The Node.js project has released critical security updates addressing multiple vulnerabilities affecting all active release lines. On January 13, 2026, the Node.js team announced patches for versions 20.x, 22.x, 24.x, and 25.x, tackling three high-severity issues, four medium-severity issues, and…
Microsoft Desktop Window Manager Zero-Day Exploited in Active Attacks
Microsoft has disclosed a critical information disclosure vulnerability in the Desktop Window Manager that threat actors are actively exploiting. The vulnerability, tracked as CVE-2026-20805, was publicly released on January 13, 2026, and allows authenticated local attackers to access sensitive information…
Charity-Themed Malware Used by Threat Actors to Target Ukraine’s Defense Forces
Ukrainian cybersecurity authorities have uncovered a sustained, targeted campaign against Ukraine’s defense forces, orchestrated by Russian-affiliated threat actors that disguise malware distribution as charitable donation requests. Between October and December 2025, the National Cyber Incident Response Team of Ukraine (CERT-UA)…
Node.js Releases Critical Updates to Fix Major Vulnerabilities
The Node.js project has officially released a suite of security patches to address several vulnerabilities identified across its… The post Node.js Releases Critical Updates to Fix Major Vulnerabilities appeared first on Hackers Online Club. This article has been indexed from…
Anthropic finds $1.5 million to help Python Foundation improve security
AI upstart also upscales its Labs to find the next frontier The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem.……
Firmware scanning time, cost, and where teams run EMBA
Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the…
An AI-Driven Game-Theoretic Approach to Attack and Defense
A new research effort from Alias Robotics and Johannes Kepler University Linz proposes a game-theoretic “brain” for cybersecurity AI, aiming to push automated penetration testing and defense planning beyond human-level performance. The work introduces Generative Cut-the-Rope (G-CTR), a guidance layer…
Product showcase: Orbot – Tor VPN for iOS
Orbot for iOS is a free, open-source networking tool that routes supported app traffic through the Tor network. Developed by the Guardian Project, it is intended for users who want to reduce tracking and limit network-level monitoring on iPhone and…
How AI image tools can be tricked into making political propaganda
A single image can shift public opinion faster than a long post. Text to image systems can be pushed to create misleading political visuals, even when safety filters are in place, according to a new study. The researchers examined whether…
FortiOS and FortiSwitchManager Flaw Allows Remote Code Execution
A high heap-based buffer overflow vulnerability in the cw_acd daemon component of Fortinet’s FortiOS and FortiSwitchManager has been disclosed, enabling remote unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-25249, carries a high CVSS v3.1…
Lumo expands its Lumo AI assistant with encrypted, project-based workspaces
Lumo is Proton’s AI assistant, built with a focus on privacy and user control. It runs on Proton’s infrastructure and is designed so conversations are not used to train models or retained beyond what is required to provide the service.…
HPE Open View Vulnerability Hits CISA Known Exploited List
Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active…
Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days
Microsoft has released its January 2026 Patch Tuesday security updates, addressing 114 vulnerabilities across Windows, Office, and other products. The update includes three actively exploited zero-day vulnerabilities and 12 critical-severity flaws that require immediate attention from system administrators. The January…
New Magecart Campaign Steals Credit Card Details During Online Checkouts
Cybersecurity researchers at Silent Push Preemptive Cyber Defense have uncovered an extensive and sophisticated web-skimming campaign that has been actively stealing credit card data from e-commerce websites since at least January 2022. The ongoing operation, operating under the umbrella term…
IT Security News Hourly Summary 2026-01-14 06h : 1 posts
1 posts were published in the last hour 4:34 : Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to…
Instagram denies breach, Sweden detains spying suspect, n8n attack steals OAuth tokens
Instagram denies breach post-data leak Sweden detains consultant suspected of spying n8n supply chain attack steals OAuth tokens Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show…
ISC Stormcast For Wednesday, January 14th, 2026 https://isc.sans.edu/podcastdetail/9766, (Wed, Jan 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, January 14th, 2026…
IT Security News Hourly Summary 2026-01-14 03h : 1 posts
1 posts were published in the last hour 2:4 : AI Scraping in Mobile Apps: How It Works and How to Stop It
AI Scraping in Mobile Apps: How It Works and How to Stop It
For years, scraping was treated as a web problem. The post AI Scraping in Mobile Apps: How It Works and How to Stop It appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.… This article has been indexed from The Register – Security Read the original article: Windows info-disclosure 0-day…
AZ Monica hospital in Belgium shuts down servers after cyberattack
A cyberattack hit AZ Monica hospital in Belgium, forcing it to shut down servers, cancel procedures, and transfer critical patients. A cyberattack forced Belgian hospital AZ Monica to shut down all servers, cancel scheduled procedures, and transfer critical patients. AZ…
Wine 11 brings major architectural work, synchronization changes, 600+ bug fixes
Wine, originally short for “Wine Is Not an Emulator,” is a compatibility layer that allows Windows applications to run natively on POSIX-compliant operating systems, including Linux, macOS, and BSD. Rather than running a full copy of Windows or simulating its…
IT Security News Hourly Summary 2026-01-14 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-01-13