Researchers found access control flaws in Cal.com that could enable account takeover and expose sensitive booking data across organizations. The post Cal.com Access Control Flaws Expose Millions of Bookings appeared first on eSecurity Planet. This article has been indexed from…
Category: EN
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc. This article has been indexed from Securelist…
Microsoft Office zero-day lets malicious documents slip past security checks
Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks. This article has been indexed from Malwarebytes Read the original article: Microsoft Office zero-day lets malicious documents slip past security…
LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’
An LLMjacking operation has been targeting exposed LLMs and MCPs at scale, for commercial monetization. The post LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’ appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: LLMs…
Cyber Briefing: 2026.01.29
Scam warnings rise after disasters as phishing spreads, RCE flaws emerge, banks and schools face attacks, grid threats surface, and platforms boost security. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.29
Microsoft releases update to address zero-day vulnerability in Microsoft Office
Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. This article has been indexed from Cisco Talos Blog Read…
This startup aims to solve crypto’s broken key management problem
Crypto security firm Sodot launches Exchange API Vault to stop API key theft, securing billions in assets while supporting low latency, high frequency trading. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read…
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor,…
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for “mac cleaner,” displaying trusted domains such as docs.google.com…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems
Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and…
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by eliminating complex setup procedures and dependency…
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated…
ShinyHunters swipes right on 10M records in alleged dating app data grab
Extortion crew says it’s found love in someone else’s info as Match Group plays down the impact ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a…
Apple’s new iPhone and iPad security feature limits cell networks from collecting precise location data
The new security feature makes it more difficult for police and malicious hackers to obtain a person’s precise location data from a cell phone company. This article has been indexed from Security News | TechCrunch Read the original article: Apple’s…
Clawdbot’s rename to Moltbot sparks impersonation campaign
This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral. This article has been indexed from Malwarebytes Read the original article: Clawdbot’s rename to Moltbot sparks impersonation campaign
N8n Vulnerabilities Could Lead to Remote Code Execution
The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Anthropic Cracks Down on Claude Code Spoofing, Tightens Access for Rivals and Third-Party Tools
Anthropic has rolled out a new set of technical controls aimed at stopping third-party applications from impersonating its official coding client, Claude Code, to gain cheaper access and higher usage limits to Claude AI models. The move has directly…
Cyberattack Paralyzes Russia’s Delta Security Systems
A massive cyberattack was launched against Delta, a leading Russian smart alarm system supplier for residential, commercial, and automotive use, on 26 January 2026, causing widespread operational disruptions across the country. The attack crippled Delta’s information technology systems, bringing…
Researchers Uncover Pakistan-Linked Cyber Activity Targeting India
A familiar, uneasy brink appears to be looming between India and Pakistan once again, where geopolitical tension spills over borders into less visible spheres and risks spilling over into more obscure regions. As the war intensified in May 2025,…
SK hynix Launches New AI Company as Data Center Demand Drives Growth
A surge in demand for data center hardware has lifted SK hynix into stronger market standing, thanks to limited availability of crucial AI chips. Though rooted in memory production, the company now pushes further – launching a dedicated arm…