January, 2026
January 31, 2026 – Botnet
Aisuru botnet sets new record with 31.4 Tbps DDoS attack Full Text
Abstract
The Aisuru botnet has set a new record with a massive DDoS attack, peaking at 31.4 Tbps and 200 million requests per second. This unprecedented attack targeted multiple companies, primarily in the telecommunications sector.Bleeping Computer
January 31, 2026 – Attack
Supply chain attack on eScan antivirus: detecting and remediating malicious updates Full Text
Abstract
A supply chain attack targeted eScan antivirus software, distributing malware through its update server. The attack involved a malicious file that initiated a multi-stage infection chain.Secure List
January 31, 2026 – Breach
ShinyHunters claims it stole10M records from dating apps Full Text
Abstract
ShinyHunters, a notorious extortion group, has claimed responsibility for a data breach affecting Match Group, a company that owns popular dating platforms such as Hinge, Match.com, and OkCupid. The breach reportedly involves over 10 million records.The Register
January 31, 2026 – Breach
Researcher’s Notebook: Inside the EmEditor supply chain compromise Full Text
Abstract
The EmEditor supply chain compromise involved tampering with Windows Installer (MSI) packages to embed malicious scripts. The attackers used look-alike domains and command-and-control (C2) infrastructure to execute their operations.Reversing Labs
January 30, 2026 – Malware
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access Full Text
Abstract
ShadowHS is an advanced fileless Linux exploitation framework designed for stealthy, in-memory operations. It enables attackers to maintain long-term access to compromised systems without leaving persistent traces.The Cyber Express
January 30, 2026 – Breach
Marquis blames ransomware breach on SonicWall cloud backup hack Full Text
Abstract
Marquis Software Solutions, a financial services provider, experienced a ransomware attack attributed to a breach of SonicWall's cloud backup service. This incident affected numerous U.S. banks and credit unions.Bleeping Computer
January 30, 2026 – Attack
Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models Full Text
Abstract
Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.Hack Read
January 30, 2026 – Vulnerabilities
Ivanti warns of two EPMM flaws exploited in zero-day attacks Full Text
Abstract
Ivanti has disclosed two critical zero-day vulnerabilities in Ivanti EPMM, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable devices without authentication.Bleeping Computer
January 30, 2026 – Vulnerabilities
Security Researcher Finds Exposed Admin Panel for AI Toy Full Text
Abstract
A critical security vulnerability was discovered in the Bondu AI toy, where an exposed admin panel allowed unauthorized access to sensitive data, including children's personal information and conversation transcripts.The Cyber Express
January 30, 2026 – Ransomware
MongoDB Ransomware Is Still Actively Hitting Exposed Databases Full Text
Abstract
MongoDB ransomware continues to be a significant threat, primarily targeting exposed databases due to misconfigurations. Attackers exploit these vulnerabilities by scanning for open MongoDB instances, deleting data, and demanding ransoms.ESecurity Planet
January 28, 2026 – Outage
Russian security systems firm Delta hit by cyberattack, services disrupted Full Text
Abstract
Delta, a prominent Russian provider of alarm and security systems, has experienced a significant cyberattack, leading to widespread service disruptions. The attack, described as large-scale and coordinated, has affected the company's operations.The Record
January 28, 2026 – Government
U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.Security Affairs
January 28, 2026 – Vulnerabilities
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core Full Text
Abstract
A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.Infosesecurity Magazine
January 28, 2026 – Vulnerabilities
Critical sandbox escape flaw found in popular vm2 NodeJS library Full Text
Abstract
A critical vulnerability, CVE-2026-22709, has been identified in the vm2 Node.js sandbox library, which allows attackers to escape the sandbox and execute arbitrary code on the host system.Bleeping Computer
January 28, 2026 – Breach
Nike investigates data breach after extortion gang leaks files Full Text
Abstract
Nike is investigating a potential cybersecurity incident after World Leaks claimed to have stolen and leaked 1.4TB of corporate data, including nearly 190,000 files related to business operations.Bleeping Computer
January 28, 2026 – Attack
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Full Text
Abstract
Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.The Hacker News
January 28, 2026 – Criminals
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect Full Text
Abstract
A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.Cyber Scoop
January 28, 2026 – Phishing
There’s a rash of scam spam coming from a real Microsoft address Full Text
Abstract
A recent phishing scam has been identified, exploiting a legitimate Microsoft email address to deliver scam emails. This advisory provides details on the scam's operation and its implications.Ars Technica
January 27, 2026 – Vulnerabilities
Emergency Microsoft update fixes in-the-wild Office zero-day Full Text
Abstract
Microsoft has released an emergency update to address a critical 0-day bug affecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.Security Affairs
January 27, 2026 – Breach
Cybercriminals say they sold data stolen from US medical manufacturer Full Text
Abstract
A significant data breach at Cytek Biosciences, a medical manufacturer based in Fremont, California, has been attributed to the ransomware group Rhysida. This breach has compromised sensitive personal and financial information of 331 individuals.CompariTech
January 26, 2026 – Breach
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment Full Text
Abstract
The ShinyHunters hacking group has allegedly leaked millions of user records from SoundCloud, Crunchbase, and Betterment. This breach follows failed extortion attempts and raises concerns about potential links to an Okta vishing campaign.Hack Read
January 26, 2026 – Vulnerabilities
Critical VMware vCenter Server bug under attack Full Text
Abstract
A critical vulnerability, CVE-2024-37079, in VMware vCenter Server is being actively exploited. This vulnerability, an out-of-bounds write flaw in the DCERPC protocol, allows remote code execution.The Register
January 26, 2026 – Outage
Researchers say Russian government hackers were behind attempted Poland power outage Full Text
Abstract
A massive data breach has exposed 149 million credentials, including those from major platforms such as Facebook, Instagram, and government domains. This breach underscores the ongoing threat posed by infostealing malware.Tech Crunch
January 26, 2026 – Malware
Malicious AI extensions on VSCode Marketplace steal developer data Full Text
Abstract
Two malicious AI-based extensions on the VSCode Marketplace, installed 1.5 million times, exfiltrate developer data to China-based servers. These extensions are part of the 'MaliciousCorgi' campaign.Bleeping Computer
January 26, 2026 – Breach
Nike is investigating a possible data breach, after WorldLeaks claims Full Text
Abstract
Nike is currently investigating a potential data breach following claims by the WorldLeaks cybercrime group. The group alleges it has accessed and stolen 1.4TB of data from Nike's systems, raising concerns about consumer privacy and data security.Security Affairs
January 23, 2026 – Criminals
Crims hit the easy button for IT helpdesk scams Full Text
Abstract
The emergence of custom voice-phishing kits on dark web forums has significantly enhanced the ability of cybercriminals to conduct social engineering scams. These kits are being used to target Google, Microsoft, and Okta accounts.The Register
January 23, 2026 – Ransomware
INC ransomware opsec fail allowed data recovery for 12 US orgs Full Text
Abstract
An operational security failure by INC ransomware allowed researchers to recover data stolen from 12 US orgs. A forensic investigation that revealed the use of the Restic backup tool and exposed attacker infrastructure.Bleeping Computer
January 23, 2026 – Phishing
Phishing attacks abuse SharePoint, target energy orgs Full Text
Abstract
A sophisticated phishing campaign has been identified targeting energy-sector organizations. Attackers are exploiting Microsoft SharePoint services to harvest credentials and take over corporate email accounts, leading to widespread phishing attacks.The Register
January 23, 2026 – Government
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added four new vulnerabilities to its KEV Catalog. These vulnerabilities include improper access control, improper authentication, embedded malicious code, and remote file inclusion, affecting various software products.CISA
January 22, 2026 – Vulnerabilities
Fortinet admins report patched FortiGate firewalls getting hacked Full Text
Abstract
Fortinet's FortiGate firewalls are under attack due to a critical authentication bypass vulnerability that remains exploitable despite previous patch attempts. Attackers are leveraging this flaw to gain unauthorized access to systems.Bleeping Computer
January 22, 2026 – Breach
Hackers exploit security testing apps to breach Fortune 500 firms Full Text
Abstract
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing to breach cloud environments of Fortune 500 companies.Bleeping Computer
January 22, 2026 – Attack
PurpleBravo’s Targeting of the IT Software Supply Chain Full Text
Abstract
PurpleBravo, a North Korean state-sponsored threat group, poses a significant threat to the IT software supply chain. The group targets software developers, particularly in the cryptocurrency and software development sectors.Recorded Future
January 22, 2026 – Attack
Can you use too many LOLBins to drop some RATs? Full Text
Abstract
This advisory details a sophisticated attack leveraging Windows' built-in utilities, known as LOLBins (Living Off the Land Binaries), to deploy Remcos and NetSupport Manager, both of which are remote access tools often abused by cybercriminals.Malware Bytes
January 22, 2026 – Vulnerabilities
Cisco fixed actively exploited Unified Communications zero day Full Text
Abstract
Cisco has addressed a critical zero-day vulnerability, CVE-2026-20045, in its Unified Communications products. This flaw allows unauthenticated remote attackers to execute arbitrary commands on affected devices.Security Affairs
January 22, 2026 – Malware
New Android malware uses AI to click on hidden browser ads Full Text
Abstract
A new family of Android click-fraud trojans is leveraging TensorFlow machine learning models to interact with advertisement elements. This malware is distributed through Xiaomi's GetApps store and third-party APK sites.Bleeping Computer
January 21, 2026 – Vulnerabilities
Anthropic quietly fixed flaws in its Git MCP server Full Text
Abstract
Anthropic has addressed critical vulnerabilities in its Git MCP server that could allow remote code execution. These vulnerabilities, identified as CVE-2025-68145, CVE-2025-68143, and CVE-2025-68144, have been fixed in the latest update.The Register
January 21, 2026 – Vulnerabilities
AI framework flaws put enterprise clouds at risk of takeover Full Text
Abstract
Two critical vulnerabilities in the Chainlit AI framework, CVE-2026-22218 and CVE-2026-22219, pose significant risks to enterprise cloud environments. These vulnerabilities could lead to data leaks or full system takeovers.The Register
January 21, 2026 – Vulnerabilities
Vulnerabilities in Rockwell Automation Verve Asset Manager Allow Unauthorized Access to Sensitive Information Full Text
Abstract
Rockwell Automation's Verve Asset Manager has been found to have vulnerabilities that could allow attackers to access sensitive information. These bugs, identified as CVE-2025-14376 and CVE-2025-14377, affect multiple versions of the product.CISA
January 21, 2026 – Attack
Inside a Multi-Stage Windows Malware Campaign Full Text
Abstract
A sophisticated multi-stage malware campaign is targeting Microsoft Windows users, primarily in Russia. The attack leverages social engineering, security control bypass, and ransomware deployment.Fortinet
January 21, 2026 – Phishing
Hackers target Afghan government workers with fake correspondence from senior officials Full Text
Abstract
A phishing campaign has been identified targeting Afghan government employees with emails disguised as official correspondence from the office of the prime minister. The campaign uses a decoy document to deliver malware named FalseCub.The Record
January 21, 2026 – Breach
Everest Ransomware Claims McDonalds India Breach Involving Customer Data Full Text
Abstract
The Everest ransomware group has claimed responsibility for a significant data breach involving McDonald's India. The group alleges to have exfiltrated 861 GB of sensitive data, including customer information and internal company documents.Hack Read
January 20, 2026 – General
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns Full Text
Abstract
Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years.Infosecurity Magazine
January 20, 2026 – Vulnerabilities
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Full Text
Abstract
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.The Hacker News
January 20, 2026 – Criminals
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion Full Text
Abstract
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations. The closure of Tudou is a significant blow to the Southeast Asian scam economy.The Hacker News
January 20, 2026 – Vulnerabilities
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs Full Text
Abstract
A new hardware vulnerability, named StackWarp, has been identified in AMD processors, specifically affecting Zen 1 through Zen 5 models. This flaw allows attackers with privileged control over host servers to execute malicious code within CVMs.The Hacker News
January 20, 2026 – Malware
Fake ad blocker extension crashes the browser for ClickFix attacks Full Text
Abstract
A malicious ad-blocker extension called NexShield has been discovered, targeting Chrome and Edge users through a malvertising campaign. This extension creates a DoS condition by generating infinite connections, leading to browser crashes.Bleeping Computer
January 20, 2026 – Malware
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion Full Text
Abstract
A new strain of malware known as PDFSider has been deployed in ransomware attacks against a Fortune 100 company in the finance sector. Attackers utilized social engineering tactics.ReSecurity
January 20, 2026 – Government
UK govt. warns about ongoing Russian hacktivist group attacks Full Text
Abstract
The UK government has issued a warning about ongoing DDoS attacks by the Russian-aligned hacktivist group NoName057(16), targeting critical infrastructure and local government organizations.Bleeping Computer
January 19, 2026 – Vulnerabilities
Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites – Hackread – Cybersecurity News, Data Breaches, AI, and More Full Text
Abstract
A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.Hack Read
January 19, 2026 – Breach
Ingram Micro admits ransomware raid exposed staff records Full Text
Abstract
Ingram Micro experienced a significant ransomware attack in July 2025, compromising the personal data of over 42,000 employees. The attack, claimed by the ransomware group SafePay, resulted in substantial operational disruptions and data exposure.The Register
January 19, 2026 – Attack
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Full Text
Abstract
The Evelyn Stealer campaign targets software developers by exploiting the Visual Studio Code (VSC) extension ecosystem. This sophisticated attack chain involves a multistage delivery method designed to exfiltrate sensitive information.Trend Micro
January 19, 2026 – Attack
Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi Full Text
Abstract
Anti-regime activists hijacked Iran’s Badr satellite and briefly took control of state TV channels to broadcast messages from Crown Prince Reza Pahlavi, calling for protests against the Islamic Republic.Security Affairs
January 19, 2026 – Breach
StealC hackers hacked as researchers hijack malware control panels Full Text
Abstract
An XSS vulnerability in the StealC malware's control panel has been exploited by researchers to gather intelligence on the malware operators. This flaw allowed researchers to hijack sessions and collect data on the attackers' hardware and location.Bleeping Computer
January 19, 2026 – General
Global tensions are pushing cyber activity toward dangerous territory Full Text
Abstract
The intersection of cybersecurity and geopolitics is becoming increasingly pronounced, with state-sponsored cyber operations being used as tools of political influence and conflict.Help Net Security
January 19, 2026 – Policy and Law
A new European standard outlines security requirements for AI Full Text
Abstract
The European Telecommunications Standards Institute (ETSI) has introduced a new standard, ETSI EN 304 223, to address cybersecurity requirements for AI models and systems. This standard is crucial for security teams working with AI.Help Net Security
January 19, 2026 – General
When the Olympics connect everything, attackers pay attention Full Text
Abstract
The Milan Cortina 2026 Winter Olympic Games present a significant cybersecurity challenge. This includes temporary networks, pop-up systems, and numerous partnerships, all of which create a target-rich environment for cyber threat actors.Help Net Security
January 19, 2026 – Breach
Canadian investment regulator confirms hackers hit 750,000 investors Full Text
Abstract
The Canadian Investment Regulatory Organization (CIRO) has confirmed a data breach affecting approximately 750,000 investors due to a sophisticated phishing attack. CIRO confirmed that login credentials were not at risk during the breach.The Record
January 17, 2026 – APT
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure Full Text
Abstract
A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.The Hacker News
January 17, 2026 – Vulnerabilities
Critical Vulnerability in Festo Firmware Affects Multiple Products Full Text
Abstract
A critical vulnerability has been identified in the firmware of multiple Festo products, affecting a wide range of devices used in critical manufacturing sectors globally. The vulnerability is tracked as CVE-2022-3270.CISA
January 17, 2026 – Vulnerabilities
Bankrupt scooter startup’s single key controlled everything Full Text
Abstract
An Estonian e-scooter company, Äike, which has gone bankrupt, left a significant security flaw in its devices. The scooters were shipped with a default private key that was never individualized, allowing any scooter to be unlocked using the same key.The Register
January 17, 2026 – Botnet
RondoDox botnet exploits critical HPE OneView bug Full Text
Abstract
A critical vulnerability in HPE OneView, identified as CVE-2025-37164, is being exploited at scale by the RondoDox botnet. This remote code execution flaw has a perfect 10 CVSS severity score.The Register
January 17, 2026 – Attack
TamperedChef serves bad ads, with infostealers as the main course Full Text
Abstract
The TamperedChef campaign is a sophisticated malvertising operation leveraging Google Ads to distribute infostealer. This campaign targets users searching for PDF software, redirecting them to malicious sites.Sophos
January 16, 2026 – Vulnerabilities
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads Full Text
Abstract
A critical vulnerability, CVE-2025-68493, has been identified in Apache Struts 2, affecting versions 2.0.0 through 6.1.0. This flaw, discovered by Zast AI, involves unsafe XML parsing in the XWork component, which can lead to system crashes.Hack Read
January 16, 2026 – Breach
Texas behavioral health center warns patients of data breach that leaked SSNs, medical info Full Text
Abstract
Spindletop Center, a behavioral health clinic in Texas, experienced a significant data breach in September 2025. Rhysida ransomware claimed responsibility for the attack, demanding a ransom of 15 bitcoin, equivalent to $1.65 million at the time.CompariTech
January 16, 2026 – Malware
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs Full Text
Abstract
The GhostPoster malware campaign has been active for five years, affecting over 840,000 users through browser extensions on Chrome, Firefox, and Edge. The malware uses hidden payloads within PNG images to evade detection.Hack Read
January 16, 2026 – Phishing
China spies used Maduro capture as lure to phish US agencies Full Text
Abstract
Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.The Register
January 16, 2026 – Vulnerabilities
CISA’s secure-software buying tool had a simple XSS vulnerability of its own Full Text
Abstract
An XSS vulnerability was discovered in CISA's "Software Acquisition Guide: Supplier Response Web Tool." This vulnerability allowed attackers to inject malicious JavaScript into the web page, potentially affecting other users and defacing the website.Cyber Scoop
January 15, 2026 – Ransomware
DeadLock Ransomware Uses Polygon Smart Contracts For Proxy Rotation Full Text
Abstract
DeadLock ransomware has been identified using Polygon blockchain smart contracts to manage and rotate proxy server addresses. The latest samples include an HTML file used to communicate with victims via the Session encrypted messaging platform.Infosecurity Magazine
January 15, 2026 – Criminals
Microsoft seizes RedVDS infrastructure, disrupts fast-growing cybercrime marketplace Full Text
Abstract
Microsoft, in collaboration with international law enforcement, dismantled the RedVDS cybercrime marketplace. This operation has disrupted a significant source of cybercriminal activity, which facilitated widespread fraud and cyberattacks.Cyber Scoop
January 15, 2026 – General
Western cyber agencies warn about threats to industrial operational technology Full Text
Abstract
Western cyber agencies have issued a warning about the growing digital threats to industrial operational technology (OT) systems. These systems are integral to critical infrastructure.The Record
January 15, 2026 – Government
Sources: DHS finalizing replacement for disbanded critical infrastructure security council Full Text
Abstract
The DHS is in the final stages of establishing a new council, the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), to replace the disbanded Critical Infrastructure Partnership Advisory Council (CIPAC).Cyber Scoop
January 15, 2026 – Botnet
Kimwolf botnet’s swift rise to 2M infected devices agitates security researchers Full Text
Abstract
Kimwolf has launched numerous DDoS attacks, frequently targeting Minecraft servers with short bursts lasting one to two minutes, though some attacks have extended for hours, causing widespread service disruption.Cyber Scoop
January 15, 2026 – Attack
CERT-UA reports PLUGGYAPE cyberattacks on defense forces Full Text
Abstract
The PLUGGYAPE malware has been used in cyberattacks targeting Ukraine's defense forces. These attacks are attributed to the Russian-linked group Void Blizzard, also known as Laundry Bear.Security Affairs
January 15, 2026 – General
CISOs flag gaps in third-party risk management Full Text
Abstract
The increasing complexity of vendor ecosystems and the integration of AI in business operations have heightened third-party cyber risks. CISOs are increasingly concerned about the lack of visibility beyond direct vendors.Help Net Security
January 15, 2026 – Vulnerabilities
MongoBleed (CVE-2025-14847): A Critical MongoDB Memory Leak Vulnerability Hidden for 8 Years Full Text
Abstract
MongoBleed (CVE-2025-14847) is a critical memory leak vulnerability in MongoDB that has been hidden for eight years. It allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information.Ahn Lab
January 14, 2026 – Malware
Malicious Chrome Extension Drains Crypto via Secret API Keys Full Text
Abstract
Socket’s Threat Research Team has identified a malicious Google Chrome extension, MEXC API Automator, that quietly hijacks user accounts on the MEXC exchange to steal funds.Security Online
January 14, 2026 – Vulnerabilities
Microsoft releases Windows 10 KB5073724 extended security update Full Text
Abstract
Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates.Bleeping Computer
January 13, 2026 – Vulnerabilities
`
Meta fixes Instagram password reset flaw, denies data breach Full Text
Abstract
Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data.Security Affairs
January 13, 2026 – Hacker
“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network Full Text
Abstract
A new report from Trend Micro details how threat actors are abusing Cloudflare’s free-tier services and TryCloudflare tunneling domains to host malicious WebDAV servers, effectively hiding their command-and-control infrastructure.Security Online
January 13, 2026 – Government
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks Full Text
Abstract
?The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks.Bleeping Computer
January 13, 2026 – Criminals
Facebook login thieves now using browser-in-browser trick Full Text
Abstract
Cybercriminals over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.Bleeping Computer
January 13, 2026 – Policy and Law
Hacker gets seven years for breaching Rotterdam and Antwerp ports Full Text
Abstract
The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 and convicted in 2022 by the Amsterdam District Court.Bleeping Computer
January 13, 2026 – Criminals
Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities Full Text
Abstract
Authorities arrested 34 alleged cybercriminals in Spain, including some leaders of Black Axe, a transnational criminal organization responsible for adversary-in-the-middle scams such as business email compromise, and money laundering.Cyber Scoop
January 12, 2026 – Government
North Korea–linked APT Kimsuky behind quishing attacks, FBI warns Full Text
Abstract
North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns.Security Affairs
January 12, 2026 – Phishing
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors Full Text
Abstract
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.The Hacker News
January 9, 2026 – Vulnerabilities
Cisco Snort 3 Security Flaws Threaten Network Inspection Full Text
Abstract
Two critical flaws in Cisco Snort 3, identified as CVE-2026-20026 and CVE-2026-20027, pose significant risks to network inspection processes. These vulnerabilities allow unauthenticated attackers to disrupt inspection or leak sensitive data.ESecurity Planet
January 9, 2026 – Breach
EEOC experienced security incident involving contractor’s ‘unauthorized’ access, email says Full Text
Abstract
The Equal Employment Opportunity Commission (EEOC) experienced a security incident involving unauthorized access by a contractor's employees. This breach affected the EEOC's Public Portal system.Next Gov
January 9, 2026 – Breach
Chinese hackers targeted email systems of US congressional staff, people familiar say Full Text
Abstract
Chinese state-aligned hacking group, Salt Typhoon, has allegedly targeted the email systems of U.S. congressional staff. This breach is part of a broader pattern of cyber threats against U.S. government entities.Next Gov
January 9, 2026 – Vulnerabilities
Critical RCE Vulnerability in Hitachi Energy Asset Suite Full Text
Abstract
A critical vulnerability has been identified in the Hitachi Energy Asset Suite, specifically within the Jasper Report component. This vulnerability, identified as CVE-2025-10492, allows for remote code execution (RCE) attacks.CISA
January 9, 2026 – Attack
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging Full Text
Abstract
A new campaign, codenamed Boto Cor-de-Rosa, is using WhatsApp to distribute the Astaroth banking trojan across Brazil. This malware targets users by automatically sending malicious messages to their WhatsApp contacts.The Hacker News
January 9, 2026 – Botnet
50,000 Servers Exposed as GoBruteforcer Scales Brute-Force Attacks Full Text
Abstract
The GoBruteforcer botnet is aggressively targeting Linux servers worldwide, exploiting weak and reused credentials to gain access. Over 50,000 servers are at risk due to exposed infrastructure.ESecurity Planet
January 9, 2026 – Malware
GenDigital Research Exposes AuraStealer Infostealer Tactics Full Text
Abstract
AuraStealer is a sophisticated MaaS infostealer targeting Windows systems. It employs advanced evasion techniques and social engineering to steal sensitive data, posing significant risks to both individual users and enterprise environments.ESecurity Planet
January 9, 2026 – Government
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs Full Text
Abstract
The FBI issued a warning regarding Kimsuky that is using malicious QR codes in spearphishing campaigns. These campaigns target U.S. organizations involved in North Korea-related policy, research, and analysis.Bleeping Computer
January 8, 2026 – Malware
Malicious NPM Packages Deliver NodeCordRAT Full Text
Abstract
Zscaler ThreatLabz identified three malicious npm packages in November 2025—bitcoin-main-lib, bitcoin-lib-js, and bip40—that deliver NodeCordRAT, a remote access trojan (RAT) with data-stealing capabilities.ZSCalar
January 8, 2026 – Vulnerabilities
Microsoft: Classic Outlook bug prevents opening encrypted emails Full Text
Abstract
Microsoft is investigating a bug in classic Outlook that prevents recipients from opening encrypted emails with "Encrypt Only" permissions after a recent update. Affected users see a message_v2.rpmsg attachment instead of readable content.Bleeping Computer
January 8, 2026 – Phishing
Misconfigured email routing enables internal-spoofed phishing Full Text
Abstract
Attackers are abusing misconfigured email routing and spoof protections to send phishing emails that appear to be from within an organization. These emails often use themes like HR notices, password resets, and shared documents to deceive recipients.Security Affairs
January 8, 2026 – Breach
Major Data Breach Hits Company Operating 150 Gas Stations in the US Full Text
Abstract
A major data breach has impacted Gulshan Management Services, a Texas-based company operating over 150 gas stations under the Handi Plus and Handi Stop brands. The breach exposed sensitive personal information of more than 377,000 individualsHack Read
January 8, 2026 – Vulnerabilities
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication Full Text
Abstract
Veeam has released patches for multiple vulnerabilities in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability, CVE-2025-59470, with a CVSS score of 9.0.The Hacker News
January 8, 2026 – General
Telecommunications Sector Sees a Four-fold Jump in Ransomware Attacks in last 4 Years: Report Full Text
Abstract
The telecommunications sector experienced a four-fold increase in ransomware attacks over the past 4 years. This sector is a critical component of national infrastructure, making it a prime target for both ransomware groups and nation-state actors.The Cyber Express
January 7, 2026 – Criminals
Cyber Counterintelligence (CCI): When ‘Shiny Objects’ trick ‘Shiny Hunters’ Full Text
Abstract
The cybercriminal group known as "The Com," which includes subgroups like "Shiny Hunters" and "Scattered Lapsus$ Hunters," is involved in significant cybercriminal activities, including data breaches and extortion.ReSecurity
January 7, 2026 – Vulnerabilities
Google fixes critical Dolby Decoder bug in Android January update Full Text
Abstract
A critical vulnerability, CVE-2025-54957, in the Dolby audio decoder has been addressed in the January 2026 Android security update. This flaw affects Dolby DD+ decoders and poses a significant risk to Android devices.Security Affairs
January 7, 2026 – Government
UK government injects £210M into cybersecurity overhaul Full Text
Abstract
The UK Government has announced an investment of £210 million to bolster cybersecurity across its public services. This Government Cyber Action Plan aims to enhance the security of digital public services to the level of critical infrastructure.The Register
January 7, 2026 – General
Taiwan says China’s attacks on its energy sector increased tenfold Full Text
Abstract
The number of cyberattacks on Taiwan's energy sector increased by 1,000% in 2025 compared to 2024, making it the most targeted sector among nine critical infrastructure categories.Bleeping Computer
January 7, 2026 – Vulnerabilities
High-Severity Flaw in Open WebUI Affects AI Connections Full Text
Abstract
A high-severity vulnerability has been identified in Open WebUI, affecting versions 0.6.34 and older. This flaw, with a severity rating of 7.3, poses risks of account takeover and server compromise when the Direct Connections feature is enabled.Infosecurity Magazine
January 7, 2026 – Malware
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users Full Text
Abstract
Two malicious Chrome extensions have been identified, targeting over 900,000 users by exfiltrating conversations from ChatGPT and DeepSeek. These extensions impersonate legitimate ones and request permissions to collect anonymized data.The Hacker News
January 7, 2026 – Vulnerabilities
Columbia Weather Systems MicroServer Vulnerabilities Allow Unauthorized Access Full Text
Abstract
The Columbia Weather Systems MicroServer is affected by multiple vulnerabilities that could allow attackers to redirect SSH connections, gain admin access to the web portal, and obtain limited shell access.CISA
January 7, 2026 – Vulnerabilities
New D-Link flaw in legacy DSL routers actively exploited in attacks Full Text
Abstract
A critical command injection vulnerability, identified as CVE-2026-0625, has been discovered in legacy D-Link DSL routers. This flaw allows unauthenticated attackers to execute arbitrary commands remotely.Bleeping Computer
January 6, 2026 – Malware
VVS Stealer Uses Advanced Obfuscation to Target Discord Users Full Text
Abstract
VVS Stealer is a Python-based malware targeting Discord users, employing advanced obfuscation techniques to extract sensitive data. It primarily focuses on stealing Discord tokens and browser information.Infosecurity Magazine
January 6, 2026 – Vulnerabilities
VSCode IDE forks expose users to “recommended extension” attacks Full Text
Abstract
AI-powered IDEs forked from Microsoft VSCode, such as Cursor, Windsurf, Google Antigravity, and Trae, are vulnerable to "recommended extension" attacks. These IDEs recommend extensions that are not present in the OpenVSX registry.Bleeping Computer
January 6, 2026 – Breach
California urgent care clinic notifies patients of data breach that compromised SSNs, medical info Full Text
Abstract
Pulse Urgent Care Center in Redding, California, experienced a data breach in March 2025, compromising sensitive patient information, including Social Security numbers, driver's license numbers, medical information, and health insurance details.CompariTech
January 6, 2026 – Vulnerabilities
Researchers Warn of Data Exposure Risks in Claude Chrome Extension Full Text
Abstract
The Claude Chrome extension, developed by Anthropic, poses significant data exposure risks. This extension allows AI to browse and interact with websites on behalf of users, potentially bypassing traditional web security measures.Hack Read
January 6, 2026 – Vulnerabilities
SlowMist Flags Potential Security Risk at HitBTC Exchange Full Text
Abstract
A critical security vulnerability has been identified at the HitBTC Exchange by the blockchain security researchers. Despite attempts to responsibly disclose the issue, HitBTC has not responded.The Cyber Express
January 6, 2026 – Attack
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government Full Text
Abstract
UAC-0184 has been targeting Ukrainian military and government entities using the Viber messaging platform. The attack involves distributing malicious ZIP archives containing LNK files disguised as Microsoft Word and Excel documents.The Hacker News
January 6, 2026 – Breach
Crimson Collective Claims Breach of U.S. Fiber Broadband Provider Brightspeed Full Text
Abstract
The hacking group Crimson Collective has claimed responsibility for a significant data breach involving the U.S. fiber broadband provider Brightspeed. The breach reportedly affects over a million residential customers.The Cyber Express
January 6, 2026 – Attack
Cloud file-sharing sites targeted for corporate data theft attacks Full Text
Abstract
A threat actor known as Zestix is actively selling corporate data stolen from cloud file-sharing services such as ShareFile, Nextcloud, and OwnCloud. The data theft is facilitated by info-stealing malware like RedLine, Lumma, and Vidar.Bleeping Computer
January 6, 2026 – Attack
Russian hackers target European hospitality industry with ‘blue screen of death’ malware Full Text
Abstract
A sophisticated malware campaign, attributed to Russian cybercriminals, is targeting the European hospitality industry. The attack uses a fake "Blue Screen of Death" to deceive victims into downloading the DCRat malware.The Record
January 5, 2026 – Phishing
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign Full Text
Abstract
Cybercriminals are abusing Google Cloud's Application Integration service to conduct a sophisticated phishing campaign. The attackers use the email address "noreply-application-integration@google[.]com" to send phishing emails that appear legitimate.The Hacker News
January 5, 2026 – Vulnerabilities
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass Full Text
Abstract
Over 10,000 Fortinet firewalls are currently exposed to a critical two-factor authentication (2FA) bypass vulnerability, CVE-2020-12812. This flaw allows attackers to log in without the second factor of authentication by altering the username's case.Bleeping Computer
January 5, 2026 – Breach
Cryptocurrency theft attacks traced to 2022 LastPass breach Full Text
Abstract
Ongoing cryptocurrency thefts have been traced back to the 2022 LastPass breach, where attackers stole encrypted vaults containing cryptocurrency wallet private keys and seed phrases.Bleeping Computer
January 5, 2026 – Criminals
Cybercrook claims to sell critical info about utilities Full Text
Abstract
A cybercriminal claims to have breached Pickett and Associates and is selling 139 GB of sensitive engineering data related to three major US utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.The Register
January 5, 2026 – Breach
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary Full Text
Abstract
Sedgwick Government Solutions, a subsidiary of Sedgwick, experienced a cybersecurity incident involving the TridentLocker ransomware gang, which claimed to have stolen 3.4 gigabytes of data.The Record
January 5, 2026 – Breach
Latest Oracle EBS Victims Include Korean Air, University of Phoenix Full Text
Abstract
The CL0P ransomware group has targeted Oracle EBS vulnerabilities, affecting organizations such as Korean Air and the University of Phoenix. The University of Phoenix reported a breach compromising personal data of nearly 3.5 million individuals.The Cyber Express