TRM Labs says it has recorded $35m drained from users’ wallets following 2022 LastPass breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Experts Trace $35m in Stolen Crypto to LastPass Breach
DeepSeek Proposes Tweak For AI Efficiency
Proposed tweak to AI model architecture, called mHC, potentially allows training scalability without increasing compute costs This article has been indexed from Silicon UK Read the original article: DeepSeek Proposes Tweak For AI Efficiency
VVS Stealer, a new python malware steals Discord credentials
VVS Stealer is a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. Palo Alto Networks researchers uncovered VVS Stealer, a Python-based malware that steals Discord credentials and tokens and…
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far…
London Council Says Hackers Took Sensitive Data
Westminster City Council says likely that sensitive and personal information ‘copied and taken’ in November cyber-attack This article has been indexed from Silicon UK Read the original article: London Council Says Hackers Took Sensitive Data
GHOSTCREW – AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools
GHOSTCREW emerges as a game-changing open-source toolkit for red teamers and penetration testers. This AI-powered assistant leverages large language models, integrates the MCP protocol, and supports the optional RAG architecture to orchestrate security tools via natural-language prompts. Developed by GH05TCREW,…
Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes
A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication…
A week in security (December 29 – January 4)
A list of topics we covered in the week of December 29 2025 to January 4 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (December 29 – January 4)
Palo Alto AI warning, Resecurity hack fiasco, Christmas ColdFusion attack
Palo Alto Networks boss calls AI agents biggest insider threat Hackers claim Resecurity hack, firm says it was a honeypot Thousands of ColdFusion exploit attempts spotted during Christmas holiday Huge thanks to our sponsor, Hoxhunt A small tip for CISOs:…
IT Security News Hourly Summary 2026-01-05 09h : 1 posts
1 posts were published in the last hour 8:4 : BYD Tops Tesla As World’s Biggest EV Maker
BYD Tops Tesla As World’s Biggest EV Maker
China’s BYD beats Tesla for first time on full-year sales, as pioneering US automaker sees biggest ever annual sales slump This article has been indexed from Silicon UK Read the original article: BYD Tops Tesla As World’s Biggest EV Maker
Sedgwick discloses data breach after TridentLocker ransomware attack
Sedgwick confirmed a cyber incident at its federal contractor unit after TridentLocker claimed to steal 3.4GB of data. Sedgwick is a leading global claims management and risk services provider operating in the insurance and risk solutions sector. It employs roughly…
Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
QNAP has patched multiple security vulnerabilities in its License Center application that could allow attackers to access sensitive information or disrupt services on affected NAS devices. The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026. QNAP rated the flaws as Moderate severity and confirmed that the issues have…
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance
How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management—and why your SSO infrastructure matters more than ever The post California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion…
AI security risks are also cultural and developmental
Security teams spend much of their time tracking vulnerabilities, abuse patterns, and system failures. A new study argues that many AI risks sit deeper than technical flaws. Cultural assumptions, uneven development, and data gaps shape how AI systems behave, where…
Pharma’s most underestimated cyber risk isn’t a breach
Chirag Shah, Global Information Security Officer & DPO at Model N examines how cyber risk in pharma and life sciences is shifting beyond traditional breaches toward data misuse, AI-driven exposure and regulatory pressure. He explains why executives still underestimate silent…
Infrastructure Under Attack: Cybersecurity Today for Monday January 5, 2026
In this episode of ‘Cybersecurity Today’, host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage…
AI and the End of the Traditional Entry-Level Tech Job
Welcome to the first episode of the Shared Security Podcast in 2026! As AI becomes increasingly integrated into technical fields such as software development and cybersecurity, traditional entry-level roles are evolving or disappearing. This episode discusses the implications of AI…
Understanding AI insider risk before it becomes a problem
In this Help Net Security video, Greg Pollock, Head of Research and Insights at UpGuard, discusses AI use inside organizations and the risks tied to insiders. He explains two problems. One involves employees who use AI tools to speed up…
OpenAEV: Open-source adversarial exposure validation platform
OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns used by security teams. The project focuses on organizing exercises that blend technical actions with operational and human response elements, all managed through a…
IT Security News Hourly Summary 2026-01-05 06h : 1 posts
1 posts were published in the last hour 4:31 : Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network
Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network
Resecurity deploys synthetic data honeypots to outsmart threat actors, turning reconnaissance into actionable intelligence. A recent operation not only trapped an Egyptian-linked hacker but also duped the ShinyHunters group into false breach claims. Resecurity has refined deception technologies for counterintelligence,…
API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared
A deep dive comparing API Keys, OAuth 2.0, JWT, and HMAC for CTOs. Learn which api authentication method fits your enterprise SSO and IAM strategy. The post API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared appeared first…
IT Security News Hourly Summary 2026-01-05 03h : 3 posts
3 posts were published in the last hour 2:4 : ISC Stormcast For Monday, January 5th, 2026 https://isc.sans.edu/podcastdetail/9752, (Mon, Jan 5th) 2:4 : Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol 1:31 : Post-Quantum Decentralized Identifiers for Autonomous…