A critical security alert regarding an active phishing campaign that commenced on January 19, 2026. The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users. The…
Multiple GitLab Vulnerabilities Enables 2FA Bypass and DoS Attacks
Critical security patches addressing five vulnerabilities across versions 18.8.2, 18.7.2, and 18.6.4 for both Community Edition (CE) and Enterprise Edition (EE). The patches resolve issues ranging from high-severity authentication flaws to denial-of-service conditions affecting core platform functionality. Critical 2FA Bypass…
ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete…
A new era of agents, a new era of posture
AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. The post A new era of agents, a new era of posture appeared first on Microsoft Security Blog. This article has been indexed from Microsoft…
Cohesity enhances identity resilience with ITDR capabilities
Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID. Identity is foundational…
Check Point Exposure Management unifies threat intelligence, context, and remediation
Check Point announced Check Point Exposure Management, a new approach designed to help organizations defend against attacks by turning fragmented exposure data into prioritized, actionable, and safe remediation. Exposure Management delivers real-time situational awareness by unifying threat intelligence, dark-web insights,…
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Loan phishing operation in Peru is stealing card info by impersonating financial institutions This article has been indexed from www.infosecurity-magazine.com Read the original article: Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Luxembourg State Sites Hit By Cyberattack
On Tuesday morning, the Luxembourg State Information Technology Centre confirmed that several government websites were temporarily offline following a targeted cyberattack. This article has been indexed from CyberMaterial Read the original article: Luxembourg State Sites Hit By Cyberattack
Illinois DHS Breach Exposes 700K
The Illinois Department of Human Services recently disclosed a data breach that compromised the personal records of approximately 700,000 residents who interacted with state assistance programs. This article has been indexed from CyberMaterial Read the original article: Illinois DHS Breach…
SK Telecom Sues To Revoke Breach Fine
South Korea’s top mobile provider, SK Telecom, has initiated a lawsuit to cancel a record 135 billion-won fine issued by the state data regulator following a massive breach of its entire 23 million user base. This article has been indexed…
EU Plans Cybersecurity Overhaul
The European Commission has introduced a new cybersecurity legislative package that mandates the removal of high-risk suppliers from telecommunications networks to protect against state-sponsored threats. This article has been indexed from CyberMaterial Read the original article: EU Plans Cybersecurity Overhaul
UK NCSC Warns Of Russia Linked DDos
The UK government has issued a warning regarding persistent DDoS attacks from Russia-linked hacktivists targeting critical national infrastructure and local government systems. This article has been indexed from CyberMaterial Read the original article: UK NCSC Warns Of Russia Linked DDos
aiFWall Emerges from Stealth With an AI Firewall
aiFWall is a firewall protection for AI deployments built to use AI to improve its own performance. The post aiFWall Emerges from Stealth With an AI Firewall appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Vectra AI helps organizations prevent AI-powered cyberattacks
Vectra AI launched the next generation of its flagship platform, purpose-built to protect the AI enterprise by delivering preemptive security and proactive defense against AI-powered cyberattacks. As enterprises embed AI across applications and infrastructure, they are becoming AI enterprises: always-on,…
EU tightens cybersecurity rules for tech supply chains
The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure ICT supply chains and ensure products reaching EU citizens are secure by design through a…
EN, SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
LABScon25 Replay | How to Bug Hotel Rooms v2.0
Dan Tentler reveals how consumer hardware coupled with Home Assistant can monitor hotel rooms, detect occupants through walls, and trigger automated alerts. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and tinkerers shedding light…
Why Exposure Management Is Becoming a Security Imperative
Of course, organizations see risk. It’s just that they struggle to turn insight into timely, safe action. That gap is why exposure management has emerged, and also why it is now becoming a foundational security discipline. What the diagram makes…
Threat Actors Hiding stealthy PURELOGS Payload Within a Weaponized PNG File
A newly discovered attack campaign has exposed a sophisticated delivery method for the PURELOGS infostealer, a commodity malware sold as a service on underground forums. Threat actors are using weaponized PNG files hosted on legitimate infrastructure to deliver the payload…
Critical Zoom Command Injection Vulnerability Enables Remote Code Execution
A critical command injection vulnerability in Node Multimedia Routers (MMRs) could allow meeting participants to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2026-22844, carries a CVSS severity rating of 9.9, the highest possible score, indicating an extremely…
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
A novel malware delivery technique dubbed “PixelCode” has been demonstrated, showing how malicious executables can be encoded directly into video frames. The approach allows threat actors to host these videos on legitimate platforms such as YouTube, helping the malware evade…
NVIDIA NSIGHT Graphics for Linux Vulnerability Allows Code Execution Attacks
An urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-33206, has been rated as High severity with a CVSS score of…
AI Phishing Is Your Company’s Biggest Security Risk in 2026: Here’s How to Stop It
Phishing used to be easy to spot. Bad grammar, strange links, obvious scams. That version is gone. In 2026, phishing is polished, well-written, and often smarter than it has any right to be thanks to AI. These attacks look like real business emails, slip past…
EU considers whether there’s Huawei of axing Chinese kit from networks within 3 years
Still dominant in Germany’s networks, among others The European Commission (EC) wants a revised Cybersecurity Act to address any threats posed by IT and telecoms kit from third-country sources, potentially forcing member states to confront the thorny issue of suppliers…
LastPass Users Targeted With Backup-Themed Phishing Emails
Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success. The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek. This article has been indexed…