Security researchers at Okta previously disclosed a social engineering campaign involving custom phishing kits. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Cybercrime group claims credit for voice phishing attacks
ShinyHunters claims 2 Million Crunchbase records; company confirms breach
Crunchbase confirms a data breach after cybercrime group ShinyHunters claims to have stolen over 2 million personal records. Crunchbase confirmed a data breach after the cybercriminal group ShinyHunters claimed to steal over 2 million personal records from its systems. The…
800K+ Telnet Servers Exposed to RCE Attacks – PoC Released
A critical authentication bypass vulnerability in the telnetd component of GNU Inetutils has exposed approximately 800,000 internet-accessible Telnet instances to unauthenticated remote code execution (RCE). Tracked as CVE-2026-24061 with a CVSS score of 9.8, the flaw allows attackers to gain…
Nova Ransomware Allegedly Claiming Breach of KPMG Netherlands
A major accounting firm in the Netherlands has reportedly become the latest victim of Nova, an active ransomware operation. The breach was discovered and indexed by ransomware live on January 23, 2026, with the estimated attack date coinciding with the…
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
More than 20 vulnerabilities were found and patched in Dormakaba physical access control systems. The post Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million…
CISA Releases List of Post-Quantum Cryptography Product Categories
CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Releases List of Post-Quantum Cryptography Product Categories
Federal agencies abruptly pull out of RSAC after organizer hires Easterly
The decision fits a pattern of government withdrawal from the cybersecurity community under the Trump administration. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Federal agencies abruptly pull out of RSAC after organizer…
1Password Launches Pop-Up Alerts to Block Phishing Scams
1Password has introduced a new phishing protection feature that displays pop-up warnings when users visit suspicious websites, aiming to reduce the risk of credential theft and account compromise. This enhancement builds on the password manager’s existing safeguards and responds…
Multi-Stage Phishing Campaign Deploys Amnesia RAT and Ransomware Using Cloud Services
One recently uncovered cyberattack is targeting individuals across Russia through a carefully staged deception campaign. Rather than exploiting software vulnerabilities, the operation relies on manipulating user behavior, according to analysis by Cara Lin of Fortinet FortiGuard Labs. The attack…
Microsoft BitLocker Encryption Raises Privacy Questions After FBI Key Disclosure Case
Microsoft’s BitLocker encryption, long viewed as a safeguard for Windows users’ data, is under renewed scrutiny after reports revealed the company provided law enforcement with encryption keys in a criminal investigation. The case, detailed in a government filing [PDF],…
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. This article has been indexed from Trend Micro Research, News and…
Apple updates AirTag with expanded range and improved findability
Apple has released a new version of its AirTag tracking accessory that extends its connectivity range and improves how items are located. The updated AirTag uses a second-generation Ultra Wideband chip, similar to the chip in the iPhone 17 lineup,…
Cyber Briefing: 2026.01.26
North Korea targets blockchain devs, FortiGate and VMware exploits spread, major breach claims surface, phishing grows, and tech giants probe failures. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.26
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17…
New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL
A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000…
Instagram Investigates Reported Vulnerability Allowing Access to Private Content
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protecting user privacy. Technical Overview According to the disclosure, the vulnerability…
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute…
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities…
Distant entangled atoms acting as one sensor deliver stunning precision
Researchers have demonstrated that quantum entanglement can link atoms across space to improve measurement accuracy. By splitting an entangled group of atoms into separate clouds, they were able to measure electromagnetic fields more precisely than before. The technique takes advantage…
Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports
The curl project ended its bug bounty program in January 2026 because it received too many low-quality and useless bug reports. The decision reflects growing frustration within the open-source security community regarding the unintended consequences of financial incentive structures on…
Get paid to scroll TikTok? The data trade behind Freecash ads
Ads promised up to $35 an hour to watch videos. Instead, users were funneled into mobile games designed to drive spending and collect data. This article has been indexed from Malwarebytes Read the original article: Get paid to scroll TikTok?…
Upwind Raises $250 Million at $1.5 Billion Valuation
The CNAPP company will use the fresh investment to scale its runtime-first cloud security offering across data, AI and code. The post Upwind Raises $250 Million at $1.5 Billion Valuation appeared first on SecurityWeek. This article has been indexed from…
Upwind secures $250 million to expand runtime-first cloud security for AI workloads
Upwind has raised $250 million in Series B funding, bringing its total funding to $430 million. The round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Existing investors include Greylock, Cyberstarts, Leaders Fund, Craft…