2026 January(156) February(0) March(0) April(0) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 19.1.26 |
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs |
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability | Vulnerebility | The Hacker News |
| 19.1.26 |
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures |
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension | Virus | The Hacker News |
| 19.1.26 |
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations |
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC | Virus | The Hacker News |
| 18.1.26 | Google is testing "Skills" for Gemini in Chrome, which will allow AI in Chrome to perform tasks automatically, and it could challenge Perplexity Comet or Edge's Copilot mode. | AI | ||
| 18.1.26 |
Google Chrome now lets you turn off on-device AI model powering scam detection |
Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year. | AI | |
| 18.1.26 |
Credential-stealing Chrome extensions target enterprise HR platforms |
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. | Hack | |
| 18.1.26 | Malicious GhostPoster browser extensions found with 840,000 installs | Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. | Hack | |
| 18.1.26 | StealC hackers hacked as researchers hijack malware control panels | A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers' hardware. | Virus | |
| 18.1.26 | Black Basta boss makes it onto Interpol's 'Red Notice' list | The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. | Ransom | |
| 18.1.26 | China-linked hackers exploited Sitecore zero-day for initial access | An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. | APT | |
| 18.1.26 | Microsoft: Windows 11 update causes Outlook freezes for POP users | Microsoft confirmed that the KB5074109 January Windows 11 security update causes the classic Outlook desktop client to freeze and hang for users with POP email accounts. | OS | |
| 18.1.26 | Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks | Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. | Exploit | |
| 18.1.26 | Cisco finally fixes AsyncOS zero-day exploited since November | Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. | Vulnerebility | |
| 18.1.26 | Microsoft: Some Windows PCs fail to shut down after January update | Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. | OS | |
| 18.1.26 | Gootloader now uses 1,000-part ZIP archives for stealthy delivery | The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. | Virus | |
| 18.1.26 | Grubhub confirms hackers stole data in recent security breach | Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands. | Incindent | |
| 18.1.26 | Hackers exploit Modular DS WordPress plugin flaw for admin access | Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. | Exploit | |
| 18.1.26 | Microsoft Copilot Studio extension for VS Code now publicly available | Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. | OS | |
| 18.1.26 | Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices | A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations. | Vulnerebility | |
| 18.1.26 | FTC bans GM from selling drivers' location data for five years | The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. | BigBrothers | |
| 18.1.26 | Palo Alto Networks warns of DoS bug letting hackers disable firewalls | Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. | Vulnerebility | |
| 18.1.26 | Microsoft disrupts massive RedVDS cybercrime virtual desktop service | Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. | CyberCrime | |
| 18.1.26 | South Korean giant Kyowon confirms data theft in ransomware attack | The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. | Ransom | |
| 18.1.26 | France fines Free Mobile €42 million over 2024 data breach incident | The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. | Incindent | |
| 18.1.26 | Exploit code public for critical FortiSIEM command injection flaw | Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. | Exploit | |
| 18.1.26 | Microsoft updates Windows DLL that triggered security alerts | Microsoft has resolved a known issue that was causing security applications to flag a core Windows component, the company said in a service alert posted this week. | Hack | |
| 18.1.26 | ConsentFix debrief: Insights from the new OAuth phishing attack | ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. | Phishing | |
| 18.1.26 | Reprompt attack hijacked Microsoft Copilot sessions for data theft | Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data. | Hack | |
| 18.1.26 | Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners | Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. | Incindent | |
| 18.1.26 | Victorian Department of Education says hackers stole students’ data | The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing the personal information of current and former students. | Incindent | |
| 18.1.26 | Microsoft: Windows update blocks access to Cloud PC sessions | Microsoft confirmed that a recent Windows update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. | OS | |
| 18.1.26 | Monroe University says 2024 data breach affects 320,000 people | Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. | Incindent | |
| 18.1.26 | Ukraine's army targeted in new charity-themed malware campaign | Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. | BigBrothers | |
| 18.1.26 | New VoidLink malware framework targets Linux cloud servers | A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. | Virus | |
| 18.1.26 | Central Maine Healthcare breach exposed data of over 145,000 people | A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. | Incindent | |
| 18.1.26 | Belgian hospital AZ Monica shuts down servers after cyberattack | Belgian hospital AZ Monica was forced to shut down all servers, cancel scheduled procedures, and transfer critical patients earlier today due to a cyberattack. | Incindent | |
| 18.1.26 | New Windows updates replace expiring Secure Boot certificates | Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. | OS | |
| 18.1.26 | Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice | Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service | Ransom | The Hacker News |
| 18.1.26 | OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans | OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the | AI | The Hacker News |
| 17.1.26 | Microsoft releases Windows 10 KB5073724 extended security update | Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. | OS | |
| 17.1.26 | Windows 11 KB5074109 & KB5073455 cumulative updates released | Microsoft has released Windows 11 KB5074109 and KB5073455 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 17.1.26 | Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws | Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. | OS | |
| 17.1.26 | Google confirms Android bug causing volume key issues | Google has confirmed a software bug that is preventing volume buttons from working correctly on Android devices with accessibility features enabled. | OS | |
| 17.1.26 | Betterment confirms data breach after wave of crypto scam emails | U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. | Spam | |
| 17.1.26 | Convincing LinkedIn comment-reply tactic used in new phishing | Scammers are flooding LinkedIn posts with fake "reply" comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn's official lnkd.in shortener, making the phishing attempts harder to spot. | Social | |
| 17.1.26 | Target employees confirm leaked source code is authentic | Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. | Security | |
| 17.1.26 | Hacker gets seven years for breaching Rotterdam and Antwerp ports | The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. | CyberCrime | |
| 17.1.26 | Facebook login thieves now using browser-in-browser trick | Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. | Social | |
| 17.1.26 | CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks | CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. | Exploit | |
| 17.1.26 | 'Bad actor' hijacks Apex Legends characters in live matches | Apex Legends players over the weekend experienced disruptions during live matches as threat actors hijacked their characters, disconnected them, and changed their nicknames. | Security | |
| 17.1.26 | University of Hawaii Cancer Center hit by ransomware attack | University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. | Ransom | |
| 17.1.26 | Target's dev server offline after hackers claim to steal source code | Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be a sample of stolen code repositories on a public software development platform. After BleepingComputer notified Target, the files were taken offline and the retailer's developer Git server was inaccessible. | Incindent | |
| 17.1.26 | Hidden Telegram proxy links can reveal your IP address in one click | A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could reveal a Telegram user's real IP address. | Hack | |
| 17.1.26 | Spanish energy giant Endesa discloses data breach affecting customers | Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company's systems and accessed contract-related information, which includes personal details. | Incindent | |
| 17.1.26 | Prevent cloud data leaks with Microsoft 365 access reviews | Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. | Incindent | |
| 17.1.26 | Max severity Ni8mare flaw impacts nearly 60,000 n8n instances | Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." | Vulnerebility | |
| 17.1.26 | Instagram denies breach amid claims of 17 million account data leak | Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. | Incindent | |
| 17.1.26 | California bans data broker reselling health data of millions | The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker. | Incindent | |
| 17.1.26 | New Remcos Campaign Distributed Through Fake Shipping Document | FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution. | Malware blog | FORTINET |
| 17.1.26 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Malware blog | FORTINET |
| 17.1.26 | Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide | Silent Push Preemptive Cyber Defense Analysts recently uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer campaign, known under the umbrella name: “Magecart.” | Cyber blog | Silent Push |
| 17.1.26 | Looking for fingerprints instead of footprints: A bit of honesty about the current cybersecurity landscape by Ken Bagnall | Most of us in cybersecurity have fallen into a bit of a trap. We have been taught to defend our networks by looking at the past. We rely on Indicators of Compromise (IOCs). These are things like malicious IPs or file hashes. Using them as a primary defense is not really a strategy. It is just playing catch-up. | Cyber blog | Silent Push |
| 17.1.26 | Unmasking the DPRK Remote Worker Problem | The DPRK remote worker program functions as a high-volume revenue engine for the North Korean regime. These state-sponsored operatives use stolen identities to secure remote roles within Western enterprises. They establish long-term persistence inside corporate infrastructure before their first meeting. These actors bypass standard IAM and EDR by mimicking the behavior, location, and hardware signatures of a domestic employee. | APT blog | Silent Push |
| 17.1.26 | Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation | Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dating back to 1999—Mandiant consultants continue to identify its use in active environments. This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk. | Hacking blog | |
| 17.1.26 | AuraInspector: Auditing Salesforce Aura for Data Exposure | Mandiant is releasing AuraInspector, a new open-source tool designed to help defenders identify and audit access control misconfigurations within the Salesforce Aura framework. | Security blog | |
| 17.1.26 | In December 2025, organizations experienced an average of 2,027 cyber attacks per organization per week. ... | Ransom blog | CHECKPOINT | |
| 17.1.26 | Executive Summary Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code ... | Vulnerebility blog | CHECKPOINT | |
| 17.1.26 | In Q4 2025, Microsoft once again ranked as the most impersonated brand in phishing attacks, ... | Phishing blog | CHECKPOINT | |
| 17.1.26 | Ransomware and Supply Chain Attacks Soared in 2025 | The threat landscape shifted significantly in 2025. Here are the threats and trends to watch as we enter 2026. | Phishing blog | |
| 17.1.26 | deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran | Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users. | Malware blog | |
| 17.1.26 | Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate | INTRODUCTION CYFIRMA assesses that Mamba 2FA is a representative of a broader class of adversary-in-the-middle phishing frameworks that have become increasingly prevalen | Phishing blog | |
| 17.1.26 | SOLYXIMMORTAL : PYTHON MALWARE ANALYSIS | EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, | Malware blog | |
| 17.1.26 | APT PROFILE – KIMSUKI | Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The… | APT blog | |
| 17.1.26 | CYFIRMA ANNUAL INDUSTRIES REPORT 2025 : PART 3 | EXECUTIVE SUMMARY The CYFIRMA Industries Report provides cutting-edge cybersecurity insights and telemetry-driven statistics on global industries. Spanning the last 365 days and | ICS blog | |
| 17.1.26 | Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations | Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. | APT blog | Microsoft blog |
| 17.1.26 | Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response | Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. | Malware blog | |
| 17.1.26 | Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™ | This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI™ Research monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations. | Hacking blog | |
| 17.1.26 | Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering | No employee wants their paycheck to go missing. One organization learned about an incident when they started hearing exactly this complaint. It turned out that an attacker had modified direct-deposit details in order to redirect an organization’s paychecks into attacker-controlled accounts. | Hacking blog | Palo Alto |
| 17.1.26 | Threat Brief: MongoDB Vulnerability (CVE-2025-14847) | On Dec. 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. This flaw occurs prior to authentication, meaning an attacker only needs network access to the database's default port to trigger it. | Vulnerebility blog | Palo Alto |
| 17.1.26 | Remote Code Execution With Modern AI/ML Formats and Libraries | We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA on their GitHub repositories. Vulnerable versions of these libraries allow for remote code execution (RCE) when a model file with malicious metadata is loaded. | AI blog | Palo Alto |
| 17.1.26 | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | VoidLink is an advanced malware framework made up of custom loaders, implants, rootkits, and modular plugins designed to maintain long-term access to Linux systems. The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods. | Malware blog | |
| 17.1.26 | Sicarii Ransomware: Truth vs Myth | Sicarii is a newly observed RaaS operation that surfaced in late 2025 and has only published 1 claimed victim. | Ransom blog | |
| 17.1.26 | UAT-8837 targets critical infrastructure sectors in North America | Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor. | APT blog | CISCO TALOS |
| 17.1.26 | Predicting 2026 | In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities. | Cyber blog | CISCO TALOS |
| 17.1.26 | Brushstrokes and breaches with Terryn Valikodath | Terryn’s path to cybersecurity started with a fascination for criminal forensics and a knack for jailbreaking his family's tech — interests that eventually steered him toward the fast-paced world of digital investigations. | Incident blog | |
| 17.1.26 | Why LinkedIn is a hunting ground for threat actors – and how to protect yourself | The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are. | Social blog | Eset |
| 17.1.26 | Is it time for internet services to adopt identity verification? | Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters. | Cyber blog | Eset |
| 17.1.26 | Your personal information is on the dark web. What happens next? | If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do. | Hacking blog | Eset |
| 17.1.26 | Analyzing React2Shell Threat Actors | In this installment of the Sensor Intel Series, we provide an analysis of the most exploited vulnerabilities, highlighting trends and significant activity, with a deep-dive into React2Shell exploitation attempts, methods and tactics. This article focuses on the top 10 CVEs, their rankings, and long-term trends, offering insights into the evolving threat landscape. | Vulnerebility blog | F5 |
| 17.1.26 | When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering | December closed out 2025 with a clear signal that AI risk, capability, and governance are evolving faster than ever. Updated CASI and ARS leaderboards showed a notable shift at the top, with GPT-5.2 delivering an 11-point security improvement over GPT-5.1, while NVIDIA’s latest model demonstrated that strong performance and efficiency are increasingly attainable outside the traditional hyperscaler ecosystem. | AI blog | F5 |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? | While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. | Exploit blog | Project Zero |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave | With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. | Exploit blog | Project Zero |
| 17.1.26 | A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby | Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. | Exploit blog | Project Zero |
| 17.1.26 | Dark Web Roast December 2025 Edition | This month's underground activities proved that while crime may not pay, it certainly provides endless entertainment for those monitoring the digital underbelly of society. | Cyber blog | Trelix |
| 17.1.26 | Hiding in Plain Sight: Multi-Actor ahost.exe Attacks | The Trellix Advanced Research Center found an active malware campaign exploiting a DLL sideloading vulnerability in the legitimate Git tools to target supply chains. Stay protected—update EDR/XDR and monitor for suspicious activity. | Hacking blog | Trelix |
| 17.1.26 | The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late | In the second half of 2025, Trellix observed a surge in credential-stealing Facebook phishing scams, particularly those using the sophisticated "Browser in the Browser" (BitB) technique to trick users with fake login pop-ups. | Phishing blog | Trelix |
| 17.1.26 | GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection | The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. | Virus | The Hacker News |
| 17.1.26 | Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts | Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning | Hack | The Hacker News |
| 17.1.26 | LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing | Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as | Virus | The Hacker News |
| 16.1.26 | China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure | A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity | APT | The Hacker News |
| 16.1.26 | Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways | Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. | Exploit | The Hacker News |
| 16.1.26 | AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks | A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS | Hack | The Hacker News |
| 16.1.26 | Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access | A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE- | Exploit | The Hacker News |
| 16.1.26 | Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot | Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots | Hack | The Hacker News |
| 16.1.26 | Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud | Microsoft on Wednesday announced that it has taken a " coordinated legal action " in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly | CyberCrime | The Hacker News |
| 16.1.26 | Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login | Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) | Vulnerebility | The Hacker News |
| 16.1.26 | Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers | The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early | BotNet | The Hacker News |
| 16.1.26 | Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware | Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares | Exploit | The Hacker News |
| 14.1.26 | Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution | Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The | Vulnerebility | The Hacker News |
| 14.1.26 | Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited | Microsoft on Tuesday rolled out its first security update for 2026 , addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the | OS | The Hacker News |
| 14.1.26 | Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow | Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial- | Vulnerebility | The Hacker News |
| 14.1.26 | PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between | Virus | The Hacker News |
| 14.1.26 | Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages | ybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, | CyberCrime | The Hacker News |
| 14.1.26 | Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool | Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries , while masquerading as a tool to automate trading on the platform. | Virus | The Hacker News |
| 14.1.26 | New Advanced Linux VoidLink Malware Targets Cloud and container Environments | Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, | Virus | The Hacker News |
| 14.1.26 | ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation | ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to | AI | The Hacker News |
| 14.1.26 | New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack | Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a | Virus | The Hacker News |
| 14.1.26 | CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known | Exploit | The Hacker News |
| 14.1.26 | n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens | Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal | Hack | The Hacker News |
| 12.1.26 | GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials | A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user | BotNet | The Hacker News |
| 12.1.26 | Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud | Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a- | Incindent | The Hacker News |
| 11.1.26 | BreachForums hacking forum database leaked, exposing 324,000 accounts | The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. | Incindent | |
| 11.1.26 | Spain arrests 34 suspects linked to Black Axe cyber crime | Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe. | CyberCrime | |
| 11.1.26 | Ireland recalls almost 13,000 passports over missing 'IRL' code | Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect. The printing error makes the documents non-compliant with international travel standards and potentially unreadable at automated border gates. | BigBrothers | |
| 11.1.26 | Microsoft may soon allow IT admins to uninstall Copilot | Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices. | IT | |
| 11.1.26 | Hackers target misconfigured proxies to access paid LLM services | Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services. | AI | |
| 11.1.26 | Illinois Department of Human Services data breach affects 700K people | The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. | Incindent | |
| 11.1.26 | Email security needs more seatbelts: Why click rate is the wrong metric | Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. | Security | |
| 11.1.26 | Illinois man charged with hacking Snapchat accounts to steal nude photos | U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online | Incindent | |
| 11.1.26 | Trend Micro warns of critical Apex Central RCE vulnerability | Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. | Vulnerebility | |
| 11.1.26 | CISA retires 10 emergency cyber orders in rare bulk closure | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. | BigBrothers | |
| 11.1.26 | New China-linked hackers breach telcos using edge device exploits | A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. | APT | |
| 10.1.26 | MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors | The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East | APT | The Hacker News |
| 10.1.26 | Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime | Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe . As part of an operation conducted | CyberCrime | The Hacker News |
| 10.1.26 | FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs | The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. | APT | |
| 10.1.26 | VMware ESXi zero-days likely exploited a year before disclosure | Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. | Exploit | |
| 10.1.26 | Cisco switches hit by reboot loops due to DNS client bug | Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by BleepingComputer. | Vulnerebility | |
| 10.1.26 | Texas court blocks Samsung from tracking TV viewing, then vacates order | The State of Texas obtained a short-lived, temporary restraining order (TRO) against Samsung that prohibited the South Korean company from collecting audio and visual data about what Texas consumers are watching on their TVs. | Security | |
| 10.1.26 | Six for 2026: The cyber threats you can’t ignore | Cybersecurity threats in 2026 are accelerating, driven by AI, automation, and more effective social engineering. Corelight outlines six emerging attack trends and explains how network visibility can help defenders respond faster. | Cyber | |
| 10.1.26 | Microsoft to enforce MFA for Microsoft 365 admin center sign-ins | Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. | Safety | |
| 10.1.26 | Cisco warns of Identity Service Engine flaw with exploit code | Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. | Exploit | |
| 10.1.26 | CISA tags max severity HPE OneView flaw as actively exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. | Exploit | |
| 10.1.26 | New GoBruteforcer attack wave targets crypto, blockchain projects | A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. | AI | |
| 10.1.26 | Critical jsPDF flaw lets hackers steal secrets via generated PDFs | The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. | Vulnerebility | |
| 10.1.26 | Max severity Ni8mare flaw lets hackers hijack n8n servers | A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. | Vulnerebility | |
| 10.1.26 | In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT | Cybercriminals are increasingly using AI to lower the barrier to entry for fraud and hacking, shifting from skill-based to AI-assisted attacks known as "vibe hacking." Flare examines how underground forums promote AI tools, jailbreak techniques, and so-called "Hacking-GPT" services that promise ease rather than technical mastery. | AI | |
| 10.1.26 | ownCloud urges users to enable MFA after credential theft reports | File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data. | Security | |
| 10.1.26 | New Veeam vulnerabilities expose backup servers to RCE attacks | Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. | Vulnerebility | |
| 10.1.26 | UK announces plan to strengthen public sector cyber defenses | The United Kingdom has announced a new cybersecurity strategy, backed by more than £210 million ($283 million), to boost cyber defenses across government departments and the wider public sector. | BigBrothers | |
| 10.1.26 | Taiwan says China's attacks on its energy sector increased tenfold | The National Security Bureau in Taiwan says that China's attacks on the country's energy sector increased tenfold in 2025 compared to the previous year. | BigBrothers | |
| 10.1.26 | Microsoft cancels plans to rate limit Exchange Online bulk emails | Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. | Security | |
| 10.1.26 | New D-Link flaw in legacy DSL routers actively exploited in attacks | Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. | Exploit | |
| 10.1.26 | Kimwolf Android botnet abuses residential proxies to infect internal devices | The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. | BotNet | |
| 10.1.26 | The Great VM Escape: ESXi Exploitation in the Wild | Based on indicators we observed, including the workstation name the threat actor was operating from and other TTPs, the Huntress Tactical Response team assesses with high confidence that initial access occurred via SonicWall VPN. | Exploit | HUNTRESS |
| 10.1.26 | Unpacking the packer ‘pkr_mtsi’ | This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions. | Malware blog | REVERSINGLABS |
| 10.1.26 | 5 ways your firewall can keep ransomware out — and lock it down if it gets in | Ransomware continues to cripple organizations worldwide, draining budgets and halting operations. For IT teams already stretched thin, a single attack can mean days of downtime and irreversible data loss. | Ransom blog | SOPHOS |
| 10.1.26 | Human-in-the-loop security will define 2026: Predictions from Sophos experts | Cybersecurity in 2026 will be shaped by extremes: attackers operating with unprecedented speed and scale, and defenders navigating the widening gap between automation and human judgment. Sophos experts predict a year where the “little things” — basic hygiene, configuration discipline, visibility across platforms — will matter more than ever. | Cyber blog | SOPHOS |
| 10.1.26 | Winning the AI War: Why Preemptive Cyber Defense is the Only Viable Countermeasure for CISOs | The escalation of AI-driven cyber threats has fundamentally broken the traditional security lifecycle. For decades, the industry has operated on a reactive cadence: an attack occurs, indicators are gathered, and defenses are updated. This model assumes that defenders have time to react. | AI blog | Silent Push |
| 10.1.26 | Executive Summary The OPCOPRO “Truman Show” operation is a fully synthetic, AI‑powered investment scam that ... | AI blog | CHECKPOINT | |
| 10.1.26 | The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits | The year may be a little more than a week old, but threat actors have already amassed nearly 100 Proof of Concepts and newly exploited vulnerabilities. | Vulnerebility blog | |
| 10.1.26 | Initial Access Sales Accelerated Across Australia and New Zealand in 2025 | Cyble’s 2025 report analyzes Initial Access sales, ransomware operations, and data breaches shaping the cyber threat landscape in Australia and New Zealand. | APT blog | |
| 10.1.26 | Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) | A critical authentication bypass flaw, CVE-2025-13915, affects IBM API Connect. Singapore issues alert as IBM releases fixes. | Vulnerebility blog | |
| 10.1.26 | CISA Known Exploited Vulnerabilities Surged 20% in 2025 | CISA’s Known Exploited Vulnerabilities (KEV) catalog grew by 20% in 2025, including 24 vulnerabilities exploited by ransomware groups. | Exploit blog | |
| 10.1.26 | TRACKING RANSOMWARE : DEC 2025 | EXECUTIVE SUMMARY Ransomware activity in December 2025 highlights an evolution toward cartel-style, collaborative ecosystems, where initial access, persistence, encryption, and | Ransom blog | |
| 10.1.26 | Beyond MFA: Identity Abuse Through Token Interception and Consent Manipulation | EXECUTIVE SUMMARY Multi-Factor Authentication (MFA) has long been positioned as a definitive control against credential-based attacks. However, recent phishing campaigns | Phishing blog | |
| 10.1.26 | CYFIRMA ANNUAL INDUSTRIES REPORT 2025 : PART 2 | EXECUTIVE SUMMARY The CYFIRMA Industries Report provides cutting-edge cybersecurity insights and telemetry-driven statistics on global industries. Spanning the last 365 days and | ICS blog | |
| 10.1.26 | Resurgence of Scattered Lapsus$ hunters | Executive Summary: Recent monitoring of underground forums and Telegram communities has identified the resurgence of the Scattered Lapsus$ collective. The actors appear to be | APT blog | Cyfirma |
| 10.1.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | CVE-2020-12812, a five-year-old authentication bypass flaw that should have been relegated to history, is being actively exploited. Coming on the heels of two brand-new SAML authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) discovered in late 2025, Fortinet administrators must be on high alert and work to remediate them as quickly as possible, as the trend of network device exploitation is continuing. | Vulnerebility blog | Eclypsium |
| 10.1.26 | Phishing actors exploit complex routing and misconfigurations to spoof domains | Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. | Phishing blog | Microsoft blog |
| 10.1.26 | Ladvix: Inside a Self-Propagating ELF Malware with IoT Botnet Traits | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of a malicious ELF file infector that shares characteristics of IoT botnet malware. The sample demonstrates self-propagation capabilities, file system scanning, and selective infection mechanisms targeting other ELF binaries. | Malware blog | SonicWall |
| 10.1.26 | MongoBleed MongoDB SBE Use-After-Free (CVE-2025-6706 / CVE-2025-14847) | SonicWall Capture Labs threat research team became aware of the threats CVE-2025-6706 and CVE-2025-14847, assessed their impact, and developed mitigation measures for these vulnerabilities. CVE-2025-6706, also known as MongoDB SBE Use-After-Free, is a critical memory corruption vulnerability affecting MongoDB Server in versions 7.0.0 through 7.0.16. | Vulnerebility blog | SonicWall |
| 10.1.26 | Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk | The promise of AI-assisted development, or “vibe coding,” is undeniable: unprecedented speed and productivity for development teams. In a landscape defined by complex cloud-native architectures and intense demand for new software, this force multiplier is rapidly becoming standard practice. | AI blog | Palo Alto |
| 10.1.26 | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | This article details our technical analysis of VVS stealer, also styled VVS $tealer, including its distributors’ use of obfuscation and detection evasion. | Malware blog | Palo Alto |
| 10.1.26 | Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns | GoBruteforcer (also called GoBrut) is a modular botnet, written in Go, that brute-forces user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. The botnet spreads through a chain of web shell, downloader, IRC bot, and bruteforcer modules. | BotNet blog | CHECKPOINT |
| 10.1.26 | UAT-7290 targets high value telecommunications infrastructure in South Asia | Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia. | APT blog | |
| 10.1.26 | Resolutions, shmesolutions (and what’s actually worked for me) | Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure. | APT blog | |
| 10.1.26 | How Cisco Talos powers the solutions protecting your organization | What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how. | Security blog | |
| 10.1.26 | Credential stuffing: What it is and how to protect yourself | Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts | Incident blog | Eset |
| 10.1.26 | The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics | Trellix provides an in-depth analysis of CrazyHunter ransomware and its attack flow, which has emerged as a significant and concerning threat. | Hacking blog | Trelix |
| 10.1.26 | China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines | Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have | APT | The Hacker News |
| 10.1.26 | Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations | Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear | APT | The Hacker News |
| 10.1.26 | Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions | Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that | Vulnerebility | The Hacker News |
| 10.1.26 | CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of | BigBrothers | The Hacker News |
| 9.1.26 | FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing | The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing | Hack | The Hacker News |
| 9.1.26 | Jaguar Land Rover wholesale volumes down 43% after cyberattack | Jaguar Land Rover (JLR) revealed this week that a September 2025 cyberattack led to a 43% decline in third-quarter wholesale volumes. | Hack | |
| 9.1.26 | Sedgwick confirms breach at government contractor subsidiary | Claims administration and risk management company Sedgwick has confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was the victim of a security breach. | Incindent | |
| 9.1.26 | How generative AI accelerates identity attacks against Active Directory | Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. | AI | |
| 9.1.26 | Are Copilot prompt injection flaws vulnerabilities or AI limits? | Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. | AI | |
| 9.1.26 | Cloud file-sharing sites targeted for corporate data theft attacks | A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. | Incindent | |
| 9.1.26 | ClickFix attack uses fake Windows BSOD screens to push malware | A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. | Hack | |
| 9.1.26 | US broadband provider Brightspeed investigates breach claims | Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. | Incindent | |
| 9.1.26 | VSCode IDE forks expose users to "recommended extension" attacks | Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. | Hack | |
| 9.1.26 | Ledger customers impacted by third-party Global-e data breach | Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. | Incindent | |
| 9.1.26 | Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome | As agentic AI adoption accelerates, identity is emerging as the primary security challenge. Token Security explains why AI agents behave like a new class of identity and why CISOs must manage their access, lifecycle, and risk. | AI | |
| 9.1.26 | NordVPN denies breach claims, says attackers have "dummy data" | NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. | Incindent | |
| 8.1.26 | WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging | Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. | Social | The Hacker News |
| 8.1.26 | China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes | A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which | APT | The Hacker News |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 8.1.26 | Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages | Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the | Virus | The Hacker News |
| 8.1.26 | Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances | Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. | Vulnerebility | The Hacker News |
| 8.1.26 | OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls | Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about | AI | The Hacker News |
| 8.1.26 | CNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors | Hack | Weixin.qq |
| 8.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 8.1.26 | Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches | A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick | Virus | The Hacker News |
| 8.1.26 | Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control | Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote | Vulnerebility | The Hacker News |
| 8.1.26 | n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions | Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution | Vulnerebility | The Hacker News |
| 8.1.26 | Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication | Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The | Vulnerebility | The Hacker News |
| 7.1.26 | Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing | Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute | Phishing | The Hacker News |
| 7.1.26 | Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers | A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS | Vulnerebility | The Hacker News |
| 7.1.26 | Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users | Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations | AI | The Hacker News |
| 7.1.26 | Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover | The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote | Vulnerebility | The Hacker News |
| 7.1.26 | Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat | Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix -style lures to display fixes for fake blue | Virus | The Hacker News |
| 7.1.26 | VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX | Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend | Hack | The Hacker News |
| 6.1.26 | New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands | A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system | Vulnerebility | The Hacker News |
| 6.1.26 | Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government | The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver | APT | The Hacker News |
| 6.1.26 | Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks | The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved | BotNet | The Hacker News |
| 5.1.26 | Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act | Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. | Cryptocurrency | The Hacker News |
| 5.1.26 | New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code | Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord | Virus | The Hacker News |
| 4.1.26 | Hackers claim to hack Resecurity, firm says it was a honeypot | The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. | Cyber | |
| 4.1.26 | Covenant Health says May data breach impacted nearly 478,000 patients | The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. | Incindent | |
| 4.1.26 | Cryptocurrency theft attacks traced to 2022 LastPass breach | Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. | Cryptocurrency | |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 4.1.26 | Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack | Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. | Cryptocurrency | |
| 3.1.26 | The biggest cybersecurity and cyberattack stories of 2025 | 2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025. | Cyber | |
| 3.1.26 | New GlassWorm malware wave targets Macs with trojanized crypto wallets | A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. | Virus | |
| 3.1.26 | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices | Security | |
| 3.1.26 | Hackers drain $3.9M from Unleash Protocol after multisig hijack | The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. | Cryptocurrency | |
| 3.1.26 | RondoDox botnet exploits React2Shell flaw to breach Next.js servers | The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. | BotNet | |
| 3.1.26 | IBM warns of critical API Connect auth bypass vulnerability | IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. | Vulnerebility | |
| 3.1.26 | Disney will pay $10 million to settle children's data privacy lawsuit | A federal judge has approved an order requiring Disney to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. | Incindent | |
| 3.1.26 | New ErrTraffic service enables ClickFix attacks via fake browser glitches | A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions | Hack | |
| 3.1.26 | European Space Agency confirms breach of "external servers" | The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities. | BigBrothers | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Zoom Stealer browser extensions harvest corporate meeting intelligence | A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. | Virus | |
| 3.1.26 | US cybersecurity experts plead guilty to BlackCat ransomware attacks | Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023 | Ransom | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Chinese state hackers use rootkit to hide ToneShell malware activity | A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. | Virus | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Hacker arrested for KMSAuto malware campaign with 2.8 million downloads | A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. | Virus | |
| 3.1.26 | Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack | Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. | Cryptocurrency | |
| 3.1.26 | The Real-World Attacks Behind OWASP Agentic AI Top 10 | OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused. | AI | |
| 3.1.26 | Romanian energy provider hit by Gentlemen ransomware attack | A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. | Ransom | |
| 3.1.26 | Former Coinbase support agent arrested for helping hackers | A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. | Cryptocurrency | |
| 3.1.26 | Korean Air data breach exposes data of thousands of employees | Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. | Incindent | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit | |
| 3.1.26 | Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed | A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. | Vulnerebility | |
| 3.1.26 | Hacker claims to leak WIRED database with 2.3 million records | A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. | Incindent | |
| 3.1.26 | Massive Rainbow Six Siege breach gives players billions of credits | Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. | Incindent | |
| 3.1.26 | Fake Grubhub emails promise tenfold return on sent cryptocurrency | Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. | Cryptocurrency | |
| 3.1.26 | Trust Wallet confirms extension hack led to $7 million crypto theft | Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. | Cryptocurrency | |
| 3.1.26 | Fake MAS Windows activation domain used to spread PowerShell malware | A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader' | Virus | BleepingComputer |
| 3.1.26 | Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia | The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan | Virus | The Hacker News |
| 2.1.26 | Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign | Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's | CyberCrime | The Hacker News |
| 2.1.26 | RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers | Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. | BotNet | The Hacker News |