Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts. The post Fortinet Patches Exploited FortiCloud SSO Authentication Bypass appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Category: EN
Indurex Emerges From Stealth to Close Security Gap in Cyber-Physical Systems
Indurex was founded by Jalal Bouhdada, who previously led industrial cybersecurity company Applied Risk. The post Indurex Emerges From Stealth to Close Security Gap in Cyber-Physical Systems appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
WhatsApp rolls out new security feature to protect users from sophisticated attacks
To add an extra layer of protection to its end-to-end encryption, WhatsApp has begun rolling out a new privacy and security feature called Strict Account Settings. It is designed to help users protect their accounts from sophisticated cyberattacks. “We think…
Pondurance RansomSnare blocks file encryption and data exfiltration
Pondurance launched RansomSnare, a new module for its MDR service that halts ransomware attacks at the moment the malicious process attempts to encrypt files and prevents threat actors from exfiltrating sensitive data. RansomSnare is a next-generation ransomware prevention capability that…
US cyber chief uploaded sensitive files into public ChatGPT, Vibe-coded ‘Sicarii’ ransomware can’t be decrypted, WhatsApp account feature combats spyware
US cyber chief uploaded sensitive files into public ChatGPT Vibe-coded ‘Sicarii’ ransomware can’t be decrypted WhatsApp account feature combats spyware Huge thanks to our episode sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever…
Report Of High-Level UK China Hack Questioned
Commentators question Telegraph report that China-backed hacking group targeted mobile phones of senior UK officials for several years This article has been indexed from Silicon UK Read the original article: Report Of High-Level UK China Hack Questioned
Critical OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code
OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing…
Fortinet Disables FortiCloud SSO Following 0-day Vulnerability Exploited in the Wild
Fortinet temporarily disabled its FortiCloud Single Sign-On (SSO) service after confirming active exploitation of a zero-day authentication bypass vulnerability in multiple products. The issue, tracked as FG-IR-26-060, allows attackers with a malicious FortiCloud account to log into devices registered to…
16 Malicious Chrome Extensions as ChatGPT Enhancements Steals ChatGPT Logins
Researchers have uncovered a significant security threat targeting ChatGPT users through deceptive browser extensions. A coordinated campaign involving 16 malicious Chrome extensions has been discovered, all designed to appear as legitimate productivity tools and ChatGPT enhancement applications. These malware extensions…
HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer
The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe. Recent security research has revealed that this advanced hacker collective is actively upgrading its digital…
WhatsApp New Strict Account Settings Option to Protect Your Account from Hackers
WhatsApp has introduced Strict Account Settings, a lockdown-style security feature designed to protect users from highly sophisticated cyber-attacks. The new privacy feature is specifically tailored for individuals who may be targets of advanced threats, including journalists, activists, and public figures…
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm. The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint—where encryption offers no protection. The post Another Credential Leak, Another Dollar appeared first on Security Boulevard. This article has been…
Android just got smarter at stopping snatch-and-run phone thefts
Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android 16 and later. One update builds on Failed Authentication Lock, a feature introduced in…
WhatsApp Introduces High-Security Mode for Users Facing Advanced Threats
WhatsApp has announced a new optional security feature aimed at users who face a higher risk of targeted cyberattacks. The mode, called Strict Account Settings, adds an extra layer of protection by […] Thank you for being a Ghacks reader.…
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that are often…
Google Warns of WinRAR Vulnerability Exploited to Gain Control Over Windows System
A critical security flaw in WinRAR, one of the most widely used file compression tools for Windows, has become a favorite weapon for attackers seeking unauthorized access to computer systems. The vulnerability, tracked as CVE-2025-8088, allows threat actors to place…
OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code
OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing…
Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (CVE-2026-21509)
In a critical “out-of-band” security update released on January 26, 2026, Microsoft confirmed that threat actors are actively… The post Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (CVE-2026-21509) appeared first on Hackers Online Club. This article has been…
Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered this reality during their implementation: “Once a secret is pushed to GitLab or GitHub, you…