IT Security News Daily Summary 2026-01-27

173 posts were published in the last hour

• 22:34 : Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle
• 21:31 : When Hospitals Go Dark and Browsers Turn Rogue
• 21:31 : OpenSSL Release Announcement for 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze and 1.0.2zn
• 21:13 : WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users
• 21:13 : NDSS 2025 – On the Robustness Of LDP Protocols For Numerical Attributes Under Data Poisoning Attacks
• 20:11 : Enhancements to Akamai API Security, Q4 2025
• 20:11 : Apple Issues Urgent Software Fix Affecting Over 2 Billion iPhones
• 20:11 : Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
• 20:11 : Fake Tax Emails Used to Target Indian Users in New Malware Campaign
• 20:5 : IT Security News Hourly Summary 2026-01-27 21h : 2 posts
• 19:36 : Nike Investigates Alleged Data Breach Tied to World Leaks
• 19:36 : End-to-end security for AI: Integrating AltaStata Storage with Red Hat OpenShift confidential containers
• 19:2 : LayerX Discovers Malicious Chrome Extensions Stealing ChatGPT Accounts
• 18:32 : Shadow AI and the Growing Risk to Enterprise Security
• 18:32 : Schneider Electric Zigbee Products
• 18:32 : iba Systems ibaPDA
• 18:32 : Festo Didactic SE MES PC
• 18:32 : Johnson Controls Products
• 18:32 : New Android Theft Protection Feature Updates: Smarter, Stronger
• 18:31 : File integrity monitoring with AWS Systems Manager and Amazon Security Lake
• 18:10 : 16 Fake ChatGPT Extensions Caught Hijacking User Accounts
• 18:10 : Android Adds ‘Accountability Layer’ to Third-Party Apps
• 18:9 : 5 steps to ensure HIPAA compliance on mobile devices
• 18:9 : If you live in the UK, you probably won’t be able to visit Pornhub anymore
• 18:9 : Amid Trump attacks and weaponized sanctions, Europeans look to rely less on US tech
• 18:9 : Canva, Atlassian, Epic Games Among the 100+ Enterprises Targeted by ShinyHunters Group
• 18:9 : Hackers Using Teams to Deliver Malicious Content Posing as Microsoft Services
• 18:9 : G_Wagon npm Package Attacking Users to Exfiltrates Browser Credentials using Obfuscated Payload
• 18:9 : Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions
• 18:9 : Attackers Hijacking Official GitHub Desktop Repository to Distribute Malware as Official Installer
• 18:9 : Watch out for AT&T rewards phishing text that wants your personal details
• 18:9 : Microsoft announces the 2026 Security Excellence Awards winners
• 18:9 : Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
• 18:9 : WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
• 17:36 : ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security
• 17:36 : Lawsuit Claims Meta Can Access WhatsApp Messages Despite Encryption Promises
• 17:36 : Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security
• 17:36 : Keyfactor Allies with IBM Consulting to Spur PQC Adoption
• 17:13 : Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update
• 17:13 : Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
• 17:5 : IT Security News Hourly Summary 2026-01-27 18h : 6 posts
• 16:34 : Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
• 16:34 : APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2
• 16:34 : Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority
• 16:5 : 6000+ Vulnerable SmarterTools SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
• 16:5 : MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules
• 16:5 : Hackers are Leveraging SEO Poisoning to Attack Users Looking for Legitimate Tools
• 16:5 : Your Tier 1 Analyst at SOC Team Is Failing at Effective Triage. That’s a Business Problem
• 16:4 : Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors
• 16:4 : China-linked group accused of spying on phones of UK prime ministers’ aides – for years
• 16:4 : Memcyco Raises $37 Million for Anti-Impersonation Technology
• 16:4 : PeckBirdy Framework Tied to China-Aligned Cyber Campaigns
• 15:34 : Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
• 15:34 : U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
• 15:34 : AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk
• 15:34 : WhatsApp-Based Astaroth Banking Trojan Targets Brazilian Users in New Malware Campaign
• 15:34 : Cyber Briefing: 2026.01.27
• 15:10 : Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
• 15:10 : Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
• 15:10 : ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
• 15:9 : CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams
• 15:9 : G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
• 15:9 : Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
• 15:9 : 5 steps to approach BYOD compliance policies
• 15:9 : Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
• 15:9 : India Cracks Down on Grok’s AI Image Misuse
• 15:9 : Looking Beyond the Hype Around AI Built Browser Projects
• 15:9 : Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS
• 15:9 : Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
• 15:9 : ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
• 14:34 : Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack
• 14:34 : NICE Actimize Insights Network combats fraudulent transfers
• 14:34 : China Hacked Downing Street Phones
• 14:34 : Nova Claims Hack Of KPMG Denied
• 14:34 : Waltio Faces Ransom Threat From Hackers
• 14:34 : EU Probes X Over Grok Sexual Images
• 14:34 : Landmark Trial Tests Social Media Harm
• 14:7 : Closing the Cyber Security Skills Gap: Check Point Partners with CompTIA
• 14:7 : Upgrade to Microsoft Windows 11 Home for Just $10
• 14:7 : Microsoft Issues Emergency Patch for Active Office Zero-Day
• 14:7 : ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks
• 14:7 : You see an email ending in .eu.org. Must be legit, right?
• 14:7 : Over 80% of Ethical Hackers Now Use AI
• 14:7 : Malware Service Pushes Chrome Phishing
• 14:7 : ClickFix Attacks Abuse Windows App V
• 14:6 : Malicious VS Code AI Extensions Steal Code
• 14:6 : The Fraud Fighter’s Handbook
• 14:5 : IT Security News Hourly Summary 2026-01-27 15h : 9 posts
• 13:32 : France to replace US videoconferencing wares with unfortunately named sovereign alternative
• 13:32 : Teleport Launches Framework to Secure Identities of AI Agents
• 13:32 : AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints
• 13:31 : Microsoft brings AI-powered investigations to security teams
• 13:31 : HackerOne brings Agentic PTaaS to continuous, expert-validated pentesting
• 13:13 : Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump’s Tax Records
• 13:13 : US Charges 31 Suspects in Nationwide ATM Jackpotting Scam
• 13:13 : Botnet Spotlight: Pressure rises on botnets — but the fight is far from over
• 13:13 : CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
• 12:32 : The Constitutionality of Geofence Warrants
• 12:32 : Microsoft illegally installed cookies on schoolkid’s tech, data protection ruling finds
• 12:31 : Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
• 12:31 : Cyber Insights 2026: Quantum Computing and the Potential Synergy With Advanced AI
• 12:3 : Poland Thwarts Russian Wiper Malware Attack on Power Plants
• 12:3 : Scientists say quantum tech has reached its transistor moment
• 12:2 : WD Discovery Desktop App for Windows Vulnerability Enables Arbitrary Code Execution
• 12:2 : CISA releases Secure Connectivity Principles Checklist for Operational Technology Networks Connectivity
• 12:2 : Node.js 25.5.0 Released Update Root Certificates and New Command-Line Flags
• 12:2 : A WhatsApp bug lets malicious media files spread through group chats
• 12:2 : NETSCOUT adds Wi-Fi 7 observability and real-time SSL certificate monitoring
• 11:36 : Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce
• 11:36 : He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
• 11:36 : 149 million compromised credentials expose growing infostealer malware crisis
• 11:36 : TikTok narrowly avoids a US ban by spinning up a new American joint venture
• 11:36 : High Court to grill London cops over live facial recognition creep
• 11:9 : WhatsApp Faces Increased EU Oversight
• 11:9 : Samsung To Ship Next-Gen Memory To Nvidia In February
• 11:9 : Office zero-day exploited in the wild forces Microsoft OOB patch
• 11:9 : Organizations Warned of Exploited Linux Vulnerabilities
• 11:9 : Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
• 11:5 : IT Security News Hourly Summary 2026-01-27 12h : 6 posts
• 10:34 : Amnesia RAT deployed in multi-stage phishing attacks against Russian users
• 10:34 : He Who Controls the Key Controls the World – Microsoft “Often” Provides BitLocker Keys to Law Enforcement
• 10:5 : France Lower House Approves Social Media Ban
• 10:5 : China-Aligned APTs Use PeckBirdy C&C Framework in Multi-Vector Attacks, Exploiting Stolen Certificates
• 10:5 : Multiple Vulnerabilities in React Server Components Enable DoS Attacks
• 10:5 : APT Hackers Attacking Indian Government Using GOGITTER Tool and GITSHELLPAD Malware
• 10:5 : Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published
• 10:4 : Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files
• 10:4 : World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
• 9:34 : Germany To Strengthen Cyber Countermeasures
• 9:34 : Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
• 9:15 : Microsoft Begins Deploying Next-Gen AI Chip
• 9:15 : Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks
• 9:15 : Why Cyber Fusion Centers and Zero-Trust Work Better Together
• 9:15 : Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation
• 8:34 : Google Pays $68m To Settle Assistant Privacy Claims
• 8:34 : Zscaler expands AI security capabilities to deliver visibility, control, and governance
• 8:34 : Microsoft patches Office zero-day vulnerability, Indian users targeted by Blackmoon, Konni targets blockchain developers
• 8:15 : EU Probes X Over Grok Images
• 8:15 : HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
• 8:15 : Threat Actors Using Fake Notepad++ and 7-zip Websites to Deploy Remote Monitoring Tools
• 8:5 : IT Security News Hourly Summary 2026-01-27 09h : 5 posts
• 7:32 : Dormakaba flaws allow to access major organizations’ doors
• 7:31 : When open science meets real-world cybersecurity
• 7:31 : Logitech introduces two Rally AI Cameras designed for large spaces
• 7:31 : Descope introduces dedicated identity infrastructure for AI agents and MCP ecosystems
• 7:9 : Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
• 6:34 : Waiting for AI superintelligence? Don’t hold your breath
• 6:11 : AI’s appetite for data is testing enterprise guardrails
• 5:31 : Ivanti expands Neurons platform with agentic AI and autonomous endpoint management
• 5:31 : Cybersecurity jobs available right now: January 27, 2026
• 5:7 : New Lawsuit Claims that Meta Can Read All the WhatsApp Users Messages
• 5:7 : Microsoft Office Zero-day Vulnerability Actively Exploited in Attacks
• 3:34 : Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain
• 2:34 : Initial Stages of Romance Scams [Guest Diary], (Tue, Jan 27th)
• 2:33 : SoundCloud – 29,815,722 breached accounts
• 2:9 : ISC Stormcast For Tuesday, January 27th, 2026 https://isc.sans.edu/podcastdetail/9782, (Tue, Jan 27th)
• 2:5 : IT Security News Hourly Summary 2026-01-27 03h : 2 posts
• 1:31 : The 7 Essential Elements of a Compliance Framework You Need to Know
• 1:31 : Clawdbot Is What Happens When AI Gets Root Access: A Security Expert’s Take on Silicon Valley’s Hottest AI Agent
• 0:36 : Who Operates the Badbox 2.0 Botnet?
• 0:36 : Judge Delays Minnesota ICE Decision While Weighing Whether State Is Being Illegally Punished
• 0:36 : What exciting new developments are happening in NHIs?
• 0:36 : Why be optimistic about the future of secrets management?
• 0:36 : How smart can NHIs be in complex enterprise environments?
• 0:36 : Can Agentic AI operate independently in high-stakes areas?
• 0:36 : Department of Know: Davos worries, UK-China tensions, calendar concerns
• 0:9 : Claude expands tool connections using MCP
• 23:13 : 10 cybersecurity trends to watch in 2026
• 23:13 : Judge Delays Minnesota ICE Decision While Weighing Whether State Was Being Illegally Punished
• 23:13 : Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
• 23:13 : How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
• 23:5 : IT Security News Hourly Summary 2026-01-27 00h : 1 posts
• 22:55 : IT Security News Daily Summary 2026-01-26