Penetration testing companies serve as vital cybersecurity allies, simulating real-world cyberattacks to expose vulnerabilities in systems, networks, and applications before malicious actors strike. Employing ethical hackers with advanced techniques, they rigorously assess defenses, pinpoint misconfigurations, and evaluate control effectiveness to…
IPFire update brings new network and security features to firewall deployments
Security and operations teams often work with firewall platforms that require frequent tuning or upgrades to meet evolving network demands. IPFire has released its 2.29 Core Update 199, aimed at network and protection teams that manage this open source firewall…
Cyber-Attack School Extends Closure To At Least Monday
Midlands secondary school to remain closed until Monday at the earliest, as it struggles to deal with fallout from cyber-attack This article has been indexed from Silicon UK Read the original article: Cyber-Attack School Extends Closure To At Least Monday
Chinese Authorities Review Meta’s Manus Acquisition
Chinese officials reportedly review $2bn acquisition of AI start-up Manus by Facebook parent over potential export rule violations This article has been indexed from Silicon UK Read the original article: Chinese Authorities Review Meta’s Manus Acquisition
ESA confirms new data heist, Ni8mare lets hackers hijack n8n servers, Taiwan blames ‘cyber army’ for intrusion attempts
ESA confirms new data heist Ni8mare lets hackers hijack n8n servers Taiwan blames ‘cyber army’ for intrusion attempts Huge thanks to our sponsor, Hoxhunt Traditional security training fails because it treats employees like the problem. Hoxhunt treats them like the…
ownCloud Warns Users to Enable MFA After Credential Theft Incident
ownCloud has issued an urgent security advisory urging users to enable Multi-Factor Authentication (MFA) following a credential theft incident reported by threat intelligence firm Hudson Rock. The incident, discovered in January 2026, affected organizations using self-hosted file-sharing platforms, including some…
Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
Linux laptop users are being urged to update after a flaw in a popular battery optimisation tool was found to allow authentication bypass and system tampering. The vulnerability affects the TLP power profiles daemon introduced in version 1.9.0, which exposes a D-Bus API for…
Three Malicious NPM Packages Target Developers’ Login Credentials
Security researchers at Zscaler ThreatLabz have uncovered three malicious npm packages designed to install a sophisticated remote access trojan (RAT) targeting JavaScript developers. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, collectively registered over 3,400 downloads before being removed from the…
BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials
A sophisticated credential-harvesting operation conducted by BlueDelta, a Russian state-sponsored threat group linked to the GRU’s Main Directorate, targeted critical infrastructure organizations and research institutions throughout 2025, according to a comprehensive investigation by Recorded Future’s Insikt Group. The campaign, spanning…
GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution
Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enable cross-site scripting, authorization bypass, and denial of service in selfmanaged instances. The latest patch releases, GitLab 18.7.1, 18.6.3, and 18.5.5, address these security…
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to…
IT Security News Hourly Summary 2026-01-08 09h : 4 posts
4 posts were published in the last hour 7:36 : Three Malicious NPM Packages Attacking Developers to Steal Login Credentials 7:36 : Ni8mare Vulnerability Let Attackers Hijack n8n Servers – Exploit Released With 26,512 Vulnerable Hosts 7:36 : Cybercriminals are…
Three Malicious NPM Packages Attacking Developers to Steal Login Credentials
Three malicious npm packages are targeting JavaScript developers to steal browser logins, API keys, and cryptocurrency wallet data. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, were uploaded to the public npm registry and posed as tools linked to the popular…
Ni8mare Vulnerability Let Attackers Hijack n8n Servers – Exploit Released With 26,512 Vulnerable Hosts
A critical unauthenticated remote code execution vulnerability discovered in n8n, the popular workflow automation platform, exposes an estimated 100,000 servers globally to complete takeover. Tracked as CVE-2026-21858 with a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to…
Cybercriminals are scaling phishing attacks with ready-made kits
Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in…
StackRox: Open-source Kubernetes security platform
Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open…
Cloudflare pours cold water on ‘BGP weirdness preceded US attack on Venezuela’ theory
Suggests rotten routing, not evidence of a cyber-strike before kinetic action Cloudflare has poured cold water on a theory that the USA’s incursion into Venezuela coincided with a cyberattack on telecoms infrastructure.… This article has been indexed from The Register…
Passwords are where PCI DSS compliance often breaks down
Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the…
What happens to insider risk when AI becomes a coworker
In this Help Net Security video, Ashley Rose, CEO at Living Security, discusses how AI is changing insider risk. AI is now built into daily work across departments, which shifts how risk shows up and how security teams should respond.…
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below…
Voice cloning defenses are easier to undo than expected
Many voice protection tools promise to block cloning by adding hidden noise to speech. Researchers at a Texas university found that widely used voice protection methods can be stripped away, restoring speaker identity and allowing fake voices to pass automated…
IT Security News Hourly Summary 2026-01-08 06h : 2 posts
2 posts were published in the last hour 4:13 : Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit 4:13 : Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts
Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit
Hackers are exploiting VMware ESXi instances in the wild with a zero-day exploit toolkit that chains multiple vulnerabilities for VM escapes. Cybersecurity firm Huntress disrupted one such attack, attributing initial access to a compromised SonicWall VPN. Threat actors gained a…
Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts
Secure your MCP deployments with quantum-resistant integrity verification. Learn how to protect machine-to-machine model contexts from future quantum threats. The post Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts appeared first on Security Boulevard. This article has been indexed from Security…