Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited. The research focuses on intentionally vulnerable apps…
Category: EN
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint
Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint appeared first on Microsoft Security Blog.…
Unbounded AI use can break your systems
In this Help Net Security video, James Wickett, CEO of DryRun Security, explains cyber risks many teams underestimate as they add AI to products. He focuses on how fast LLM features are pushed into live applications without limits or guardrails.…
The internet’s oldest trust mechanism is still one of its weakest links
Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent. The research examined…
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco has released fresh patches to address what it described as a “critical” security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability,…
NSFOCUS AI-Scan Gains Recognition from Authoritative Institution
SANTA CLARA, Calif., Jan 22, 2026 – Recently, International Data Corporation (IDC) released the report “China Large Language Model (LLM) Security Assessment Platform Vendor Technology Evaluation” (Doc#CHC53839325, October 2025). NSFOCUS was selected for this report based on its proven product performance…
Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access
A critical vulnerability in Fortinet’s Single Sign-On (SSO) feature for FortiGate firewalls, tracked as CVE-2025-59718, is under active exploitation. Attackers are leveraging it to create unauthorized local admin accounts, granting full administrative access to internet-exposed devices. Multiple users have reported…
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The…
A new framework helps banks sort urgent post-quantum crypto work from the rest
Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out a scoring framework that helps banks rank systems and business use cases based on quantum risk…
ISC Stormcast For Thursday, January 22nd, 2026 https://isc.sans.edu/podcastdetail/9776, (Thu, Jan 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, January 22nd, 2026…
macOS Tahoe improves privacy and communication safety
macOS Tahoe privacy and security features focus on screening unwanted contact, limiting tracking, and keeping more decisions on the device. Most updates run quietly in the background and require little setup. Built-in filtering for calls and messages Apple reduced exposure…
Cisco fixed actively exploited Unified Communications zero day
Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild. Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in…
Top 8 cybersecurity predictions for 2026
<p>Look into our cybersecurity crystal ball for the rest of 2026, and you probably won’t be surprised to see a familiar acronym appear: AI.</p> <p>What’s new this year is that — three years after ChatGPT first burst into public consciousness…
Davos discussion mulls how to keep AI agents from running wild
Where the shiny new FOMO object collides with insider-threat reality AI agents arrived in Davos this week with the question of how to secure them – and prevent agents from becoming the ultimate insider threat – taking center stage during…
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise
Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the v2512 baseline…
What innovative practices secure AI-driven architectures?
How Do Non-Human Identities Strengthen AI Security Architectures? Is your organization fully prepared to handle the intricate demands of AI-driven systems? Non-Human Identities (NHIs) play a crucial role in securing AI architectures. By effectively managing these machine identities, organizations can…
Can AI manage cloud security effectively?
How Can AI Revolutionize Cloud Security Management? How do organizations ensure that their cloud environments are not just secure but intelligently managed? The answer lies in understanding the potential of AI in cloud security. With machines become predominant players in…
What makes NHIs safe for my company?
How Secure Are Non-Human Identities in Your Company’s Digital Strategy? Have you ever considered who—or rather, what—is accessing your company’s data? While we often focus on human users in cybersecurity strategies, non-human identities (NHIs) play a pivotal role in security…
How powerful is agentic AI in detecting threats?
Is Agentic AI the Key to Revolutionizing Threat Detection in Cybersecurity? Where organizations increasingly migrate to cloud environments, the complexity of safeguarding data intensifies. Cybersecurity is no longer just about protecting networks from human attackers but also about managing machine…
News alert: Reflectiz study finds most third-party web apps access sensitive data without justification
BOSTON, Jan. 21, 2026, CyberNewswire — Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client?side risk across global websites, driven primarily by third?party applications, marketing tools, and unmanaged digital ……