More than 60 Labour MPs call on Sir Keir Starmer to back social media restrictions for under-16s, following Australia’s lead This article has been indexed from Silicon UK Read the original article: Labour MPs Call For PM To Back Social…
TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
TP-Link has disclosed a high-severity authentication bypass vulnerability affecting its VIGI security camera lineup, allowing attackers on local networks to reset administrator passwords without verification. The flaw lies in the password recovery feature of the local web interface, which is exploited via client-side state…
Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef
A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users…
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent. Security researchers from KU Leuven have uncovered a vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair, that…
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system…
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public…
Gemini prompt injection flaw exposes calendar info, hacker admits to Supreme Court data leak, researchers uncover PDFSIDER malware
Gemini prompt injection flaw exposes calendar info Hacker admits to leaking stolen Supreme Court data Researchers uncover PDFSIDER malware Huge thanks to our sponsor, Dropzone AI It’s 2 AM. An alert fires. Possible data exfiltration. Your on-call analyst is three…
Hundreds In Cornwall Still Without Internet After Storm Goretti
Openreach acknowledges that while power, water have been restored in Cornwall, some 900 are still without broadband internet This article has been indexed from Silicon UK Read the original article: Hundreds In Cornwall Still Without Internet After Storm Goretti
IT Security News Hourly Summary 2026-01-20 09h : 5 posts
5 posts were published in the last hour 7:32 : Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds 7:31 : Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access 7:31 : What’s On the Tube Or…
Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
CloudSEK’s STRIKE team has uncovered a sophisticated cryptocurrency theft operation orchestrated by the threat actor “RedLineCyber,” who deliberately impersonates the notorious RedLine Solutions to establish credibility within underground communities. Rather than collecting comprehensive system data, the malware employs a highly…
Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access
Pulsar RAT has emerged as a sophisticated derivative of the open-source Quasar RAT, introducing dangerous enhancements that enable attackers to maintain invisible remote access through advanced evasion techniques. This modular Windows-focused remote administration tool represents a significant evolution in threat…
What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices
Kimwolf botnet exploits smart gadgets for DDoS attacks, highlighting security lapses in device protection and supply chains. The post What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices appeared first on Security Boulevard.…
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack
In late 2025 and early 2026, one of the world’s most advanced scientific organizations, the European Space Agency (ESA), faced a string of cyberattacks that exposed severe weaknesses in its cybersecurity posture. Hackers stole hundreds of gigabytes of data. Among…
Confusion and fear send people to Reddit for cybersecurity advice
A strange charge appears on a bank account. An email claims a package is on the way. A social media account stops accepting a password that worked yesterday. When these moments hit, many people do the same thing. They open…
SolyxImmortal Malware Abuses Discord to Quietly Harvest Sensitive Information
A newly discovered information-stealing malware, SolyxImmortal, has emerged as a persistent surveillance threat targeting Windows users. Distributed through underground Telegram channels, this Python-based implant combines credential theft, document harvesting, keystroke logging, and screen capture capabilities into a continuously running surveillance…
WhisperPair Vulnerability Allows Attackers to Pair Devices Without User Consent
Google’s Fast Pair technology has revolutionised Bluetooth connectivity, enabling seamless one-tap pairing across supported accessories and account synchronisation for millions of users. However, a critical vulnerability discovered in flagship audio accessories threatens the security of hundreds of millions of devices. Attribute Details …
Product showcase: PrivacyHawk for iOS helps users track and remove personal data from data brokers
Every interaction online, from signing up for a newsletter to making a purchase, leaves a trace. These traces are collected by data brokers and resold to advertisers, analytics firms, or, in some cases, criminals on the dark web. As personal…
Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges
AVEVA has disclosed seven critical and high-severity vulnerabilities in its Process Optimization software (formerly ROMeo) that could enable attackers to execute remote code with SYSTEM privileges and completely compromise industrial control systems. The security bulletin, published on January 13, 2026,…
Apache bRPC Vulnerability Enables Remote Command Injection
A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms.…
ChatGPT Go Launched for $8 USD/month With Support for Ads and Privacy Risks
OpenAI’s global rollout of its budget-friendly ChatGPT Go subscription at $8 USD monthly introduces significant data privacy and security considerations for cybersecurity professionals monitoring AI platform access controls. The tiered pricing structure, which includes an ad-supported model for free and…
Privacy teams feel the strain as AI, breaches, and budgets collide
Privacy programs are under strain as organizations manage breach risk, new technology, and limited resources. A global study from ISACA shows that AI is gaining ground in privacy work, with use shaped by governance, funding, and how consistently privacy is…
Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely…
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered…
Google Gemini Flaw Allows Access to Private Meeting Details Through Calendar Events
A harmless-looking Google Calendar invite has revealed a new frontier in the exploitation of artificial intelligence (AI). Security researchers at Miggo discovered a vulnerability in Google Gemini’s integration with Google Calendar that allowed attackers to bypass privacy controls and exfiltrate sensitive…