A sophisticated attack campaign leveraging a critical FreePBX vulnerability to deploy a persistent webshell dubbed “EncystPHP,” enabling threat actors to gain complete administrative control over compromised VoIP systems. The campaign, launched in early December 2025, exploits CVE-2025-64328, a post-authentication command-injection…
Cal.com Broken Access Controls Exposes Millions of Bookings and Leads to Complete Account Takeover
Cal.com, an open-source scheduling platform that millions of people use to book meetings and manage their calendars, recently faced a serious security problem. The platform provides an alternative to tools like Calendly, offering features like calendar syncing, team scheduling, and…
Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces
A significant architectural blind spot in the Microsoft 365 ecosystem that allows threat actors to exfiltrate sensitive email data without leaving forensic traces. Dubbed “Exfil Out&Look,” this attack technique leverages the Outlook add-in framework to intercept outgoing communications stealthily. Unlike…
Google Disrupted World’s Largest IPIDEA Residential Proxy Network
Google and its partners launched a major operation this week to shut down what security experts consider one of the world’s largest residential proxy networks: IPIDEA. The proxy service operates by routing internet traffic through millions of everyday consumer devices…
France Travail fined €5 million for failing to protect job seeker data
France data protection authority CNIL has fined public employment agency France Travail €5 million for failing to ensure the security of personal data of job seekers. Attackers gained access to the organization’s systems through social engineering techniques that targeted accounts…
Druva Threat Watch offers continuous threat monitoring of backup data
Druva announced the launch of Threat Watch, a zero-touch, automated cloud-native solution for proactive threat monitoring of backup data. Threat Watch is designed to continuously scan backup snapshots to identify dormant threats and indicators of compromise (IOCs), empowering IT and…
Grist Core Flaw Enables Remote Code Execution
A critical security vulnerability known as Cellbreak has been discovered in Grist-Core, an open-source spreadsheet-database platform that uses Pyodide for formula execution. This article has been indexed from CyberMaterial Read the original article: Grist Core Flaw Enables Remote Code Execution
Kontigo Stablecoin Bank Hit By Cyberattack
US neobank Kontigo recently experienced a cybersecurity breach involving an authentication flaw that resulted in the theft of over 340,000 USDT from 1,005 user accounts. This article has been indexed from CyberMaterial Read the original article: Kontigo Stablecoin Bank Hit…
Cyberattack Disrupts Dresden Museum Systems
Germany’s Dresden State Art Collections has been targeted by a cyberattack that has disrupted its digital infrastructure and phone services. This article has been indexed from CyberMaterial Read the original article: Cyberattack Disrupts Dresden Museum Systems
Inverclyde Schools Offline After Phishing
Inverclyde schools and nurseries lost internet connectivity on Monday after a phishing attack compromised a senior education official’s email account. This article has been indexed from CyberMaterial Read the original article: Inverclyde Schools Offline After Phishing
Google Updates Android Theft Protection
Google has implemented advanced authentication protocols and recovery systems designed to deter smartphone theft and protect sensitive owner data. This article has been indexed from CyberMaterial Read the original article: Google Updates Android Theft Protection
US Sentences Chinese National for Role in $36.9 Million Crypto Scam
A Chinese national has been sentenced for his role in a massive $36.9 million cryptocurrency scam operated from… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: US Sentences Chinese…
The UK Threat Landscape Is Shifting. And Many Security Teams Are Looking the Wrong Way.
For years, ransomware dominated the UK cyber risk conversation. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16 percent of all recorded attacks across the region. But the most striking change…
Celebrating Check Point’s 2025 Americas Partner Award Winners
At Check Point, our partners are more than collaborators. They are the driving force behind our customers’ success, our innovation, and our ability to stay ahead of today’s rapidly evolving cyber threat landscape. This year, we are thrilled to recognize…
Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity
Here’s a peek at AI assistance, phone-to-PC handoff, accessibility improvements, security fixes, and stability updates. The post Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity appeared first on TechRepublic. This article has been indexed from Security Archives…
Patch or perish: Vulnerability exploits now dominate intrusions
Apply fixes within a few hours or face the music, say the pros What good is a fix if you don’t use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of…
MIND Extends DLP Reach to AI Agents
MIND extends its data loss prevention platform to secure agentic AI, enabling organizations to discover, monitor, and govern AI agents in real time to prevent sensitive data exposure, shadow AI risks, and prompt injection attacks. The post MIND Extends DLP…
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories…
IT Security News Hourly Summary 2026-01-29 15h : 5 posts
5 posts were published in the last hour 13:32 : SolarWinds Patches Critical Web Help Desk Vulnerabilities 13:32 : Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups 13:31 : FBI Takes Down RAMP Ransomware Forum 13:9 : ISC…
SolarWinds Patches Critical Web Help Desk Vulnerabilities
The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
FBI Takes Down RAMP Ransomware Forum
The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild” This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Takes Down RAMP Ransomware Forum
ISC Stormcast For Thursday, January 29th, 2026 https://isc.sans.edu/podcastdetail/9786, (Thu, Jan 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, January 29th, 2026…
US Data Breaches Hit Record High but Victim Numbers Decline
Non-profit ITRC says the number of data breaches increased 5% annually to reach a record total in 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: US Data Breaches Hit Record High but Victim Numbers Decline