Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
February 5, 2026 – Malware
Hugging Face abused to spread thousands of Android malware variants Full Text
Abstract
A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.Bleeping Computer
February 5, 2026 – Breach
Notepad++ users take note: It’s time to check if you’re hacked Full Text
Abstract
A critical security breach has been identified in the update infrastructure of Notepad++, a widely used text editor for Windows. The breach, attributed to suspected Chinese state hackers.ArsTechnica
February 5, 2026 – Vulnerabilities
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Full Text
Abstract
Two critical vulnerabilities, collectively known as "LookOut," have been identified in Google Looker, a business intelligence platform used by over 60,000 organizations globally.Help Net Security
February 5, 2026 – Breach
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes Full Text
Abstract
A recent cloud breach highlights the dangers of exposed AWS credentials and AI-assisted attacks. An attacker gained full admin access to a company's cloud environment in just eight minutes.Hack Read
February 5, 2026 – Government
CISA warns of five-year-old GitLab flaw exploited in attacks Full Text
Abstract
CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.Bleeping Computer
February 4, 2026 – Breach
Seattle-area neurologist warns 13,500 people of data breach that leaked SSNs, medical info Full Text
Abstract
A data breach has occurred at Neurological Associates of Washington, affecting 13,500 individuals. The breach involved the theft of sensitive information, including Social Security numbers and medical records, by the ransomware group DragonForce.CompariTech
February 4, 2026 – Government
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab, posing significant security risks to affected systems.Security Affairs
February 4, 2026 – Vulnerabilities
Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities Full Text
Abstract
Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud and Foxit eSign. These vulnerabilities could allow attackers to execute arbitrary JavaScript within a user's browser.The Cyber Express
February 4, 2026 – Phishing
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Full Text
Abstract
Microsoft has identified a growing threat where Python-based infostealers are targeting macOS environments. These attacks exploit cross-platform capabilities and trusted platforms to distribute malware at scale.The Hacker News
February 4, 2026 – Phishing
How fake party invitations are being used to install remote access tools Full Text
Abstract
A sophisticated social engineering campaign is targeting Windows users in the UK by using fake party invitations to install ScreenConnect, a legitimate remote access tool, for malicious purposes.Malware Bytes
February 3, 2026 – APT
Russian hackers exploit recently patched Microsoft Office bug in attacks Full Text
Abstract
APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.Bleeping Computer
February 3, 2026 – Breach
Portland, ME schools warn 12,000+ people of data breach that leaked SSNs, financial and medical info Full Text
Abstract
Portland Public Schools in Maine has confirmed a data breach affecting over 12,000 individuals, compromising sensitive personal information. The breach was claimed by the ransomware group RansomHub, known for targeting educational institutions.CompariTech
February 3, 2026 – Breach
Colorado clinic warns 65,000+ people of data breach that leaked SSNs, credit cards, and medical info Full Text
Abstract
A significant data breach at Alpine Ear, Nose & Throat has compromised the personal information of over 65,000 individuals. The breach, attributed to the ransomware group BianLian, involved the theft of sensitive data.CompariTech
February 3, 2026 – Attack
Notepad++ hijacking linked to Chinese Lotus Blossom crew Full Text
Abstract
A sophisticated malware campaign leveraging Pulsar RAT has been identified, targeting Windows systems. This campaign employs advanced techniques to evade detection and maintain persistent access, posing a significant threat to affected systems.The Register
February 3, 2026 – Breach
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms Full Text
Abstract
Panera Bread has confirmed a data breach affecting 5.1 million accounts, significantly fewer than the initially reported 14 million. The breach involved the exposure of contact information, including email addresses and physical addresses.Security Affairs
February 2, 2026 – Breach
California tribal clinics warn patients of data breach that leaked SSNs and medical info Full Text
Abstract
A data breach has occurred at the MACT Health Board, affecting several clinics in California's Sierra Foothills. The breach, attributed to the ransomware group Rhysida, has compromised sensitive personal and medical information of patients.CompariTech
February 2, 2026 – Vulnerabilities
Shadow Directories: A Unique Method to Hijack WordPress Permalinks Full Text
Abstract
A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.Sucuri
February 2, 2026 – Vulnerabilities
Privileged File System Vulnerability Present in a SCADA System Full Text
Abstract
A vulnerability identified as CVE-2025-0921 has been discovered in the Iconics Suite, a SCADA system used for industrial process control. This vulnerability allows for execution with unnecessary privileges, potentially leading to a DoS condition.Palo Alto Network
February 2, 2026 – Attack
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Full Text
Abstract
The RedKitten cyber campaign, attributed to a Farsi-speaking threat actor aligned with Iranian state interests, targets NGOs and individuals documenting human rights abuses in Iran.The Hacker News
February 2, 2026 – Breach
CrossCurve Bridge Hacked for $3M After Smart Contract Validation Vulnerability Exploited Full Text
Abstract
The CrossCurve bridge suffered a cyberattack resulting in a $3 million loss. Attackers exploited a vulnerability in the smart contract infrastructure, specifically a gateway validation bypass within the ReceiverAxelar contract.The Cyber Express
January 31, 2026 – Botnet
Aisuru botnet sets new record with 31.4 Tbps DDoS attack Full Text
Abstract
The Aisuru botnet has set a new record with a massive DDoS attack, peaking at 31.4 Tbps and 200 million requests per second. This unprecedented attack targeted multiple companies, primarily in the telecommunications sector.Bleeping Computer
January 31, 2026 – Attack
Supply chain attack on eScan antivirus: detecting and remediating malicious updates Full Text
Abstract
A supply chain attack targeted eScan antivirus software, distributing malware through its update server. The attack involved a malicious file that initiated a multi-stage infection chain.Secure List
January 31, 2026 – Breach
ShinyHunters claims it stole10M records from dating apps Full Text
Abstract
ShinyHunters, a notorious extortion group, has claimed responsibility for a data breach affecting Match Group, a company that owns popular dating platforms such as Hinge, Match.com, and OkCupid. The breach reportedly involves over 10 million records.The Register
January 31, 2026 – Breach
Researcher’s Notebook: Inside the EmEditor supply chain compromise Full Text
Abstract
The EmEditor supply chain compromise involved tampering with Windows Installer (MSI) packages to embed malicious scripts. The attackers used look-alike domains and command-and-control (C2) infrastructure to execute their operations.Reversing Labs
January 30, 2026 – Malware
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access Full Text
Abstract
ShadowHS is an advanced fileless Linux exploitation framework designed for stealthy, in-memory operations. It enables attackers to maintain long-term access to compromised systems without leaving persistent traces.The Cyber Express
January 30, 2026 – Breach
Marquis blames ransomware breach on SonicWall cloud backup hack Full Text
Abstract
Marquis Software Solutions, a financial services provider, experienced a ransomware attack attributed to a breach of SonicWall's cloud backup service. This incident affected numerous U.S. banks and credit unions.Bleeping Computer
January 30, 2026 – Attack
Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models Full Text
Abstract
Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.Hack Read
January 30, 2026 – Vulnerabilities
Ivanti warns of two EPMM flaws exploited in zero-day attacks Full Text
Abstract
Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.Bleeping Computer
January 30, 2026 – Vulnerabilities
Security Researcher Finds Exposed Admin Panel for AI Toy Full Text
Abstract
A critical security vulnerability was discovered in the Bondu AI toy, where an exposed admin panel allowed unauthorized access to sensitive data, including children's personal information and conversation transcripts.The Cyber Express
January 30, 2026 – Ransomware
MongoDB Ransomware Is Still Actively Hitting Exposed Databases Full Text
Abstract
MongoDB ransomware continues to be a significant threat, primarily targeting exposed databases due to misconfigurations. Attackers exploit these vulnerabilities by scanning for open MongoDB instances, deleting data, and demanding ransoms.ESecurity Planet
January 28, 2026 – Outage
Russian security systems firm Delta hit by cyberattack, services disrupted Full Text
Abstract
Delta, a prominent Russian provider of alarm and security systems, has experienced a significant cyberattack, leading to widespread service disruptions. The attack, described as large-scale and coordinated, has affected the company's operations.The Record
January 28, 2026 – Government
U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.Security Affairs
January 28, 2026 – Vulnerabilities
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core Full Text
Abstract
A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.Infosesecurity Magazine
January 28, 2026 – Vulnerabilities
Critical sandbox escape flaw found in popular vm2 NodeJS library Full Text
Abstract
A critical vulnerability, CVE-2026-22709, has been identified in the vm2 Node.js sandbox library, which allows attackers to escape the sandbox and execute arbitrary code on the host system.Bleeping Computer
January 28, 2026 – Breach
Nike investigates data breach after extortion gang leaks files Full Text
Abstract
Nike is investigating a potential cybersecurity incident after World Leaks claimed to have stolen and leaked 1.4TB of corporate data, including nearly 190,000 files related to business operations.Bleeping Computer
January 28, 2026 – Attack
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Full Text
Abstract
Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.The Hacker News
January 28, 2026 – Criminals
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect Full Text
Abstract
A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.Cyber Scoop
January 28, 2026 – Phishing
There’s a rash of scam spam coming from a real Microsoft address Full Text
Abstract
A recent phishing scam has been identified, exploiting a legitimate Microsoft email address to deliver scam emails. This advisory provides details on the scam's operation and its implications.Ars Technica
January 27, 2026 – Vulnerabilities
Emergency Microsoft update fixes in-the-wild Office zero-day Full Text
Abstract
Microsoft has released an emergency update to address a critical 0-day bug affecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.Security Affairs
January 27, 2026 – Breach
Cybercriminals say they sold data stolen from US medical manufacturer Full Text
Abstract
A significant data breach at Cytek Biosciences, a medical manufacturer based in Fremont, California, has been attributed to the ransomware group Rhysida. This breach has compromised sensitive personal and financial information of 331 individuals.CompariTech
January 26, 2026 – Breach
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment Full Text
Abstract
The ShinyHunters hacking group has allegedly leaked millions of user records from SoundCloud, Crunchbase, and Betterment. This breach follows failed extortion attempts and raises concerns about potential links to an Okta vishing campaign.Hack Read
January 26, 2026 – Vulnerabilities
Critical VMware vCenter Server bug under attack Full Text
Abstract
A critical vulnerability, CVE-2024-37079, in VMware vCenter Server is being actively exploited. This vulnerability, an out-of-bounds write flaw in the DCERPC protocol, allows remote code execution.The Register
January 26, 2026 – Outage
Researchers say Russian government hackers were behind attempted Poland power outage Full Text
Abstract
A massive data breach has exposed 149 million credentials, including those from major platforms such as Facebook, Instagram, and government domains. This breach underscores the ongoing threat posed by infostealing malware.Tech Crunch
January 26, 2026 – Malware
Malicious AI extensions on VSCode Marketplace steal developer data Full Text
Abstract
Two malicious AI-based extensions on the VSCode Marketplace, installed 1.5 million times, exfiltrate developer data to China-based servers. These extensions are part of the 'MaliciousCorgi' campaign.Bleeping Computer
January 26, 2026 – Breach
Nike is investigating a possible data breach, after WorldLeaks claims Full Text
Abstract
Nike is currently investigating a potential data breach following claims by the WorldLeaks cybercrime group. The group alleges it has accessed and stolen 1.4TB of data from Nike's systems, raising concerns about consumer privacy and data security.Security Affairs
January 23, 2026 – Criminals
Crims hit the easy button for IT helpdesk scams Full Text
Abstract
The emergence of custom voice-phishing kits on dark web forums has significantly enhanced the ability of cybercriminals to conduct social engineering scams. These kits are being used to target Google, Microsoft, and Okta accounts.The Register
January 23, 2026 – Ransomware
INC ransomware opsec fail allowed data recovery for 12 US orgs Full Text
Abstract
An operational security failure by INC ransomware allowed researchers to recover data stolen from 12 US orgs. A forensic investigation that revealed the use of the Restic backup tool and exposed attacker infrastructure.Bleeping Computer
January 23, 2026 – Phishing
Phishing attacks abuse SharePoint, target energy orgs Full Text
Abstract
A sophisticated phishing campaign has been identified targeting energy-sector organizations. Attackers are exploiting Microsoft SharePoint services to harvest credentials and take over corporate email accounts, leading to widespread phishing attacks.The Register
January 23, 2026 – Government
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added four new vulnerabilities to its KEV Catalog. These vulnerabilities include improper access control, improper authentication, embedded malicious code, and remote file inclusion, affecting various software products.CISA
January 22, 2026 – Vulnerabilities
Fortinet admins report patched FortiGate firewalls getting hacked Full Text
Abstract
Fortinet's FortiGate firewalls are under attack due to a critical authentication bypass vulnerability that remains exploitable despite previous patch attempts. Attackers are leveraging this flaw to gain unauthorized access to systems.Bleeping Computer
January 22, 2026 – Breach
Hackers exploit security testing apps to breach Fortune 500 firms Full Text
Abstract
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing to breach cloud environments of Fortune 500 companies.Bleeping Computer
January 22, 2026 – Attack
PurpleBravo’s Targeting of the IT Software Supply Chain Full Text
Abstract
PurpleBravo, a North Korean state-sponsored threat group, poses a significant threat to the IT software supply chain. The group targets software developers, particularly in the cryptocurrency and software development sectors.Recorded Future
January 22, 2026 – Attack
Can you use too many LOLBins to drop some RATs? Full Text
Abstract
This advisory details a sophisticated attack leveraging Windows' built-in utilities, known as LOLBins (Living Off the Land Binaries), to deploy Remcos and NetSupport Manager, both of which are remote access tools often abused by cybercriminals.Malware Bytes
January 22, 2026 – Vulnerabilities
Cisco fixed actively exploited Unified Communications zero day Full Text
Abstract
Cisco has addressed a critical zero-day vulnerability, CVE-2026-20045, in its Unified Communications products. This flaw allows unauthenticated remote attackers to execute arbitrary commands on affected devices.Security Affairs
January 22, 2026 – Malware
New Android malware uses AI to click on hidden browser ads Full Text
Abstract
A new family of Android click-fraud trojans is leveraging TensorFlow machine learning models to interact with advertisement elements. This malware is distributed through Xiaomi's GetApps store and third-party APK sites.Bleeping Computer
January 21, 2026 – Vulnerabilities
Anthropic quietly fixed flaws in its Git MCP server Full Text
Abstract
Anthropic has addressed critical vulnerabilities in its Git MCP server that could allow remote code execution. These vulnerabilities, identified as CVE-2025-68145, CVE-2025-68143, and CVE-2025-68144, have been fixed in the latest update.The Register
January 21, 2026 – Vulnerabilities
AI framework flaws put enterprise clouds at risk of takeover Full Text
Abstract
Two critical vulnerabilities in the Chainlit AI framework, CVE-2026-22218 and CVE-2026-22219, pose significant risks to enterprise cloud environments. These vulnerabilities could lead to data leaks or full system takeovers.The Register
January 21, 2026 – Vulnerabilities
Vulnerabilities in Rockwell Automation Verve Asset Manager Allow Unauthorized Access to Sensitive Information Full Text
Abstract
Rockwell Automation's Verve Asset Manager has been found to have vulnerabilities that could allow attackers to access sensitive information. These bugs, identified as CVE-2025-14376 and CVE-2025-14377, affect multiple versions of the product.CISA
January 21, 2026 – Attack
Inside a Multi-Stage Windows Malware Campaign Full Text
Abstract
A sophisticated multi-stage malware campaign is targeting Microsoft Windows users, primarily in Russia. The attack leverages social engineering, security control bypass, and ransomware deployment.Fortinet
January 21, 2026 – Phishing
Hackers target Afghan government workers with fake correspondence from senior officials Full Text
Abstract
A phishing campaign has been identified targeting Afghan government employees with emails disguised as official correspondence from the office of the prime minister. The campaign uses a decoy document to deliver malware named FalseCub.The Record
January 21, 2026 – Breach
Everest Ransomware Claims McDonalds India Breach Involving Customer Data Full Text
Abstract
The Everest ransomware group has claimed responsibility for a significant data breach involving McDonald's India. The group alleges to have exfiltrated 861 GB of sensitive data, including customer information and internal company documents.Hack Read
January 20, 2026 – General
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns Full Text
Abstract
Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years.Infosecurity Magazine
January 20, 2026 – Vulnerabilities
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Full Text
Abstract
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.The Hacker News
January 20, 2026 – Criminals
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion Full Text
Abstract
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations. The closure of Tudou is a significant blow to the Southeast Asian scam economy.The Hacker News
January 20, 2026 – Vulnerabilities
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs Full Text
Abstract
A new hardware vulnerability, named StackWarp, has been identified in AMD processors, specifically affecting Zen 1 through Zen 5 models. This flaw allows attackers with privileged control over host servers to execute malicious code within CVMs.The Hacker News
January 20, 2026 – Malware
Fake ad blocker extension crashes the browser for ClickFix attacks Full Text
Abstract
A malicious ad-blocker extension called NexShield has been discovered, targeting Chrome and Edge users through a malvertising campaign. This extension creates a DoS condition by generating infinite connections, leading to browser crashes.Bleeping Computer
January 20, 2026 – Malware
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion Full Text
Abstract
A new strain of malware known as PDFSider has been deployed in ransomware attacks against a Fortune 100 company in the finance sector. Attackers utilized social engineering tactics.ReSecurity
January 20, 2026 – Government
UK govt. warns about ongoing Russian hacktivist group attacks Full Text
Abstract
The UK government has issued a warning about ongoing DDoS attacks by the Russian-aligned hacktivist group NoName057(16), targeting critical infrastructure and local government organizations.Bleeping Computer
January 19, 2026 – Vulnerabilities
Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites – Hackread – Cybersecurity News, Data Breaches, AI, and More Full Text
Abstract
A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.Hack Read
January 19, 2026 – Breach
Ingram Micro admits ransomware raid exposed staff records Full Text
Abstract
Ingram Micro experienced a significant ransomware attack in July 2025, compromising the personal data of over 42,000 employees. The attack, claimed by the ransomware group SafePay, resulted in substantial operational disruptions and data exposure.The Register
January 19, 2026 – Attack
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Full Text
Abstract
The Evelyn Stealer campaign targets software developers by exploiting the Visual Studio Code (VSC) extension ecosystem. This sophisticated attack chain involves a multistage delivery method designed to exfiltrate sensitive information.Trend Micro
January 19, 2026 – Attack
Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi Full Text
Abstract
Anti-regime activists hijacked Iran’s Badr satellite and briefly took control of state TV channels to broadcast messages from Crown Prince Reza Pahlavi, calling for protests against the Islamic Republic.Security Affairs
January 19, 2026 – Breach
StealC hackers hacked as researchers hijack malware control panels Full Text
Abstract
An XSS vulnerability in the StealC malware's control panel has been exploited by researchers to gather intelligence on the malware operators. This flaw allowed researchers to hijack sessions and collect data on the attackers' hardware and location.Bleeping Computer
January 19, 2026 – General
Global tensions are pushing cyber activity toward dangerous territory Full Text
Abstract
The intersection of cybersecurity and geopolitics is becoming increasingly pronounced, with state-sponsored cyber operations being used as tools of political influence and conflict.Help Net Security
January 19, 2026 – Policy and Law
A new European standard outlines security requirements for AI Full Text
Abstract
The European Telecommunications Standards Institute (ETSI) has introduced a new standard, ETSI EN 304 223, to address cybersecurity requirements for AI models and systems. This standard is crucial for security teams working with AI.Help Net Security
January 19, 2026 – General
When the Olympics connect everything, attackers pay attention Full Text
Abstract
The Milan Cortina 2026 Winter Olympic Games present a significant cybersecurity challenge. This includes temporary networks, pop-up systems, and numerous partnerships, all of which create a target-rich environment for cyber threat actors.Help Net Security
January 19, 2026 – Breach
Canadian investment regulator confirms hackers hit 750,000 investors Full Text
Abstract
The Canadian Investment Regulatory Organization (CIRO) has confirmed a data breach affecting approximately 750,000 investors due to a sophisticated phishing attack. CIRO confirmed that login credentials were not at risk during the breach.The Record
January 17, 2026 – APT
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure Full Text
Abstract
A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.The Hacker News
January 17, 2026 – Vulnerabilities
Critical Vulnerability in Festo Firmware Affects Multiple Products Full Text
Abstract
A critical vulnerability has been identified in the firmware of multiple Festo products, affecting a wide range of devices used in critical manufacturing sectors globally. The vulnerability is tracked as CVE-2022-3270.CISA
January 17, 2026 – Vulnerabilities
Bankrupt scooter startup’s single key controlled everything Full Text
Abstract
An Estonian e-scooter company, Äike, which has gone bankrupt, left a significant security flaw in its devices. The scooters were shipped with a default private key that was never individualized, allowing any scooter to be unlocked using the same key.The Register
January 17, 2026 – Botnet
RondoDox botnet exploits critical HPE OneView bug Full Text
Abstract
A critical vulnerability in HPE OneView, identified as CVE-2025-37164, is being exploited at scale by the RondoDox botnet. This remote code execution flaw has a perfect 10 CVSS severity score.The Register
January 17, 2026 – Attack
TamperedChef serves bad ads, with infostealers as the main course Full Text
Abstract
The TamperedChef campaign is a sophisticated malvertising operation leveraging Google Ads to distribute infostealer. This campaign targets users searching for PDF software, redirecting them to malicious sites.Sophos
January 16, 2026 – Vulnerabilities
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads Full Text
Abstract
A critical vulnerability, CVE-2025-68493, has been identified in Apache Struts 2, affecting versions 2.0.0 through 6.1.0. This flaw, discovered by Zast AI, involves unsafe XML parsing in the XWork component, which can lead to system crashes.Hack Read
January 16, 2026 – Breach
Texas behavioral health center warns patients of data breach that leaked SSNs, medical info Full Text
Abstract
Spindletop Center, a behavioral health clinic in Texas, experienced a significant data breach in September 2025. Rhysida ransomware claimed responsibility for the attack, demanding a ransom of 15 bitcoin, equivalent to $1.65 million at the time.CompariTech
January 16, 2026 – Malware
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs Full Text
Abstract
The GhostPoster malware campaign has been active for five years, affecting over 840,000 users through browser extensions on Chrome, Firefox, and Edge. The malware uses hidden payloads within PNG images to evade detection.Hack Read
January 16, 2026 – Phishing
China spies used Maduro capture as lure to phish US agencies Full Text
Abstract
Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.The Register
January 16, 2026 – Vulnerabilities
CISA’s secure-software buying tool had a simple XSS vulnerability of its own Full Text
Abstract
An XSS vulnerability was discovered in CISA's "Software Acquisition Guide: Supplier Response Web Tool." This vulnerability allowed attackers to inject malicious JavaScript into the web page, potentially affecting other users and defacing the website.Cyber Scoop