The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes | Oracle, OpenStack, SAP, Salesforce and ServiceNow are among the high-profile enterprise products with vulnerabilities in need of attention by security teams. | Vulnerebility blog | Cyble |
| 1.2.26 | Special Alert: SLSH Malicious "Supergroup" Targeting 100+ Organizations via Live Phishing Panels | A massive identity-theft campaign is currently active, targeting Okta Single Sign-On (SSO) and other SSO platform accounts across 100+ high-value enterprises. | Phishing blog | Silent Push |
| 1.2.26 | PureRAT: Attacker Now Using AI to Build Toolset | Vietnam-based cybercrime actor appears to now be using AI to write scripts used in phishing campaigns | Malware blog | SECURITY.COM |
| 1.2.26 | Chrome Extensions: Are you getting more than you bargained for? | Browser extensions can be really useful, but hidden dangers may lurk beyond their marketing. | Hacking blog | SECURITY.COM |
| 1.2.26 | PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups | PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. | Exploit blog | Trend Micro |
| 1.2.26 | Embracing Choice in Cybersecurity: TrendAI Vision One™ and SentinelOne Integration | Discover how the TrendAI Vision One and SentinelOne integration exemplifies our commitment to endpoint flexibility. | Cyber blog | Trend Micro |
| 1.2.26 | Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days | Discover how TrendAI Zero Day Initiative (ZDI) identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems. | Cyber blog | Trend Micro |
| 1.2.26 | "Ni8mare" - RCE Vulnerability in N8n AI Workflow Automation (CVE-2026-21858) | The SonicWall Capture Labs threat research team became aware of a Critical unauthenticated file read vulnerability in n8n – a flexible AI workflow automation platform, assessed their impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | njRAT: A Persistent Commodity Threat in the Modern Landscape | The SonicWall Capture Labs threat research team continues to monitor the activity of the infamous njRAT (also known as Bladabindi), a prolific Remote Access Trojan (RAT) that remains a staple in the toolkit of various threat actors. | Malware blog | SonicWall |
| 1.2.26 | Multiple vulnerabilities in SolarWinds Web Help Desk Leading to RCE: CVE-2025-40551 | The SonicWall Capture Labs threat research team became aware of a critical vulnerability chain in SolarWinds Web Help Desk (WHD), assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | Understanding the Russian Cyber Threat to the 2026 Winter Olympics | The 2026 Winter Games in Milano Cortina extend beyond sport. Tensions between the Russian Federation and the International Olympic Committee (IOC), stemming from disputes over compliance and governance, lie within a broader geopolitical context. | Cyber blog | Palo Alto |
| 1.2.26 | Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense | At certain moments in a career, you get the rare opportunity to look back and say, this work mattered. Not because of an individual accomplishment, but because it contributed to something larger — something that changed how an industry thinks and operates. The Cyber Threat Alliance (CTA) is one of those efforts. | Cyber blog | Palo Alto |
| 1.2.26 | The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time | Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page. | AI blog | Palo Alto |
| 1.2.26 | Privileged File System Vulnerability Present in a SCADA System | This report details a vulnerability we found in the Iconics Suite, tracked as CVE-2025-0921 with a Medium CVSS score of 6.5. Iconics Suite is the name of a supervisory control and data acquisition (SCADA) system. This system is used for controlling and monitoring industrial processes in different industries including automotive, energy and manufacturing. | ICS blog | Palo Alto |
| 1.2.26 | Cyber Security Report 2026 | Check Point Research continuously investigates real-world attacks, vulnerabilities, attackers’ infrastructure, and emerging techniques across global networks and environments. The Cyber Security Report 2026 consolidates our research efforts throughout 2025 to deliver a clear, data-driven view of the current threat landscape and its trajectory in 2026. | Cyber blog | |
| 1.2.26 | KONNI Adopts AI to Generate PowerShell Backdoors | Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. | Malware blog | |
| 1.2.26 | IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations | A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. | Cyber blog | CISCO TALOS |
| 1.2.26 | I'm locked in! | Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats. | Cyber blog | CISCO TALOS |
| 1.2.26 | Dissecting UAT-8099: New persistence mechanisms and regional focus | Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. | APT blog | CISCO TALOS |
| 1.2.26 | Foxit, Epic Games Store, MedDreams vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, al | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | Microsoft releases update to address zero-day vulnerability in Microsoft Office | Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | I scan, you scan, we all scan for... knowledge? | In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue. | Cyber blog | CISCO TALOS |
| 1.2.26 | Predicting 2026 | In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities. | Cyber blog | CISCO TALOS |
| 1.2.26 | This month in security with Tony Anscombe – January 2026 edition | The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year | Cyber blog | Eset |
| 1.2.26 | DynoWiper update: Technical analysis and attribution | ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector | Malware blog | Eset |
| 1.2.26 | Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan | ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation | Malware blog | Eset |
| 1.2.26 | Drowning in spam or scam emails? Here’s probably why | Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide. | Spam blog | Eset |
| 1.2.26 | ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 | Malware blog | Eset | |
| 1.2.26 | Children and chatbots: What parents should know | As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development | AI blog | Eset |
| 1.2.26 | Identity & Beyond: 2026 Incident Response Predictions | DFIR expert Jamie Mamroe shares 2026 Incident Response Predictions around Identity and Cloud attacks | Incident blog | Cybereason |
| 1.2.26 | Bypassing Windows Administrator Protection | A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. | Vulnerebility blog | Project Zero |
| 1.2.26 | From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative | Healthcare is in the midst of a digital revolution, but without cybersecurity at the center of this transformation, innovation becomes a liability. | Cyber blog | Trelix |
| 31.1.26 | Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists | A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and | APT | The Hacker News |
| 31.1.26 | Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms | Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks | Attack | The Hacker News |
| 31.1.26 | CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms | CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, | BigBrothers | The Hacker News |
| 31.1.26 | Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access | Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and | AI | The Hacker News |
| 31.1.26 | China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware | Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late | APT | The Hacker News |
| 30.1.26 | Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup | A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the | BigBrothers | The Hacker News |
| 30.1.26 | SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score | SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code | Vulnerebility | The Hacker News |
| 30.1.26 | Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released | Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day | Exploit | The Hacker News |
| 30.1.26 | Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries | A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has | AI | The Hacker News |
| 30.1.26 | Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps | A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and | ICS | The Hacker News |
| 30.1.26 | SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass | SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical | Vulnerebility | The Hacker News |
| 30.1.26 | Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks | Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy | Cyber | The Hacker News |
| 29.1.26 | Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware | Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the | AI | The Hacker News |
| 29.1.26 | UM Tied to December 2025 Cyber Attack on Polish Power Grid | The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state- | BigBrothers | The Hacker News |
| 28.1.26 | Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. | Vulnerebility | GTI |
| 28.1.26 | Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution | A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. | Vulnerebility | The Hacker News |
| 28.1.26 | Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution | Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog | Vulnerebility | The Hacker News |
| 28.1.26 | Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks | Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to | Virus | The Hacker News |
| 28.1.26 | Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 | Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched | Exploit | The Hacker News |
| 28.1.26 | Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan | Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but | Virus | The Hacker News |
| 28.1.26 | APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1 | In September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. | APT | ZSCALER |
| 28.1.26 | Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected | Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The | Vulnerebility | The Hacker News |
| 28.1.26 | WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware | Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they | Social | The Hacker News |
| 28.1.26 | Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities | Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented | APT | The Hacker News |
| 28.1.26 | ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services | Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix -style fake CAPTCHAs with a signed Microsoft Application | Hack | The Hacker News |
| 28.1.26 | When Zoom Phishes You: Unmasking a Novel TOAD Attack Hidden in Legitimate Infrastructure | Prophet AI uncovers a Telephone-Oriented Attack Delivery (TOAD) campaign weaponizing Zoom's own authentication infrastructure. | Attack | The Hacker News |
| 28.1.26 | Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas | A critical security flaw has been disclosed in Grist‑Core , an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result | Vulnerebility | The Hacker News |
| 27.1.26 | China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023 | Cybersecurity researchers have discovered a JScript -based command-and-control (C2) framework called PeckBirdy that has been put to use by China- | Hack | The Hacker News |
| 27.1.26 | Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation | Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, | Exploit | The Hacker News |
| 27.1.26 | Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware | Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected | Phishing | The Hacker News |
| 27.1.26 | Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code | Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence | AI | The Hacker News |
| 26.1.26 | Winning Against AI-Based Attacks Requires a Combined Defensive Approach | If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and | AI | The Hacker News |
| 26.1.26 | Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers | The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target | AI | The Hacker News |
| 25.1.26 | Microsoft releases emergency OOB update to fix Outlook freezes | Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage. | OS | |
| 25.1.26 | Sandworm hackers linked to failed wiper attack on Poland’s energy systems | A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. | APT | |
| 25.1.26 | Konni hackers target blockchain engineers with AI-built malware | The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. | APT | |
| 25.1.26 | ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft | The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. | Hack | |
| 25.1.26 | Malicious AI extensions on VSCode Marketplace steal developer data | Two malicious extensions in Microsoft's Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. | AI | |
| 25.1.26 | CISA confirms active exploitation of four enterprise software bugs | The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. | Exploit | |
| 25.1.26 | US to deport Venezuelans who emptied bank ATMs using malware | South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. | Virus | |
| 25.1.26 | Hackers exploit critical telnetd auth bypass flaw to get root | A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. | Exploit | |
| 25.1.26 | What an AI-Written Honeypot Taught Us About Trusting Machines | AI-generated code can introduce subtle security flaws when teams over-trust automated output. Intruder shows how an AI-written honeypot introduced hidden vulnerabilities that were exploited in attacks. | AI | |
| 25.1.26 | Microsoft: Outlook for iOS crashes, freezes due to coding error | Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. | OS | |
| 25.1.26 | Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026 | Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. | Congress | |
| 25.1.26 | Fortinet confirms critical FortiCloud auth bypass not fully patched | Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December. | Vulnerebility | |
| 25.1.26 | Okta SSO accounts targeted in vishing-based data theft attacks | Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. | Incindent | |
| 25.1.26 | Curl ending bug bounty program after flood of AI slop reports | The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. | AI | |
| 25.1.26 | SmarterMail auth bypass flaw now exploited to hijack admin accounts | Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. | Exploit | |
| 25.1.26 | Microsoft Teams to add brand impersonation warnings to calls | Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. | Social | |
| 25.1.26 | INC ransomware opsec fail allowed data recovery for 12 US orgs | An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. | Ransom | |
| 25.1.26 | Why Active Directory password resets are surging in hybrid work | Hybrid work has driven a surge in Active Directory password resets, turning minor lockouts into major productivity drains. Specops shows why remote access, cached credentials, and security policies are fueling the spike. | Security | |
| 25.1.26 | Microsoft updates Notepad and Paint with more AI features | Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. | AI | |
| 25.1.26 | Hackers exploit 29 zero-days on second day of Pwn2Own Automotive | Hackers collect $439,250 after exploiting 29 zero-day vulnerabilities on the second day of Pwn2Own Automotive 2026. | Congress | |
| 25.1.26 | Hackers breach Fortinet FortiGate devices, steal firewall configs | Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. | Incindent | |
| 25.1.26 | Zendesk ticket systems hijacked in massive global spam wave | People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. | Spam | |
| 25.1.26 | Chainlit AI framework bugs let hackers breach cloud environments | Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leak sensitive information. | AI | |
| 25.1.26 | Cisco fixes Unified Communications RCE zero day exploited in attacks | Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. | Vulnerebility | |
| 25.1.26 | New Android malware uses AI to click on hidden browser ads | A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. | Virus | |
| 25.1.26 | Online retailer PcComponentes says data breach claims are fake | PcComponentes, a major technology retailer in Spain, has denied claims of a data breach on its systems impacting 16 million customers, but confirmed it suffered a credential stuffing attack. | Incindent | |
| 25.1.26 | Fortinet admins report patched FortiGate firewalls getting hacked | Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. | Vulnerebility | |
| 25.1.26 | Fake Lastpass emails pose as password vault backup alerts | LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. | Spam | |
| 25.1.26 | Microsoft shares workaround for Outlook freezes after Windows update | Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month's Windows security updates. | OS | |
| 25.1.26 | Hackers exploit security testing apps to breach Fortune 500 firms | Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. | Exploit | |
| 25.1.26 | GitLab warns of high-severity 2FA bypass, denial-of-service flaws | GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. | Vulnerebility | |
| 25.1.26 | Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 | Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. | Congress | |
| 25.1.26 | ACF plugin bug gives hackers admin on 50,000 WordPress sites | A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. | Vulnerebility | |
| 25.1.26 | VoidLink cloud malware shows clear signs of being AI-generated | The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. | Virus | |
| 25.1.26 | EU plans cybersecurity overhaul to block foreign high-risk suppliers | The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and cybercrime groups targeting critical infrastructure. | BigBrothers | |
| 25.1.26 | Gemini AI assistant tricked into leaking Google Calendar data | Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. | AI | |
| 25.1.26 | Microsoft PowerToys adds new CursorWrap mouse 'teleport' tool | Microsoft has released PowerToys 0.97, with a new mouse utility for multi-monitor setups and significant improvements to the Command Palette quick launcher. | OS | |
| 25.1.26 | Make Identity Threat Detection your security strategy for 2026 | Identity-based attacks are one of the primary paths attackers use to breach corporate networks. Tenfold shows how Identity Threat Detection helps spot suspicious account activity before real damage occurs. | Security | |
| 25.1.26 | Fake ad blocker extension crashes the browser for ClickFix attacks | A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. | Hack | |
| 25.1.26 | New PDFSider Windows malware deployed on Fortune 100 firm's network | Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. | Virus | |
| 25.1.26 | UK govt. warns about ongoing Russian hacktivist group attacks | The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. | APT | |
| 25.1.26 | Hacker admits to leaking stolen Supreme Court data on Instagram | A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court's electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. | Incindent | |
| 25.1.26 | Jordanian pleads guilty to selling access to 50 corporate networks | A Jordanian man has pleaded guilty to operating as an "access broker" who sold access to the computer networks of at least 50 companies. | Incindent | |
| 25.1.26 | Ingram Micro says ransomware attack affected 42,000 people | Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals. | Ransom | |
| 25.1.26 | Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs | Microsoft has released multiple emergency, out-of-band updates for Windows 10, Windows 11, and Windows Server to fix two issues caused by the January Patch Tuesday updates. | OS | |
| 25.1.26 | CIRO confirms data breach exposed info on 750,000 Canadian investors | The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. | Incindent | |
| 25.1.26 | Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware | A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The | Virus | The Hacker News |
| 24.1.26 | New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector | The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting | Virus | The Hacker News |
| 24.1.26 | CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that | Exploit | The Hacker News |
| 24.1.26 | CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 24.1.26 | Osiris: New Ransomware, Experienced Attackers? | Poortry driver and modified Rustdesk tool used in recent attack campaign, which bears similarities to previous Inc ransomware attacks. | Ransom blog | SECURITY.COM |
| 24.1.26 | Ransomware: Tactical Evolution Fuels Extortion Epidemic | New whitepaper reveals record number of attacks as threat landscape evolves with new players and new tactics. | Ransom blog | SECURITY.COM |
| 24.1.26 | TamperedChef serves bad ads, with infostealers as the main course | Sophos X-Ops explores a malvertising campaign that leverages Google Ads to distribute an infostealer | Malware blog | SOPHOS |
| 24.1.26 | Inside a Multi-Stage Windows Malware Campaign | FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware. | Malware blog | FORTINET |
| 24.1.26 | The Invisible Insider: Why AML and KYC Compliance Fail Against Digital Deception | North Korean operatives and professional money launderers have been drawing six-figure salaries from Fortune Global 500 companies by exploiting a fundamental flaw in identity verification. | APT blog | Silent Push |
| 24.1.26 | Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat ... | Malware blog | ||
| 24.1.26 | Check Point Research has identified VoidLink, one of the first known examples of advanced malware ... | Malware blog | ||
| 24.1.26 | Critical Infrastructure Attacks Became Routine for Hacktivists in 2025 | 2025 may be remembered as the year that hacktivist attacks became significantly more dangerous. | ICS blog | Cyble |
| 24.1.26 | Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2 | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... | Cyber blog | Seqrite |
| 24.1.26 | Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina’s Judicial Sector to Deploy a Covert RAT | Table of Contents: Introduction: Infection Chain: Targeted sectors: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage-1: Analysis of Windows Shortcut file (.LNK). Stage-2: Analysis of Batch file. Stage-3: Details analysis of Covert RAT. Conclusion: Seqrite Coverage: IOCs... | Cyber blog | Seqrite |
| 24.1.26 | Operation Nomad Leopard: Targeted Spear-Phishing Campaign Against Government Entities in Afghanistan | Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious ISO File Stage 2 – Malicious LNK File Stage 3 – Final Payload: FALSECUB Infrastructure & Attribution... | Cyber blog | Seqrite |
| 24.1.26 | FINANCE Q1 I 2026 : INDUSTRY REPORT | EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. | ICS blog | Cyfirma |
| 24.1.26 | Weaponized WinRAR Exploitation and Stealth Deployment of Fileless .NET RAT | EXECUTIVE SUMMARY At CYFIRMA, we continuously monitor emerging threat techniques that abuse trusted software and routine user behavior to achieve stealthy system compromise. | Malware blog | Cyfirma |
| 24.1.26 |
We X-Rayed A Suspicious FTDI USB Cable |
We recently got an industrial X-Ray machine in the Eclypsium office to use to make the next Doctor Manhattan do serious cybersecurity research. In between X-raying yet-to-be released industrial IT technologies on behalf of giant companies whose names we cannot reveal, we have done some other fun experiments. | Hacking blog | Eclypsium |
| 24.1.26 | From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers | This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers. | Cyber blog | Trend Micro |
| 24.1.26 | Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware | TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. | AI blog | Trend Micro |
| 24.1.26 | Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI | TrendAI™’s ÆSIR platform combines AI automation with expert oversight to discover zero-day vulnerabilities in AI infrastructure – 21 CVEs across NVIDIA, Tencent, and MLflow since mid-2025. | AI blog | Trend Micro |
| 24.1.26 | DNS OverDoS: Are Private Endpoints Too Private? | We discovered an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. In this article, we explore how both intentional and inadvertent acts could result in limited access to Azure resources through the Azure Private Link mechanism. We uncovered this issue while investigating irregular behavior in Azure test environments. | Attack blog | Palo Alto |
| 24.1.26 | The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time | Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page. | Phishing blog | Palo Alto |
| 24.1.26 | VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun | Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this era, as a truly advanced malware framework authored almost entirely by artificial intelligence, likely under the direction of a single individual. | Malware blog | |
| 24.1.26 | KONNI Adopts AI to Generate PowerShell Backdoors | Check Point Research (CPR) is tracking a phishing campaign linked to a North Korea–aligned threat actor known as KONNI. | AI blog | |
| 24.1.26 | I scan, you scan, we all scan for... knowledge? | In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue. | Cyber blog | CISCO TALOS |
| 24.1.26 | Foxit, Epic Games Store, MedDreams vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, al | Vulnerebility blog | CISCO TALOS |
| 24.1.26 | Common Apple Pay scams, and how to stay safe | Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead | Spam blog | Eset |
| 24.1.26 | Old habits die hard: 2025’s most common passwords were as predictable as ever | Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well | Cyber blog | Eset |
| 24.1.26 | From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks | Analysis of a decade of major state-sponsored cyber leaks (Shadow Brokers, Vault 7, i-Soon, KittenBusters): patterns, impact, and the centrality of human vulnerability. | APT blog | Trelix |
| 23.1.26 | Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls | Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have | Vulnerebility | The Hacker News |
| 23.1.26 | TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order | TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the | Social | The Hacker News |
| 23.1.26 | Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access | Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote | Phishing | The Hacker News |
| 23.1.26 | Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms | Microsoft has warned of a multi‑stage adversary‑in‑the‑middle ( AitM ) phishing and business email compromise (BEC) campaign targeting multiple | Phishing | The Hacker News |
| 23.1.26 | New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack | Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in | Ransom | The Hacker News |
| 23.1.26 | Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access | A critical security flaw has been disclosed in the GNU InetUtils telnet daemon ( telnetd ) that went unnoticed for nearly 11 years. The vulnerability, tracked as | Vulnerebility | The Hacker News |
| 22.1.26 | Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts | A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to | Virus | The Hacker News |
| 22.1.26 | SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release | A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The | Exploit | The Hacker News |
| 22.1.26 | Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations | Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes | Exploit | The Hacker News |
| 22.1.26 | Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex | Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) | Vulnerebility | The Hacker News |
| 22.1.26 | North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews | As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming | APT | The Hacker News |
| 22.1.26 | Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws | Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote | Vulnerebility | The Hacker News |
| 21.1.26 | Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs | Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal | AI | The Hacker News |
| 21.1.26 | VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code | The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with | Virus | The Hacker News |
| 21.1.26 | LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords | LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users | Hack | The Hacker News |
| 21.1.26 | CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution | A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary | Vulnerebility | The Hacker News |
| 21.1.26 | North Korea-Linked Hackers Target Developers via Malicious VS Code Projects | The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual | APT | The Hacker News |
| 21.1.26 | Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution | A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP ) server maintained by Anthropic, | AI | The Hacker News |
| 21.1.26 | Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading | Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely | Social | The Hacker News |
| 20.1.26 | Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto | Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called | Virus | The Hacker News |
| 20.1.26 | Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers | Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ( ACME ) validation logic that made it | Vulnerebility | The Hacker News |
| 20.1.26 | Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion | A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new | Social | The Hacker News |
| 20.1.26 | Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites | Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to | AI | The Hacker News |
| 19.1.26 |
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs |
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability | Vulnerebility | The Hacker News |
| 19.1.26 |
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures |
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension | Virus | The Hacker News |
| 19.1.26 |
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations |
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC | Virus | The Hacker News |
| 18.1.26 | Google is testing "Skills" for Gemini in Chrome, which will allow AI in Chrome to perform tasks automatically, and it could challenge Perplexity Comet or Edge's Copilot mode. | AI | ||
| 18.1.26 |
Google Chrome now lets you turn off on-device AI model powering scam detection |
Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year. | AI | |
| 18.1.26 |
Credential-stealing Chrome extensions target enterprise HR platforms |
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. | Hack | |
| 18.1.26 | Malicious GhostPoster browser extensions found with 840,000 installs | Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. | Hack | |
| 18.1.26 | StealC hackers hacked as researchers hijack malware control panels | A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers' hardware. | Virus | |
| 18.1.26 | Black Basta boss makes it onto Interpol's 'Red Notice' list | The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. | Ransom | |
| 18.1.26 | China-linked hackers exploited Sitecore zero-day for initial access | An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. | APT | |
| 18.1.26 | Microsoft: Windows 11 update causes Outlook freezes for POP users | Microsoft confirmed that the KB5074109 January Windows 11 security update causes the classic Outlook desktop client to freeze and hang for users with POP email accounts. | OS | |
| 18.1.26 | Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks | Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. | Exploit | |
| 18.1.26 | Cisco finally fixes AsyncOS zero-day exploited since November | Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. | Vulnerebility | |
| 18.1.26 | Microsoft: Some Windows PCs fail to shut down after January update | Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. | OS | |
| 18.1.26 | Gootloader now uses 1,000-part ZIP archives for stealthy delivery | The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. | Virus | |
| 18.1.26 | Grubhub confirms hackers stole data in recent security breach | Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands. | Incindent | |
| 18.1.26 | Hackers exploit Modular DS WordPress plugin flaw for admin access | Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. | Exploit | |
| 18.1.26 | Microsoft Copilot Studio extension for VS Code now publicly available | Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. | OS | |
| 18.1.26 | Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices | A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations. | Vulnerebility | |
| 18.1.26 | FTC bans GM from selling drivers' location data for five years | The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. | BigBrothers | |
| 18.1.26 | Palo Alto Networks warns of DoS bug letting hackers disable firewalls | Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. | Vulnerebility | |
| 18.1.26 | Microsoft disrupts massive RedVDS cybercrime virtual desktop service | Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. | CyberCrime | |
| 18.1.26 | South Korean giant Kyowon confirms data theft in ransomware attack | The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. | Ransom | |
| 18.1.26 | France fines Free Mobile €42 million over 2024 data breach incident | The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. | Incindent | |
| 18.1.26 | Exploit code public for critical FortiSIEM command injection flaw | Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. | Exploit | |
| 18.1.26 | Microsoft updates Windows DLL that triggered security alerts | Microsoft has resolved a known issue that was causing security applications to flag a core Windows component, the company said in a service alert posted this week. | Hack | |
| 18.1.26 | ConsentFix debrief: Insights from the new OAuth phishing attack | ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. | Phishing | |
| 18.1.26 | Reprompt attack hijacked Microsoft Copilot sessions for data theft | Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data. | Hack | |
| 18.1.26 | Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners | Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. | Incindent | |
| 18.1.26 | Victorian Department of Education says hackers stole students’ data | The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing the personal information of current and former students. | Incindent | |
| 18.1.26 | Microsoft: Windows update blocks access to Cloud PC sessions | Microsoft confirmed that a recent Windows update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. | OS | |
| 18.1.26 | Monroe University says 2024 data breach affects 320,000 people | Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. | Incindent | |
| 18.1.26 | Ukraine's army targeted in new charity-themed malware campaign | Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. | BigBrothers | |
| 18.1.26 | New VoidLink malware framework targets Linux cloud servers | A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. | Virus | |
| 18.1.26 | Central Maine Healthcare breach exposed data of over 145,000 people | A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. | Incindent | |
| 18.1.26 | Belgian hospital AZ Monica shuts down servers after cyberattack | Belgian hospital AZ Monica was forced to shut down all servers, cancel scheduled procedures, and transfer critical patients earlier today due to a cyberattack. | Incindent | |
| 18.1.26 | New Windows updates replace expiring Secure Boot certificates | Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. | OS | |
| 18.1.26 | Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice | Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service | Ransom | The Hacker News |
| 18.1.26 | OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans | OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the | AI | The Hacker News |
| 17.1.26 | Microsoft releases Windows 10 KB5073724 extended security update | Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. | OS | |
| 17.1.26 | Windows 11 KB5074109 & KB5073455 cumulative updates released | Microsoft has released Windows 11 KB5074109 and KB5073455 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 17.1.26 | Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws | Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. | OS | |
| 17.1.26 | Google confirms Android bug causing volume key issues | Google has confirmed a software bug that is preventing volume buttons from working correctly on Android devices with accessibility features enabled. | OS | |
| 17.1.26 | Betterment confirms data breach after wave of crypto scam emails | U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. | Spam | |
| 17.1.26 | Convincing LinkedIn comment-reply tactic used in new phishing | Scammers are flooding LinkedIn posts with fake "reply" comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn's official lnkd.in shortener, making the phishing attempts harder to spot. | Social | |
| 17.1.26 | Target employees confirm leaked source code is authentic | Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. | Security | |
| 17.1.26 | Hacker gets seven years for breaching Rotterdam and Antwerp ports | The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. | CyberCrime | |
| 17.1.26 | Facebook login thieves now using browser-in-browser trick | Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. | Social | |
| 17.1.26 | CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks | CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. | Exploit | |
| 17.1.26 | 'Bad actor' hijacks Apex Legends characters in live matches | Apex Legends players over the weekend experienced disruptions during live matches as threat actors hijacked their characters, disconnected them, and changed their nicknames. | Security | |
| 17.1.26 | University of Hawaii Cancer Center hit by ransomware attack | University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. | Ransom | |
| 17.1.26 | Target's dev server offline after hackers claim to steal source code | Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be a sample of stolen code repositories on a public software development platform. After BleepingComputer notified Target, the files were taken offline and the retailer's developer Git server was inaccessible. | Incindent | |
| 17.1.26 | Hidden Telegram proxy links can reveal your IP address in one click | A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could reveal a Telegram user's real IP address. | Hack | |
| 17.1.26 | Spanish energy giant Endesa discloses data breach affecting customers | Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company's systems and accessed contract-related information, which includes personal details. | Incindent | |
| 17.1.26 | Prevent cloud data leaks with Microsoft 365 access reviews | Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. | Incindent | |
| 17.1.26 | Max severity Ni8mare flaw impacts nearly 60,000 n8n instances | Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." | Vulnerebility | |
| 17.1.26 | Instagram denies breach amid claims of 17 million account data leak | Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. | Incindent | |
| 17.1.26 | California bans data broker reselling health data of millions | The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker. | Incindent | |
| 17.1.26 | New Remcos Campaign Distributed Through Fake Shipping Document | FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution. | Malware blog | FORTINET |
| 17.1.26 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Malware blog | FORTINET |
| 17.1.26 | Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide | Silent Push Preemptive Cyber Defense Analysts recently uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer campaign, known under the umbrella name: “Magecart.” | Cyber blog | Silent Push |
| 17.1.26 | Looking for fingerprints instead of footprints: A bit of honesty about the current cybersecurity landscape by Ken Bagnall | Most of us in cybersecurity have fallen into a bit of a trap. We have been taught to defend our networks by looking at the past. We rely on Indicators of Compromise (IOCs). These are things like malicious IPs or file hashes. Using them as a primary defense is not really a strategy. It is just playing catch-up. | Cyber blog | Silent Push |
| 17.1.26 | Unmasking the DPRK Remote Worker Problem | The DPRK remote worker program functions as a high-volume revenue engine for the North Korean regime. These state-sponsored operatives use stolen identities to secure remote roles within Western enterprises. They establish long-term persistence inside corporate infrastructure before their first meeting. These actors bypass standard IAM and EDR by mimicking the behavior, location, and hardware signatures of a domestic employee. | APT blog | Silent Push |
| 17.1.26 | Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation | Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dating back to 1999—Mandiant consultants continue to identify its use in active environments. This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk. | Hacking blog | |
| 17.1.26 | AuraInspector: Auditing Salesforce Aura for Data Exposure | Mandiant is releasing AuraInspector, a new open-source tool designed to help defenders identify and audit access control misconfigurations within the Salesforce Aura framework. | Security blog | |
| 17.1.26 | In December 2025, organizations experienced an average of 2,027 cyber attacks per organization per week. ... | Ransom blog | CHECKPOINT | |
| 17.1.26 | Executive Summary Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code ... | Vulnerebility blog | CHECKPOINT | |
| 17.1.26 | In Q4 2025, Microsoft once again ranked as the most impersonated brand in phishing attacks, ... | Phishing blog | CHECKPOINT | |
| 17.1.26 | Ransomware and Supply Chain Attacks Soared in 2025 | The threat landscape shifted significantly in 2025. Here are the threats and trends to watch as we enter 2026. | Phishing blog | |
| 17.1.26 | deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran | Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users. | Malware blog | |
| 17.1.26 | Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate | INTRODUCTION CYFIRMA assesses that Mamba 2FA is a representative of a broader class of adversary-in-the-middle phishing frameworks that have become increasingly prevalen | Phishing blog | |
| 17.1.26 | SOLYXIMMORTAL : PYTHON MALWARE ANALYSIS | EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, | Malware blog | |
| 17.1.26 | APT PROFILE – KIMSUKI | Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The… | APT blog | |
| 17.1.26 | CYFIRMA ANNUAL INDUSTRIES REPORT 2025 : PART 3 | EXECUTIVE SUMMARY The CYFIRMA Industries Report provides cutting-edge cybersecurity insights and telemetry-driven statistics on global industries. Spanning the last 365 days and | ICS blog | |
| 17.1.26 | Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations | Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. | APT blog | Microsoft blog |
| 17.1.26 | Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response | Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. | Malware blog | |
| 17.1.26 | Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™ | This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI™ Research monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations. | Hacking blog | |
| 17.1.26 | Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering | No employee wants their paycheck to go missing. One organization learned about an incident when they started hearing exactly this complaint. It turned out that an attacker had modified direct-deposit details in order to redirect an organization’s paychecks into attacker-controlled accounts. | Hacking blog | Palo Alto |
| 17.1.26 | Threat Brief: MongoDB Vulnerability (CVE-2025-14847) | On Dec. 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. This flaw occurs prior to authentication, meaning an attacker only needs network access to the database's default port to trigger it. | Vulnerebility blog | Palo Alto |
| 17.1.26 | Remote Code Execution With Modern AI/ML Formats and Libraries | We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA on their GitHub repositories. Vulnerable versions of these libraries allow for remote code execution (RCE) when a model file with malicious metadata is loaded. | AI blog | Palo Alto |
| 17.1.26 | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | VoidLink is an advanced malware framework made up of custom loaders, implants, rootkits, and modular plugins designed to maintain long-term access to Linux systems. The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods. | Malware blog | |
| 17.1.26 | Sicarii Ransomware: Truth vs Myth | Sicarii is a newly observed RaaS operation that surfaced in late 2025 and has only published 1 claimed victim. | Ransom blog | |
| 17.1.26 | UAT-8837 targets critical infrastructure sectors in North America | Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor. | APT blog | CISCO TALOS |
| 17.1.26 | Predicting 2026 | In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities. | Cyber blog | CISCO TALOS |
| 17.1.26 | Brushstrokes and breaches with Terryn Valikodath | Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations. | Incident blog | |
| 17.1.26 | Why LinkedIn is a hunting ground for threat actors – and how to protect yourself | The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are. | Social blog | Eset |
| 17.1.26 | Is it time for internet services to adopt identity verification? | Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters. | Cyber blog | Eset |
| 17.1.26 | Your personal information is on the dark web. What happens next? | If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do. | Hacking blog | Eset |
| 17.1.26 | Analyzing React2Shell Threat Actors | In this installment of the Sensor Intel Series, we provide an analysis of the most exploited vulnerabilities, highlighting trends and significant activity, with a deep-dive into React2Shell exploitation attempts, methods and tactics. This article focuses on the top 10 CVEs, their rankings, and long-term trends, offering insights into the evolving threat landscape. | Vulnerebility blog | F5 |
| 17.1.26 | When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering | December closed out 2025 with a clear signal that AI risk, capability, and governance are evolving faster than ever. Updated CASI and ARS leaderboards showed a notable shift at the top, with GPT-5.2 delivering an 11-point security improvement over GPT-5.1, while NVIDIA’s latest model demonstrated that strong performance and efficiency are increasingly attainable outside the traditional hyperscaler ecosystem. | AI blog | F5 |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? | While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. | Exploit blog | Project Zero |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave | With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. | Exploit blog | Project Zero |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby | Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. | Exploit blog | Project Zero |
| 17.1.26 | Dark Web Roast December 2025 Edition | This month's underground activities proved that while crime may not pay, it certainly provides endless entertainment for those monitoring the digital underbelly of society. | Cyber blog | Trelix |
| 17.1.26 | Hiding in Plain Sight: Multi-Actor ahost.exe Attacks | The Trellix Advanced Research Center found an active malware campaign exploiting a DLL sideloading vulnerability in the legitimate Git tools to target supply chains. Stay protected—update EDR/XDR and monitor for suspicious activity. | Hacking blog | Trelix |
| 17.1.26 | The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late | In the second half of 2025, Trellix observed a surge in credential-stealing Facebook phishing scams, particularly those using the sophisticated "Browser in the Browser" (BitB) technique to trick users with fake login pop-ups. | Phishing blog | Trelix |
| 17.1.26 | GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection | The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. | Virus | The Hacker News |
| 17.1.26 | Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts | Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning | Hack | The Hacker News |
| 17.1.26 | LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing | Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as | Virus | The Hacker News |
| 16.1.26 | China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure | A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity | APT | The Hacker News |
| 16.1.26 | Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways | Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. | Exploit | The Hacker News |
| 16.1.26 | AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks | A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS | Hack | The Hacker News |
| 16.1.26 | Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access | A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE- | Exploit | The Hacker News |
| 16.1.26 | Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot | Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots | Hack | The Hacker News |
| 16.1.26 | Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud | Microsoft on Wednesday announced that it has taken a " coordinated legal action " in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly | CyberCrime | The Hacker News |
| 16.1.26 | Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login | Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) | Vulnerebility | The Hacker News |
| 16.1.26 | Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers | The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early | BotNet | The Hacker News |
| 16.1.26 | Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware | Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares | Exploit | The Hacker News |
| 14.1.26 | Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution | Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The | Vulnerebility | The Hacker News |
| 14.1.26 | Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited | Microsoft on Tuesday rolled out its first security update for 2026 , addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the | OS | The Hacker News |
| 14.1.26 | Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow | Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial- | Vulnerebility | The Hacker News |
| 14.1.26 | PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between | Virus | The Hacker News |
| 14.1.26 | Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages | ybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, | CyberCrime | The Hacker News |
| 14.1.26 | Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool | Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries , while masquerading as a tool to automate trading on the platform. | Virus | The Hacker News |
| 14.1.26 | New Advanced Linux VoidLink Malware Targets Cloud and container Environments | Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, | Virus | The Hacker News |
| 14.1.26 | ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation | ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to | AI | The Hacker News |
| 14.1.26 | New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack | Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a | Virus | The Hacker News |
| 14.1.26 | CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known | Exploit | The Hacker News |
| 14.1.26 | n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens | Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal | Hack | The Hacker News |
| 12.1.26 | GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials | A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user | BotNet | The Hacker News |
| 12.1.26 | Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud | Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a- | Incindent | The Hacker News |
| 11.1.26 | BreachForums hacking forum database leaked, exposing 324,000 accounts | The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. | Incindent | |
| 11.1.26 | Spain arrests 34 suspects linked to Black Axe cyber crime | Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe. | CyberCrime | |
| 11.1.26 | Ireland recalls almost 13,000 passports over missing 'IRL' code | Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect. The printing error makes the documents non-compliant with international travel standards and potentially unreadable at automated border gates. | BigBrothers | |
| 11.1.26 | Microsoft may soon allow IT admins to uninstall Copilot | Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices. | IT | |
| 11.1.26 | Hackers target misconfigured proxies to access paid LLM services | Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services. | AI | |
| 11.1.26 | Illinois Department of Human Services data breach affects 700K people | The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. | Incindent | |
| 11.1.26 | Email security needs more seatbelts: Why click rate is the wrong metric | Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. | Security | |
| 11.1.26 | Illinois man charged with hacking Snapchat accounts to steal nude photos | U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online | Incindent | |
| 11.1.26 | Trend Micro warns of critical Apex Central RCE vulnerability | Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. | Vulnerebility | |
| 11.1.26 | CISA retires 10 emergency cyber orders in rare bulk closure | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. | BigBrothers | |
| 11.1.26 | New China-linked hackers breach telcos using edge device exploits | A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. | APT | |
| 10.1.26 | MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors | The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East | APT | The Hacker News |
| 10.1.26 | Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime | Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe . As part of an operation conducted | CyberCrime | The Hacker News |
| 10.1.26 | FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs | The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. | APT | |
| 10.1.26 | VMware ESXi zero-days likely exploited a year before disclosure | Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. | Exploit | |
| 10.1.26 | Cisco switches hit by reboot loops due to DNS client bug | Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by BleepingComputer. | Vulnerebility | |
| 10.1.26 | Texas court blocks Samsung from tracking TV viewing, then vacates order | The State of Texas obtained a short-lived, temporary restraining order (TRO) against Samsung that prohibited the South Korean company from collecting audio and visual data about what Texas consumers are watching on their TVs. | Security | |
| 10.1.26 | Six for 2026: The cyber threats you can’t ignore | Cybersecurity threats in 2026 are accelerating, driven by AI, automation, and more effective social engineering. Corelight outlines six emerging attack trends and explains how network visibility can help defenders respond faster. | Cyber | |
| 10.1.26 | Microsoft to enforce MFA for Microsoft 365 admin center sign-ins | Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. | Safety | |
| 10.1.26 | Cisco warns of Identity Service Engine flaw with exploit code | Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. | Exploit | |
| 10.1.26 | CISA tags max severity HPE OneView flaw as actively exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. | Exploit | |
| 10.1.26 | New GoBruteforcer attack wave targets crypto, blockchain projects | A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. | AI | |
| 10.1.26 | Critical jsPDF flaw lets hackers steal secrets via generated PDFs | The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. | Vulnerebility | |
| 10.1.26 | Max severity Ni8mare flaw lets hackers hijack n8n servers | A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. | Vulnerebility | |
| 10.1.26 | In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT | Cybercriminals are increasingly using AI to lower the barrier to entry for fraud and hacking, shifting from skill-based to AI-assisted attacks known as "vibe hacking." Flare examines how underground forums promote AI tools, jailbreak techniques, and so-called "Hacking-GPT" services that promise ease rather than technical mastery. | AI | |
| 10.1.26 | ownCloud urges users to enable MFA after credential theft reports | File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data. | Security | |
| 10.1.26 | New Veeam vulnerabilities expose backup servers to RCE attacks | Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. | Vulnerebility | |
| 10.1.26 | UK announces plan to strengthen public sector cyber defenses | The United Kingdom has announced a new cybersecurity strategy, backed by more than £210 million ($283 million), to boost cyber defenses across government departments and the wider public sector. | BigBrothers | |
| 10.1.26 | Taiwan says China's attacks on its energy sector increased tenfold | The National Security Bureau in Taiwan says that China's attacks on the country's energy sector increased tenfold in 2025 compared to the previous year. | BigBrothers | |
| 10.1.26 | Microsoft cancels plans to rate limit Exchange Online bulk emails | Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. | Security | |
| 10.1.26 | New D-Link flaw in legacy DSL routers actively exploited in attacks | Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. | Exploit | |
| 10.1.26 | Kimwolf Android botnet abuses residential proxies to infect internal devices | The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. | BotNet | |
| 10.1.26 | The Great VM Escape: ESXi Exploitation in the Wild | Based on indicators we observed, including the workstation name the threat actor was operating from and other TTPs, the Huntress Tactical Response team assesses with high confidence that initial access occurred via SonicWall VPN. | Exploit | HUNTRESS |
| 10.1.26 | Unpacking the packer ‘pkr_mtsi’ | This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions. | Malware blog | REVERSINGLABS |
| 10.1.26 | 5 ways your firewall can keep ransomware out — and lock it down if it gets in | Ransomware continues to cripple organizations worldwide, draining budgets and halting operations. For IT teams already stretched thin, a single attack can mean days of downtime and irreversible data loss. | Ransom blog | SOPHOS |
| 10.1.26 | Human-in-the-loop security will define 2026: Predictions from Sophos experts | Cybersecurity in 2026 will be shaped by extremes: attackers operating with unprecedented speed and scale, and defenders navigating the widening gap between automation and human judgment. Sophos experts predict a year where the “little things” — basic hygiene, configuration discipline, visibility across platforms — will matter more than ever. | Cyber blog | SOPHOS |
| 10.1.26 | Winning the AI War: Why Preemptive Cyber Defense is the Only Viable Countermeasure for CISOs | The escalation of AI-driven cyber threats has fundamentally broken the traditional security lifecycle. For decades, the industry has operated on a reactive cadence: an attack occurs, indicators are gathered, and defenses are updated. This model assumes that defenders have time to react. | AI blog | Silent Push |
| 10.1.26 | Executive Summary The OPCOPRO “Truman Show” operation is a fully synthetic, AI‑powered investment scam that ... | AI blog | CHECKPOINT | |
| 10.1.26 | The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits | The year may be a little more than a week old, but threat actors have already amassed nearly 100 Proof of Concepts and newly exploited vulnerabilities. | Vulnerebility blog | |
| 10.1.26 | Initial Access Sales Accelerated Across Australia and New Zealand in 2025 | Cyble’s 2025 report analyzes Initial Access sales, ransomware operations, and data breaches shaping the cyber threat landscape in Australia and New Zealand. | APT blog | |
| 10.1.26 | Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) | A critical authentication bypass flaw, CVE-2025-13915, affects IBM API Connect. Singapore issues alert as IBM releases fixes. | Vulnerebility blog | |
| 10.1.26 | CISA Known Exploited Vulnerabilities Surged 20% in 2025 | CISA’s Known Exploited Vulnerabilities (KEV) catalog grew by 20% in 2025, including 24 vulnerabilities exploited by ransomware groups. | Exploit blog | |
| 10.1.26 | TRACKING RANSOMWARE : DEC 2025 | EXECUTIVE SUMMARY Ransomware activity in December 2025 highlights an evolution toward cartel-style, collaborative ecosystems, where initial access, persistence, encryption, and | Ransom blog | |
| 10.1.26 | Beyond MFA: Identity Abuse Through Token Interception and Consent Manipulation | EXECUTIVE SUMMARY Multi-Factor Authentication (MFA) has long been positioned as a definitive control against credential-based attacks. However, recent phishing campaigns | Phishing blog | |
| 10.1.26 | CYFIRMA ANNUAL INDUSTRIES REPORT 2025 : PART 2 | EXECUTIVE SUMMARY The CYFIRMA Industries Report provides cutting-edge cybersecurity insights and telemetry-driven statistics on global industries. Spanning the last 365 days and | ICS blog | |
| 10.1.26 | Resurgence of Scattered Lapsus$ hunters | Executive Summary: Recent monitoring of underground forums and Telegram communities has identified the resurgence of the Scattered Lapsus$ collective. The actors appear to be | APT blog | Cyfirma |
| 10.1.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | CVE-2020-12812, a five-year-old authentication bypass flaw that should have been relegated to history, is being actively exploited. Coming on the heels of two brand-new SAML authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) discovered in late 2025, Fortinet administrators must be on high alert and work to remediate them as quickly as possible, as the trend of network device exploitation is continuing. | Vulnerebility blog | Eclypsium |
| 10.1.26 | Phishing actors exploit complex routing and misconfigurations to spoof domains | Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. | Phishing blog | Microsoft blog |
| 10.1.26 | Ladvix: Inside a Self-Propagating ELF Malware with IoT Botnet Traits | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of a malicious ELF file infector that shares characteristics of IoT botnet malware. The sample demonstrates self-propagation capabilities, file system scanning, and selective infection mechanisms targeting other ELF binaries. | Malware blog | SonicWall |
| 10.1.26 | MongoBleed MongoDB SBE Use-After-Free (CVE-2025-6706 / CVE-2025-14847) | SonicWall Capture Labs threat research team became aware of the threats CVE-2025-6706 and CVE-2025-14847, assessed their impact, and developed mitigation measures for these vulnerabilities. CVE-2025-6706, also known as MongoDB SBE Use-After-Free, is a critical memory corruption vulnerability affecting MongoDB Server in versions 7.0.0 through 7.0.16. | Vulnerebility blog | SonicWall |
| 10.1.26 | Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk | The promise of AI-assisted development, or “vibe coding,” is undeniable: unprecedented speed and productivity for development teams. In a landscape defined by complex cloud-native architectures and intense demand for new software, this force multiplier is rapidly becoming standard practice. | AI blog | Palo Alto |
| 10.1.26 | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | This article details our technical analysis of VVS stealer, also styled VVS $tealer, including its distributors’ use of obfuscation and detection evasion. | Malware blog | Palo Alto |
| 10.1.26 | Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns | GoBruteforcer (also called GoBrut) is a modular botnet, written in Go, that brute-forces user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. The botnet spreads through a chain of web shell, downloader, IRC bot, and bruteforcer modules. | BotNet blog | CHECKPOINT |
| 10.1.26 | UAT-7290 targets high value telecommunications infrastructure in South Asia | Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia. | APT blog | |
| 10.1.26 | Resolutions, shmesolutions (and what’s actually worked for me) | Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure. | APT blog | |
| 10.1.26 | How Cisco Talos powers the solutions protecting your organization | What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how. | Security blog | |
| 10.1.26 | Credential stuffing: What it is and how to protect yourself | Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts | Incident blog | Eset |
| 10.1.26 | The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics | Trellix provides an in-depth analysis of CrazyHunter ransomware and its attack flow, which has emerged as a significant and concerning threat. | Hacking blog | Trelix |
| 10.1.26 | China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines | Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have | APT | The Hacker News |
| 10.1.26 | Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations | Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear | APT | The Hacker News |
| 10.1.26 | Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions | Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that | Vulnerebility | The Hacker News |
| 10.1.26 | CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of | BigBrothers | The Hacker News |
| 9.1.26 | FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing | The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing | Hack | The Hacker News |
| 9.1.26 | Jaguar Land Rover wholesale volumes down 43% after cyberattack | Jaguar Land Rover (JLR) revealed this week that a September 2025 cyberattack led to a 43% decline in third-quarter wholesale volumes. | Hack | |
| 9.1.26 | Sedgwick confirms breach at government contractor subsidiary | Claims administration and risk management company Sedgwick has confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was the victim of a security breach. | Incindent | |
| 9.1.26 | How generative AI accelerates identity attacks against Active Directory | Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. | AI | |
| 9.1.26 | Are Copilot prompt injection flaws vulnerabilities or AI limits? | Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. | AI | |
| 9.1.26 | Cloud file-sharing sites targeted for corporate data theft attacks | A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. | Incindent | |
| 9.1.26 | ClickFix attack uses fake Windows BSOD screens to push malware | A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. | Hack | |
| 9.1.26 | US broadband provider Brightspeed investigates breach claims | Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. | Incindent | |
| 9.1.26 | VSCode IDE forks expose users to "recommended extension" attacks | Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. | Hack | |
| 9.1.26 | Ledger customers impacted by third-party Global-e data breach | Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. | Incindent | |
| 9.1.26 | Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome | As agentic AI adoption accelerates, identity is emerging as the primary security challenge. Token Security explains why AI agents behave like a new class of identity and why CISOs must manage their access, lifecycle, and risk. | AI | |
| 9.1.26 | NordVPN denies breach claims, says attackers have "dummy data" | NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. | Incindent | |
| 8.1.26 | WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging | Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. | Social | The Hacker News |
| 8.1.26 | China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes | A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which | APT | The Hacker News |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 8.1.26 | Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages | Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the | Virus | The Hacker News |
| 8.1.26 | Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances | Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. | Vulnerebility | The Hacker News |
| 8.1.26 | OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls | Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about | AI | The Hacker News |
| 8.1.26 | CNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Hack | Weixin.qq |
| 8.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 8.1.26 | Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches | A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick | Virus | The Hacker News |
| 8.1.26 | Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control | Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote | Vulnerebility | The Hacker News |
| 8.1.26 | n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions | Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution | Vulnerebility | The Hacker News |
| 8.1.26 | Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication | Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The | Vulnerebility | The Hacker News |
| 7.1.26 | Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing | Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute | Phishing | The Hacker News |
| 7.1.26 | Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers | A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS | Vulnerebility | The Hacker News |
| 7.1.26 | Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users | Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations | AI | The Hacker News |
| 7.1.26 | Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover | The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote | Vulnerebility | The Hacker News |
| 7.1.26 | Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat | Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix -style lures to display fixes for fake blue | Virus | The Hacker News |
| 7.1.26 | VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX | Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend | Hack | The Hacker News |
| 6.1.26 | New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands | A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system | Vulnerebility | The Hacker News |
| 6.1.26 | Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government | The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver | APT | The Hacker News |
| 6.1.26 | Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks | The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved | BotNet | The Hacker News |
| 5.1.26 | Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act | Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. | Cryptocurrency | The Hacker News |
| 5.1.26 | New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code | Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord | Virus | The Hacker News |
| 4.1.26 | Hackers claim to hack Resecurity, firm says it was a honeypot | The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. | Cyber | |
| 4.1.26 | Covenant Health says May data breach impacted nearly 478,000 patients | The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. | Incindent | |
| 4.1.26 | Cryptocurrency theft attacks traced to 2022 LastPass breach | Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. | Cryptocurrency | |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 4.1.26 | Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack | Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. | Cryptocurrency | |
| 3.1.26 | The biggest cybersecurity and cyberattack stories of 2025 | 2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025. | Cyber | |
| 3.1.26 | New GlassWorm malware wave targets Macs with trojanized crypto wallets | A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. | Virus | |
| 3.1.26 | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | Security | |
| 3.1.26 | Hackers drain $3.9M from Unleash Protocol after multisig hijack | The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. | Cryptocurrency | |
| 3.1.26 | RondoDox botnet exploits React2Shell flaw to breach Next.js servers | The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. | BotNet | |
| 3.1.26 | IBM warns of critical API Connect auth bypass vulnerability | IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. | Vulnerebility | |
| 3.1.26 | Disney will pay $10 million to settle children's data privacy lawsuit | A federal judge has approved an order requiring Disney to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. | Incindent | |
| 3.1.26 | New ErrTraffic service enables ClickFix attacks via fake browser glitches | A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions | Hack | |
| 3.1.26 | European Space Agency confirms breach of "external servers" | The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities. | BigBrothers | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Zoom Stealer browser extensions harvest corporate meeting intelligence | A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. | Virus | |
| 3.1.26 | US cybersecurity experts plead guilty to BlackCat ransomware attacks | Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023 | Ransom | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Hacker arrested for KMSAuto malware campaign with 2.8 million downloads | A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. | Virus | |
| 3.1.26 | Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack | Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. | Cryptocurrency | |
| 3.1.26 | The Real-World Attacks Behind OWASP Agentic AI Top 10 | OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused. | AI | |
| 3.1.26 | Romanian energy provider hit by Gentlemen ransomware attack | A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. | Ransom | |
| 3.1.26 | Former Coinbase support agent arrested for helping hackers | A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. | Cryptocurrency | |
| 3.1.26 | Korean Air data breach exposes data of thousands of employees | Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. | Incindent | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit | |
| 3.1.26 | Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed | A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. | Vulnerebility | |
| 3.1.26 | Hacker claims to leak WIRED database with 2.3 million records | A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. | Incindent | |
| 3.1.26 | Massive Rainbow Six Siege breach gives players billions of credits | Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. | Incindent | |
| 3.1.26 | Fake Grubhub emails promise tenfold return on sent cryptocurrency | Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. | Cryptocurrency | |
| 3.1.26 | Trust Wallet confirms extension hack led to $7 million crypto theft | Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. | Cryptocurrency | |
| 3.1.26 | Fake MAS Windows activation domain used to spread PowerShell malware | A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader' | Virus | BleepingComputer |
| 3.1.26 | Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia | The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan | Virus | The Hacker News |
| 2.1.26 | Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign | Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's | CyberCrime | The Hacker News |
| 2.1.26 | RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers | Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. | BotNet | The Hacker News |