British authorities have officially introduced Report Fraud, a central national service designed to modernize how the public reports cybercrime and improve subsequent police investigations. This article has been indexed from CyberMaterial Read the original article: UK Launches New Report Fraud…
eBay Bans Illicit Automated Shopping
eBay recently updated its User Agreement to explicitly forbid unauthorized third-party buy-for-me agents and AI chatbots from placing orders on its platform. This article has been indexed from CyberMaterial Read the original article: eBay Bans Illicit Automated Shopping
Building Cyber Readiness Early: Why Youth Education Is a Security Imperative
Cyber security is often framed as a problem for enterprises, governments, and seasoned professionals. But by the time organizations begin searching for talent, the damage has often already been done. Threat actors don’t wait for workforce pipelines to catch up…
Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds
A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real time. Security researchers discovered that cybercriminals are now leveraging generative AI…
Top 10 Best Data Security Companies in 2026
Data security companies are essential in 2026 for protecting sensitive information amid rising cyber threats and complex cloud environments. In 2026, data security has become a top priority for organizations of all sizes as cyber threats, regulatory pressure, and cloud…
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
Other noteworthy stories that might have slipped under the radar: Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program The post In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice appeared…
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet Confirms…
Teaching Cyber: Building the Bridge Between Education and Industry
A practical roadmap for preparing the next generation of cybersecurity professionals through education–industry collaboration. This article has been indexed from CyberMaterial Read the original article: Teaching Cyber: Building the Bridge Between Education and Industry
IT Security News Hourly Summary 2026-01-23 15h : 12 posts
12 posts were published in the last hour 13:34 : Phishers Abuse SharePoint in New Campaign Targeting Energy Sector 13:34 : Kimwolf Botnet Hijacks 1.8M Android Devices for DDoS Chaos 13:7 : New Watering Hole Attacking EmEditor User with Stealer…
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Kimwolf Botnet Hijacks 1.8M Android Devices for DDoS Chaos
The Kimwolf botnet is one of the largest recently found Android-based threats, contaminating over 1.8 million devices mostly Android TV boxes and IoT devices globally. Named after its reliance on the wolfSSL library, this malware appeared in late October 2025 when…
New Watering Hole Attacking EmEditor User with Stealer Malware
A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the software’s official download page fell victim to a compromise that allowed attackers to distribute malicious…
76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day…
Microsoft to Add Brand Impersonation Protection Warning to Teams Calls
A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later.…
Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports
Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency. Node.js has implemented a new threshold for vulnerability report submissions through its HackerOne program, mandating…
New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users
A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multiple custom phishing kits available on an as-a-service basis that criminals…
Fortinet admits FortiGate SSO bug still exploitable despite December patch
Fix didn’t quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully…
Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements
Cyber regulations are where politics meets business – where business becomes subject to political realities. The post Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
Let’s get something out of the way: retrospectives can feel a bit like mandatory fun. Someone gathers up the year’s events, packages them into neat categories, and delivers “key takeaways” that land somewhere between obvious and forgettable. This is not…
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made…
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. “In the last 24 hours, we have identified a number of cases where the exploit…
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters claim more data breaches and leaks are coming soon! This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa…
More than half of former UK employees still have access to company spreadsheets, study finds
More than half of UK employees retain access to company spreadsheets they no longer need, leaving sensitive business data exposed long after people change roles or leave organisations, according to new research from privacy technology company Proton. The study, based…