Google-owned AdMob allegedly collected kids’ data for ads without parental consent—including IP addresses, usage data, and exact locations. This article has been indexed from Malwarebytes Read the original article: Google will pay $8.25m to settle child data-tracking allegations
APT-Grade PDFSider Malware Used by Ransomware Groups
Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading. The post APT-Grade PDFSider Malware Used by Ransomware Groups appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: APT-Grade PDFSider…
AI Supercharges Attacks in Cybercrime’s New ‘Fifth Wave’
Weaponized AI is fueling a new wave of cybercrime, said Group-IB in its latest report This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Supercharges Attacks in Cybercrime’s New ‘Fifth Wave’
VoidLink Rewrites Rootkit Playbook with Server-Side Kernel Compilation and AI-Assisted Code
VoidLink emerges as a significant threat to Linux cloud environments, representing a major shift in how rootkits are designed and deployed. This Chinese-developed malware framework was first discovered by Check Point Research on January 13, 2026, marking the beginning of…
Radware targets API blind spots with real-time lifecycle protection
Radware has unveiled the launch of its Radware API Security Service, an end-to-end solution designed to protect APIs throughout their entire lifecycle using real-time production traffic. Radware API Security Service offers APIs advanced protection against the OWASP Top 10 API…
Why Secrets in JavaScript Bundles are Still Being Missed
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a…
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. “The vulnerability was rooted in how our edge network processed requests destined for…
Sophos expands security stack to govern apps, data, and AI in hybrid work
Sophos has announced Sophos Workspace Protection, expanding its portfolio to help organizations secure hybrid work and govern the use of emerging technologies, including AI. Built around the Sophos Protected Browser, powered by Island, the solution enables organizations to protect applications,…
Nvidia Suppliers Halt Production After China Blocks Shipments
Chinese customs authorities reportedly block incoming shipments of Nvidia’s H200 AI chip, leading parts suppliers to suspend production This article has been indexed from Silicon UK Read the original article: Nvidia Suppliers Halt Production After China Blocks Shipments
Weaponized Invite Enabled Calendar Data Theft via Google Gemini
A simple payload allowed attackers to create a new event leaking summaries of the victim’s private meetings. The post Weaponized Invite Enabled Calendar Data Theft via Google Gemini appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts 50% of organizations will adopt zero trust data governance by 2028 This article has been indexed from www.infosecurity-magazine.com Read the original article: Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
IT Security News Hourly Summary 2026-01-20 12h : 8 posts
8 posts were published in the last hour 10:32 : Police Say Private Jet Necessary For Influencer Extradition 10:32 : Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions 10:32 : Let’s Encrypt rolls out 6-day and IP-based certificates 10:7 :…
Police Say Private Jet Necessary For Influencer Extradition
Surrey Police defend more than £15,000 cost of private jet charter for extradition of TikTok influencer, saying no other option viable This article has been indexed from Silicon UK Read the original article: Police Say Private Jet Necessary For Influencer…
Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions
Major Telegram-based illicit marketplace Tudou Guarantee appears to be shutting down its operations, according to Elliptic. Blockchain cybersecurity firm Elliptic reports that Tudou Guarantee, a major Telegram-based illicit marketplace in Southeast Asia, has stopped transactions in its public groups after…
Let’s Encrypt rolls out 6-day and IP-based certificates
Let’s Encrypt says its short-lived TLS certificates with a 6-day lifetime are now generally available. Each certificate is valid for 160 hours from the time it is issued. To request one, operators must select the “shortlived” profile in their ACME…
Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th)
IDNs or “International Domain Names†have been with us for a while now (see RFC3490[1]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference between: This article has been indexed from SANS Internet…
Guernsey Seizes £8m In Assets Of Crypto Fugitive Ignatova
Guernsey government seizes more than £8m in assets belonging to fugitive ‘crypto queen’ Ruja Ignatova, wanted in Germany, US This article has been indexed from Silicon UK Read the original article: Guernsey Seizes £8m In Assets Of Crypto Fugitive Ignatova
Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data
SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting…
Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste
A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the…
Scam Marketplace Tudou Guarantee Shutters Telegram Ops
A notorious marketplace for fraud, Tudou Guarantee, appears to have closed its public Telegram groups This article has been indexed from www.infosecurity-magazine.com Read the original article: Scam Marketplace Tudou Guarantee Shutters Telegram Ops
OpenAI Brings Adverts To ChatGPT
OpenAI to begin testing tailored adverts in ChatGPT for free and low-cost users, as it seeks to fund expensive AI data centres This article has been indexed from Silicon UK Read the original article: OpenAI Brings Adverts To ChatGPT
Critical WordPress Plugin Vulnerability Exposes 100,000+ Websites to Privilege Escalation Attacks
A critical privilege escalation vulnerability discovered in the Advanced Custom Fields: Extended WordPress plugin threatens over 100,000 active installations. The vulnerability, identified as CVE-2025-14533 with a CVSS score of 9.8, allows unauthenticated attackers to elevate their privileges to administrative by…
VoidLink Signals the Start of a New Era in AI-Generated Malware
Check Point Research has identified VoidLink, one of the first known examples of advanced malware largely generated using artificial intelligence. Unlike earlier AI-assisted malware, which was typically low-quality or derivative, VoidLink demonstrates a high level of sophistication and rapid evolution.…
UK NCSC warns of Russia-linked hacktivists DDoS attacks
The UK government warns Russia-linked hacktivists are still carrying out DDoS attacks on critical infrastructure and local government systems The UK government warns that Russia-linked hacktivists are continuing DDoS attacks against critical infrastructure and local government systems. “Today, 19th January…