A new powerful method to detect and trace attacker infrastructure using JA3 fingerprinting, a technique that identifies malicious tools through network communication patterns. While many security teams considered JA3 fingerprints outdated after fingerprint lists remained largely unchanged since 2021, fresh…
Author: IT Security News Bot
Obsidian Security Extends Reach to SaaS Application Integrations
Obsidian Security today announced that it has extended the reach of its platform for protecting software-as-a-service (SaaS) applications to include any integrations. Additionally, the company is now making it possible to limit which specific end users of a SaaS application…
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all…
IT Security News Hourly Summary 2026-01-22 18h : 8 posts
8 posts were published in the last hour 16:32 : Critical SmarterMail vulnerability under attack, no CVE yet 16:32 : FortiGate firewalls hit by silent SSO intrusions and config theft 16:32 : The Upside Down is Real: What Stranger Things…
Critical SmarterMail vulnerability under attack, no CVE yet
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The…
FortiGate firewalls hit by silent SSO intrusions and config theft
Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who’ve figured out how to sidestep SSO protections and grab sensitive settings right out of the box.… This article…
The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity
What’s strange but quickly starting to set in is that season five was the final season of the beloved Stranger Things series on Netflix. The show has captivated audiences by pitting its plucky protagonists against an “Upside Down” world of…
Web Bot Auth: Verifying User Identity & Ensuring Agent Trust Through the Customer Journey
DataDome Bot Protect supports Web Bot Auth, enabling cryptographic verification of AI agents to eliminate fraud risk while maintaining business continuity. The post Web Bot Auth: Verifying User Identity & Ensuring Agent Trust Through the Customer Journey appeared first on…
We’ve Reached the “Customers Want Security” Stage, and AI Is Listening
I’ve seen this movie before. That’s why a recent LinkedIn post by Ilya Kabanov stopped me mid-doomscroll. Kabanov described how frontier AI companies are quietly but decisively shifting into cybersecurity. They are not joining as partners or tacking on features.…
Under Armour Ransomware Attack Exposes 72M Email Addresses
Many records also contained additional personal information such as names, dates of birth, genders, geographic locations, and purchase information. The post Under Armour Ransomware Attack Exposes 72M Email Addresses appeared first on TechRepublic. This article has been indexed from Security…
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Appsmith Flaw Enables Account Takeovers
IT teams aren’t equipped to stop rogue AI agents
Autonomous systems represent an attack surface existing cybersecurity services models aren’t designed to protect. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: IT teams aren’t equipped to stop rogue AI agents
Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online
TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user’s approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach. This article has been indexed from Security…
Keeper Introduces Instant Account Switching and Passkey Improvements
Keeper Security has announced instant account switching and passkey enhancements across its mobile applications and browser extension. This update is said to be available across all major web browsers including iOS, Android and the Keeper Browser Extension. The instant account…
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
A team of researchers from the Graz University of Technology in Austria has revived page Linux page cache attacks. The post Old Attack, New Speed: Researchers Optimize Page Cache Exploits appeared first on SecurityWeek. This article has been indexed from…
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What…
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites This article has been indexed from www.infosecurity-magazine.com Read the original article: RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Cyber Briefing: 2026.01.22
Critical camera and WordPress takeovers, FortiGate attack surges, major public sector breaches, supply-chain ransomware, auto zero-days, and arrests. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.22
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the…