IT Security News Daily Summary 2026-01-20

170 posts were published in the last hour

• 22:37 : PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion
• 21:12 : UStrive security lapse exposed personal data of its users, including children
• 21:12 : Trump administration admits DOGE may have misused Americans’ Social Security data
• 21:12 : VoidLink Represents the Future of AI-Developed Malware: Check Point
• 20:36 : Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact
• 20:36 : Access broker caught: Jordanian pleads guilty to hacking 50 companies
• 20:36 : NDSS 2025 – Studying the Defensive Registration Practices of the Fortune 500
• 20:7 : New iOS and iPadOS Flaws Leave Millions of iPhones at Risk
• 20:7 : EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China
• 20:6 : Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
• 20:5 : IT Security News Hourly Summary 2026-01-20 21h : 8 posts
• 19:34 : ICE Details a New Minnesota-Based Detention Network That Spans 5 States
• 19:34 : The Zero Risk Trap: How to Ditch Perfection and Prioritize Real Cyber Resilience
• 19:10 : Docker Hardened Images for Container Security
• 19:10 : Google Gemini Flaw Let Attackers Access Private Calendar Data
• 19:10 : Remember VoidLink, the cloud-targeting Linux malware? An AI agent wrote it
• 19:10 : The Data Center Is Secure, But Your Users Are Not
• 19:9 : Four priorities for AI-powered identity and network access security in 2026
• 19:9 : North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
• 18:32 : Geopolitical Conflict Is Increasing the Risk of Cyber Disruption
• 18:31 : Vulnerability Summary for the Week of January 12, 2026
• 18:5 : ClickFix to CrashFix: KongTuke Used Fake Chrome Ad Blocker to Install ModeloRAT
• 18:5 : LayerX Links GhostPoster to 17 Extensions and 840K Downloads
• 18:5 : Why Smart Contract Security Can’t Wait for “Better” AI Models
• 17:39 : DNS OverDoS: Are Private Endpoints Too Private?
• 17:39 : Schneider Electric devices using CODESYS Runtime
• 17:38 : Rockwell Automation Verve Asset Manager
• 17:38 : Schneider Electric EcoStruxure Foxboro DCS
• 17:38 : New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access
• 17:38 : WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol
• 17:38 : Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram
• 17:38 : Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India
• 17:38 : Fight for the Future, EFF, Others Push Back Against Growing ICE Surveillance
• 17:38 : Cybersecurity in the Age of AIOps: Proactive Defense Strategies for IT Leaders
• 17:9 : EU Launches GCVE to Track Vulnerabilities Without Relying on US
• 17:9 : Use the CIA triad to shape security automation use cases
• 17:5 : IT Security News Hourly Summary 2026-01-20 18h : 5 posts
• 16:35 : Facebook tech support scams on the rise: How cybercriminals are turning your feed into a trap
• 16:35 : Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
• 16:35 : Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps
• 16:35 : CEOs and CISOs differ on AI’s security value and risks
• 16:35 : UK authorities warn of pro-Russia groups targeting critical infrastructure, local government
• 16:4 : Facebook tech support scams on the rise: How cybercriminals ere turning your feed into a trap
• 16:3 : Secure Your Business Traffic With Military-Grade VPN for Only $20
• 16:3 : Unbreakable? Researchers warn quantum computers have serious security flaws
• 16:3 : Apache Airflow Vulnerabilities Enables Expose of Sensitive Data
• 16:3 : WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks
• 16:3 : NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services
• 16:3 : New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale
• 16:3 : Ingram Micro Reveals Impact of Ransomware Attack on Employee Records
• 16:3 : Google Gemini Calendar Flaw Allows Meeting Invites to Leak Private Data
• 15:32 : Sprocket Security Appoints Eric Sheridan as Chief Technology Officer
• 15:32 : Prompt Injection Bugs Found in Official Anthropic Git MCP Server
• 15:32 : Cyber Briefing: 2026.01.20
• 15:5 : New Windows Flaw Lets Attackers Bypass Mark of the Web
• 15:5 : Fake extension crashes browsers to trick users into infecting themselves
• 15:5 : Exploiting Google Gemini to Abuse Calendar Invites Illustrates AI Threats
• 15:5 : Ping Identity launches Universal Services for ongoing identity assurance
• 15:5 : HackerOne extends Safe Harbor protections to AI testing
• 14:39 : Inside a Multi-Stage Windows Malware Campaign
• 14:39 : Chainlit Vulnerabilities May Leak Sensitive Information
• 14:39 : When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
• 14:38 : Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
• 14:38 : Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
• 14:38 : Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
• 14:38 : Grubhub Confirms New Data Breach Incident
• 14:38 : Japanese Nuclear Regulator Loses Phone in China
• 14:38 : Eurail Breach Exposes Passenger Info
• 14:38 : Jordanian Man Admits Selling Network Access
• 14:38 : Ghana Arrests Nigerians Over Cybercrime
• 14:15 : LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams
• 14:14 : AI framework flaws put enterprise clouds at risk of takeover
• 14:14 : Cisco Secure Email Appliance RCE Exploited in Attacks
• 14:14 : AWS Console Supply Chain Flaw Could Have Enabled GitHub Repo Hijacks
• 14:14 : Raaga Data Breach Exposes 10.2 Million User Records
• 14:14 : Open Source Firewall OPNsense 25.7.11 Released With Host Discovery Service
• 14:14 : TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature
• 14:14 : Could ChatGPT Convince You to Buy Something?
• 14:14 : Resecurity Breach Claims Exposed as Honeypot Deception
• 14:14 : Generative AI for Cybersecurity and Privacy
• 14:14 : RedHunt-OS
• 14:5 : IT Security News Hourly Summary 2026-01-20 15h : 14 posts
• 13:37 : Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info
• 13:37 : Apache Airflow Flaws Expose Sensitive Workflow Data to Potential Attackers
• 13:37 : Gootloader Malware With Low Detection Rate Evades Most Security Tools
• 13:37 : Raaga Confirms Major Data Breach Exposing Personal Information of 10.2Million Users
• 13:37 : Initial access broker pleads guilty to selling access to 50 corporate networks
• 13:37 : Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
• 13:37 : The Hidden Risk of Orphan Accounts
• 13:37 : Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
• 13:37 : Police Bust Thai Based Voice Phishing Ring
• 13:13 : RansomHouse Claims Data Breach at Major Apple Contractor Luxshare
• 13:13 : Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution
• 13:12 : NCSC Warns of Increased Russian Hacktivist Threat to UK Online Services
• 13:12 : For the price of Netflix, crooks can now rent AI to run cybercrime
• 13:12 : Endace pushes packet capture into real-time security workflows
• 12:34 : WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol
• 12:34 : New Study Finds GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale
• 12:34 : OPNsense 25.7.11 Enhances Network Visibility With Host Discovery Feature
• 12:34 : Spear-Phishing Campaign Abuses Argentine Federal Court Rulings to Deliver Covert RAT
• 12:34 : Google will pay $8.25m to settle child data-tracking allegations
• 12:34 : APT-Grade PDFSider Malware Used by Ransomware Groups
• 12:34 : AI Supercharges Attacks in Cybercrime’s New ‘Fifth Wave’
• 12:9 : VoidLink Rewrites Rootkit Playbook with Server-Side Kernel Compilation and AI-Assisted Code
• 12:9 : Radware targets API blind spots with real-time lifecycle protection
• 12:9 : Why Secrets in JavaScript Bundles are Still Being Missed
• 12:9 : Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
• 11:34 : Sophos expands security stack to govern apps, data, and AI in hybrid work
• 11:7 : Nvidia Suppliers Halt Production After China Blocks Shipments
• 11:7 : Weaponized Invite Enabled Calendar Data Theft via Google Gemini
• 11:6 : Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
• 11:5 : IT Security News Hourly Summary 2026-01-20 12h : 8 posts
• 10:32 : Police Say Private Jet Necessary For Influencer Extradition
• 10:32 : Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions
• 10:32 : Let’s Encrypt rolls out 6-day and IP-based certificates
• 10:7 : Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th)
• 10:7 : Guernsey Seizes £8m In Assets Of Crypto Fugitive Ignatova
• 10:7 : Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data
• 10:7 : Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste
• 10:7 : Scam Marketplace Tudou Guarantee Shutters Telegram Ops
• 9:36 : OpenAI Brings Adverts To ChatGPT
• 9:36 : Critical WordPress Plugin Vulnerability Exposes 100,000+ Websites to Privilege Escalation Attacks
• 9:36 : VoidLink Signals the Start of a New Era in AI-Generated Malware
• 9:36 : UK NCSC warns of Russia-linked hacktivists DDoS attacks
• 9:36 : One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security
• 9:9 : Google Appeals Landmark Antitrust Ruling
• 9:9 : VoidLink Debuts AI-Assisted, Server-Side Kernel Compilation Rootkit Technique
• 8:32 : Labour MPs Call For PM To Back Social Media Ban
• 8:32 : TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
• 8:32 : Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef
• 8:32 : WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
• 8:32 : Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
• 8:32 : Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
• 8:32 : Gemini prompt injection flaw exposes calendar info, hacker admits to Supreme Court data leak, researchers uncover PDFSIDER malware
• 8:9 : Hundreds In Cornwall Still Without Internet After Storm Goretti
• 8:5 : IT Security News Hourly Summary 2026-01-20 09h : 5 posts
• 7:32 : Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
• 7:31 : Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access
• 7:31 : What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices
• 7:5 : When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack
• 7:5 : Confusion and fear send people to Reddit for cybersecurity advice
• 6:34 : SolyxImmortal Malware Abuses Discord to Quietly Harvest Sensitive Information
• 6:34 : WhisperPair Vulnerability Allows Attackers to Pair Devices Without User Consent
• 6:7 : Product showcase: PrivacyHawk for iOS helps users track and remove personal data from data brokers
• 5:32 : Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges
• 5:32 : Apache bRPC Vulnerability Enables Remote Command Injection
• 5:32 : ChatGPT Go Launched for $8 USD/month With Support for Ads and Privacy Risks
• 5:32 : Privacy teams feel the strain as AI, breaches, and budgets collide
• 5:16 : Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host
• 5:16 : Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
• 5:16 : Google Gemini Flaw Allows Access to Private Meeting Details Through Calendar Events
• 5:15 : Akamai CEO wants help to defeat piracy, reckons he can handle edge AI alone
• 5:15 : SAML vs OIDC: Choosing the Right Protocol for Modern Single Sign-On
• 5:15 : Just-in-Time (JIT) Provisioning: How Automated User Provisioning Works in SSO
• 5:15 : Cybersecurity jobs available right now: January 20, 2026
• 5:5 : IT Security News Hourly Summary 2026-01-20 06h : 1 posts
• 4:36 : Researchers Exploit Flaw in StealC Malware Panel to Monitor Cybercriminals
• 3:36 : 2026-01-14: Lumma Stealer infection with follow-up malware
• 3:36 : 2026-01-15: XLoader (Formbook) infection
• 3:36 : 2026-01-19: Six days of scans and probes and web traffic hitting my web server
• 3:36 : Google Gemini Privacy Controls Bypassed to Access Private Meeting Data Using Calendar Invite
• 2:5 : IT Security News Hourly Summary 2026-01-20 03h : 2 posts
• 2:2 : ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th)
• 1:34 : Department of Know: Easterly helms RSAC, Third party apps report, Self-poisoning AI
• 0:36 : Granular Policy Enforcement for Decentralized Model Context Resources
• 23:38 : Flare Research: Phishing Kits Now Operate Like SaaS Platforms
• 23:38 : Remcos RAT Masquerade as VeraCrypt Installers Steals Users Login Credentials
• 23:11 : AI-Powered Phishing Makes Human Risk Management Critical
• 23:5 : IT Security News Hourly Summary 2026-01-20 00h : 1 posts
• 22:55 : IT Security News Daily Summary 2026-01-19