Security researchers at Google Project Zero have disclosed a complete zero-click exploit chain affecting Google Pixel 9 smartphones, chaining vulnerabilities in the Dolby audio decoder and kernel driver to achieve code execution and privilege escalation without any user interaction. The…
AWS Console Supply Chain Breach Enables GitHub Repository Hijacking
A newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community. Cybersecurity researchers have discovered that threat actors are exploiting misconfigured AWS credentials and integrated GitHub actions to hijack repositories and inject…
Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as CVE-2026-23550 (CVSS score of 10). Modular DS is a WordPress plugin with over…
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet This article has been indexed from www.infosecurity-magazine.com Read the original article: RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation…
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local administrator access on a single machine to compromise any other Windows Admin Center-managed system within the…
RSAC Stands Tall Appointing a True Leader, Jen Easterly as CEO
RSAC just made a power move. With Jen Easterly stepping in as CEO, the cybersecurity industry’s front porch gets real leadership, real credibility, and real intent—writes Alan. The post RSAC Stands Tall Appointing a True Leader, Jen Easterly as CEO…
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced…
Hachette, Cengage Seek To Join Google AI Case
Hachette Book Group, Cengage Group apply with California federal judge to join case against Google over use of copyrighted material for AI This article has been indexed from Silicon UK Read the original article: Hachette, Cengage Seek To Join Google…
Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026
Given the threat-dominating space we cannot escape, we need a game-changer that becomes the ultimate tool for protecting our Android app. Now, imagine your organisation’s application is used by hundreds and thousands of Android users, given that your flagship Android…
FalconStor Habanero simplifies compliant offsite backup for IBM Power users
FalconStor Software announced the launch of FalconStor Habanero, a globally available software-as-a-service offering designed to simplify secure offsite data protection for IBM Power customers. Habanero addresses a critical challenge facing the majority of IBM Power users: organizations that continue to…
Easterly helms RSAC, Windows update problems, Police Copilot gaffe
Jen Easterly to helm RSAC Windows January update causes login problems UK police blame Copilot for intelligence mistake Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show…
IT Security News Hourly Summary 2026-01-16 09h : 6 posts
6 posts were published in the last hour 8:5 : Amazon Offers ‘Sovereign’ Cloud For EU Customers 8:4 : New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories 8:4 : Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities…
Amazon Offers ‘Sovereign’ Cloud For EU Customers
Amazon Web Services offers European Sovereign Cloud system for customers concerned about US government covertly accessing their data This article has been indexed from Silicon UK Read the original article: Amazon Offers ‘Sovereign’ Cloud For EU Customers
New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories
A critical misconfiguration in AWS CodeBuild enabled unauthenticated attackers to seize control of key AWS-owned GitHub repositories, including the widely used AWS JavaScript SDK powering the AWS Console itself. This supply chain vulnerability threatened platform-wide compromise, potentially injecting malicious code…
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks
The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risks, and TLS mishandlings that could expose developers to remote…
Former CISA Director Jen Easterly Appointed CEO of RSAC
Easterly will be leading the world-renowned cybersecurity conference and other RSAC programs. The post Former CISA Director Jen Easterly Appointed CEO of RSAC appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Former CISA…
Product showcase: Penetration test reporting with PentestPad
If you’ve done a pentest before, you know things can get messy fast. You start organized, but a few hours in, notes are scattered, screenshots have odd filenames, and small details get lost. PentestPad was built to help with that,…
Ransomware activity never dies, it multiplies
Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team shows that disruption inside the ransomware economy slowed activity only briefly, while extortion…
Your digital safety checklist for the start of the year
The start of a new year brings new opportunities – and heightened cyber risks as scammers exploit the holiday aftermath. In 2024 the FBI’s Internet… The post Your digital safety checklist for the start of the year appeared first on…
News alert: AppGuard reopens insider program as AI-enhanced malware outpaces detection defenses
MCLEAN, Va., Jan.15, 2026, CyberNewswire — A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and…
News alert: BreachLock unveils agentic AI pen testing that mimics attacker behavior on web apps
NEW YORK, Jan. 15, 2026, CyberNewswire — BreachLock, a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced ……
As AI raises the stakes, app modernization and security are becoming inseparable
Security leaders are under pressure to support AI programs that move from pilots into production. New Cloudflare research suggests that success depends less on experimentation and more on disciplined application modernization tied closely to security strategy. The survey examines how…
New intelligence is moving faster than enterprise controls
AI is being integrated into core enterprise systems faster than many organizations can secure and govern it. A new global study from NTT shows companies expanding AI deployment while gaps in infrastructure readiness, data integrity controls, and governance frameworks continue…
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as…