Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse…
New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks
A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat with no connection to…
CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that…
FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data
A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December…
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy…
New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages
Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through…
Webinar Today: Rethinking Email Security for Mid-Sized Organizations
See how modern AI-driven detection can block sophisticated attacks that traditional tools miss The post Webinar Today: Rethinking Email Security for Mid-Sized Organizations appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Webinar Today:…
Obsidian Security unveils end-to-end SaaS supply chain security to stop integration-led breaches
Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies depend on hundreds of SaaS applications to operate their business. The security threat posed by…
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware
TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Watering…
Fake LastPass maintenance emails target users
LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours. This article has been indexed from Malwarebytes Read the original article: Fake LastPass maintenance emails target users
Minnesota DHS Data Breach Hits 300K
The Minnesota Department of Human Services recently notified nearly 304,000 residents that their demographic and personal data were compromised due to unauthorized system access by an affiliated user. This article has been indexed from CyberMaterial Read the original article: Minnesota…
Key Apple Nvidia Tesla Supplier Breached
Apple supplier Luxshare has reportedly fallen victim to a ransomware attack by a group called RansomHub, which claims to have stolen sensitive product designs and employee data. This article has been indexed from CyberMaterial Read the original article: Key Apple…
Tesla Hacked At Pwn2Own Automotive 2026
Security researchers successfully breached the Tesla Infotainment System and secured $516,500 in prizes after exploiting 37 zero-day vulnerabilities during the opening of the Pwn2Own Automotive 2026 competition. This article has been indexed from CyberMaterial Read the original article: Tesla Hacked…
Greek Police Arrest Fake Cell Tower Gang
Greek authorities recently dismantled a sophisticated mobile scam operation that utilized a deceptive cellular transmitter concealed within a vehicle to target residents in Athens. This article has been indexed from CyberMaterial Read the original article: Greek Police Arrest Fake Cell…
Snapchat Expands Parental Contact Insights
Snapchat is expanding its Family Center features to provide parents with specific context about their children’s new connections, such as mutual friends or shared school communities. This article has been indexed from CyberMaterial Read the original article: Snapchat Expands Parental…
Foxit, Epic Games Store, MedDreams vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors,…
IT Security News Hourly Summary 2026-01-22 15h : 15 posts
15 posts were published in the last hour 14:5 : MCP Isn’t Just Convenience; It’s a Security Problem and a Governance Opportunity 14:4 : Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users 14:4 : AI-Powered North…
MCP Isn’t Just Convenience; It’s a Security Problem and a Governance Opportunity
The first time I wired an agent to real enterprise systems, it felt like I’d unlocked a cheat code. I had a clean, repeatable pattern: the model asks, a server answers, and suddenly the agent can do things. Then the…
Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users
Overview This report describes a phishing campaign in which attackers abuse Microsoft Teams functionality to distribute phishing content that appears to originate from legitimate Microsoft services. The attack leverages guest invitations and phishing-themed team names to impersonate billing and subscription…
AI-Powered North Korean Konni Malware Targets Developers
Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat actor active since at least 2014. Historically, KONNI focused on South Korean diplomatic, academic, and government-linked targets, using geopolitical themes as phishing lures. This latest…
Europe’s GDPR cops dished out €1.2B in fines last year as data breaches piled up
Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach…
Targeted Cyberattack Foiled by Resecurity Honeypot
There has been a targeted intrusion attempt against the internal environment of Resecurity in November 2025, which has been revealed in detail by the cyber security company. In order to expose the adversaries behind this attack, the company deliberately…
Cybersecurity Education for Awareness and Compliance
A structured guide to building effective cybersecurity awareness, training, and compliance across organizations. This article has been indexed from CyberMaterial Read the original article: Cybersecurity Education for Awareness and Compliance
REMnux
A Linux based malware analysis distribution designed for reverse engineering, network traffic analysis, and forensic investigation. This article has been indexed from CyberMaterial Read the original article: REMnux