A newly identified cyberattack campaign is actively exploiting trust in India’s tax system to infect computers with advanced malware designed for long-term surveillance and data theft. The operation relies on carefully crafted phishing emails that impersonate official tax communications…
IT Security News Hourly Summary 2026-01-27 21h : 2 posts
2 posts were published in the last hour 19:36 : Nike Investigates Alleged Data Breach Tied to World Leaks 19:36 : End-to-end security for AI: Integrating AltaStata Storage with Red Hat OpenShift confidential containers
Nike Investigates Alleged Data Breach Tied to World Leaks
Nike is investigating World Leaks’ claims of a data breach, underscoring growing risks from data-centric extortion attacks. The post Nike Investigates Alleged Data Breach Tied to World Leaks appeared first on eSecurity Planet. This article has been indexed from eSecurity…
End-to-end security for AI: Integrating AltaStata Storage with Red Hat OpenShift confidential containers
Confidential computing represents the next frontier in hybrid and multicloud security, offering hardware-level memory protection (data in use) through technologies such as AMD SEV and Intel TDX. However, implementing storage solutions in these environments presents unique challenges that traditional approaches…
LayerX Discovers Malicious Chrome Extensions Stealing ChatGPT Accounts
Security researchers from LayerX discovered 16 malicious Chrome extensions created by the same threat actor designed to intercept users’ interaction with ChatGPT chatbots and steal their account credentials, the latest instance in a growing trend. The post LayerX Discovers Malicious…
Shadow AI and the Growing Risk to Enterprise Security
Shadow AI is exposing sensitive enterprise data through unsanctioned AI use, creating growing security and compliance risks. The post Shadow AI and the Growing Risk to Enterprise Security appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Schneider Electric Zigbee Products
View CSAF Summary Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service vulnerabilities: Wiser iTRV, Wiser RTR,…
iba Systems ibaPDA
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. The following versions of iba Systems ibaPDA are affected: ibaPDA (CVE-2025-14988) CVSS Vendor Equipment Vulnerabilities v3 9.8 iba Systems iba…
Festo Didactic SE MES PC
View CSAF Summary MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are…
Johnson Controls Products
View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Products are affected: Application and Data Server (ADS) (CVE-2025-26385) Extended Application and Data…
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team Phone theft is more than just losing a device; it’s a form of financial fraud that can leave you suddenly vulnerable to personal data and…
File integrity monitoring with AWS Systems Manager and Amazon Security Lake
Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a…
16 Fake ChatGPT Extensions Caught Hijacking User Accounts
A coordinated campaign of 16 malicious GPT optimisers has been caught hijacking ChatGPT accounts. These tools steal session tokens to access private chats, Slack, and Google Drive files. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
Android Adds ‘Accountability Layer’ to Third-Party Apps
Android is adding new verification steps to sideloaded apps, introducing friction for advanced users while aiming to reduce malware, fraud, and scams. The post Android Adds ‘Accountability Layer’ to Third-Party Apps appeared first on TechRepublic. This article has been indexed…
5 steps to ensure HIPAA compliance on mobile devices
<p>Complying with <a href=”https://www.techtarget.com/searchhealthit/definition/HIPAA”>HIPAA</a> on mobile devices is no longer just a technical exercise. As smartphones and tablets become part of everyday clinical workflows, organizations must be able to demonstrate who can access protected health information, under what conditions and…
If you live in the UK, you probably won’t be able to visit Pornhub anymore
Pornhub parent company Aylo will restrict access from U.K. users, rather than comply with age verification mandates, which the company said it believes have not succeeded in promoting online safety. This article has been indexed from Security News | TechCrunch…
Amid Trump attacks and weaponized sanctions, Europeans look to rely less on US tech
European governments are looking to move away from U.S. tech and reclaim their digital sovereignty at a time of unpredictability and volatility in the United States. This article has been indexed from Security News | TechCrunch Read the original article:…
Canva, Atlassian, Epic Games Among the 100+ Enterprises Targeted by ShinyHunters Group
A major identity-theft operation is now targeting over 100 high-value organizations across multiple industries. The threat comes from SLSH, a dangerous alliance combining the tactics of Scattered Spider, LAPSUS$, and ShinyHunters. Unlike typical automated attacks, this campaign uses real people…
Hackers Using Teams to Deliver Malicious Content Posing as Microsoft Services
A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services. By leveraging the platform’s “Invite a Guest” feature and crafting deceptive…
G_Wagon npm Package Attacking Users to Exfiltrates Browser Credentials using Obfuscated Payload
On January 23rd, 2026, security researchers discovered a dangerous npm package named ansi-universal-ui that disguised itself as a legitimate user interface component library. The deceptive package description claimed to offer a lightweight UI system for modern web applications. However, beneath…
Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions
Meta is gearing up to roll out premium subscription tiers across its flagship apps, Instagram, Facebook, and WhatsApp, offering users exclusive features to boost productivity, creativity, and AI-driven interactions. The company confirmed the plans to emphasize that core app experiences…
Attackers Hijacking Official GitHub Desktop Repository to Distribute Malware as Official Installer
Cybercriminals have discovered a dangerous way to trick developers into downloading malware by exploiting how GitHub works. The attack involves creating fake versions of the GitHub Desktop installer and making them appear legitimate to unsuspecting users. Between September and October…
Watch out for AT&T rewards phishing text that wants your personal details
Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers. This article has been indexed from Malwarebytes Read the original article: Watch out for AT&T rewards phishing text that wants your personal details
Microsoft announces the 2026 Security Excellence Awards winners
Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog. This article…