We are living in an era in which data breaches and cyberattacks are growing exponentially and frequently dominate news headlines. The simple and humble password — since its inception — has repeatedly proven to be difficult to secure against modern,…
Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach…
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
A new spear-phishing campaign known as Operation Poseidon has emerged, exploiting Google’s advertising infrastructure to distribute EndRAT malware while evading traditional security measures. he attack leverages legitimate ad click tracking domains to disguise malicious URLs, making them appear as trustworthy…
Broker who sold malware to the FBI set for sentencing
Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.… This article has…
IT Security News Hourly Summary 2026-01-19 18h : 6 posts
6 posts were published in the last hour 16:36 : NDSS 2025 – BitShield: Defending Against Bit-Flip Attacks On DNN Executables 16:36 : Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems 16:36 : Researchers Uncover PDFSIDER Malware Built…
NDSS 2025 – BitShield: Defending Against Bit-Flip Attacks On DNN Executables
Session 9B: DNN Attack Surfaces Authors, Creators & Presenters: Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang…
Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems
Nicholas Moore, a 24-year-old Tennessee man, pleaded guilty to using stolen credentials of authorized users to hack into computer systems of the Supreme Court, VA, and AmeriCorps, obtaining sensitive information and then posting it online to his Instagram account. The…
Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access
New malware PDFSIDER enables covert, long-term access to compromised systems via advanced techniques This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access
Prompt Injection Defense Architecture: Sandboxed Tools, Allowlists, and Typed Calls
Why Prompt Injection Keeps Winning in Production Most prompt injection incidents follow the same pattern: The model reads untrusted instructions (user text, RAG chunks, web pages, PDFs, emails). Those instructions impersonate authority: “Ignore the rules… call this tool… send this…
Microsoft Issues Emergency Fix After Some Windows 11 Systems Can’t Shut Down
The fix is for a bug that prevents some systems from shutting down, while another bug that prevents hibernation has no workaround yet. The post Microsoft Issues Emergency Fix After Some Windows 11 Systems Can’t Shut Down appeared first on…
Rogue agents and shadow AI: Why VCs are betting big on AI security
Misaligned agents are just one layer of the AI security challenge that startup Witness AI is trying to solve. It detects employee use of unapproved tools, blocking attacks, and ensuring compliance. This article has been indexed from Security News |…
StealC malware control panel flaw leaks details on active attacker
Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and…
European Authorities Identify Black Basta Suspects as Ransomware Group Collapses
Two Ukrainians are now under suspicion of aiding Black Basta, a ransomware network tied to Russia, after joint work by police units in Ukraine and Germany – this step adds pressure on the hacking group’s operations. The man believed…
UAE Banks Ditch SMS OTPs for Biometric App Authentication
UAE banks have discontinued SMS-based one-time passwords (OTPs) for online transactions from January 6, 2026, moving customers to app-based and biometric authentication as part of a wider security overhaul led by the Central Bank of the UAE. This marks…
Russian Hacktivists Intensify Disruptive Cyber Pressure on UK Orgs
UK NCSC warned of disruptive cyber attacks by Russian hacktivists targeting critical infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Hacktivists Intensify Disruptive Cyber Pressure on UK Orgs
Cyber Briefing: 2026.01.19
CrashFix ClickFix, StackWarp AMD VM flaw, GootLoader ZIP evasion, major ransomware and regulator breaches, Black Basta crackdown, and quantum cyber tools. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.19
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking
The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices. The post TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: TP-Link Patches…
Plaso / log2timeline
A forensic framework for generating super timelines by aggregating and normalizing events from multiple evidence sources. This article has been indexed from CyberMaterial Read the original article: Plaso / log2timeline
Visual Studio Code Abused in Sophisticated Multistage Malware Attacks
A newly analyzed campaign dubbed “Evelyn Stealer” is turning the Visual Studio Code (VSC) extension ecosystem into an attack delivery platform, enabling threat actors to compromise software developers and pivot deeper into enterprise environments. The campaign abuses seemingly legitimate extensions…
1-15 January 2026 Cyber Attacks Timeline
And I am back with the 1-15 January 2026 cyber attacks timeline. In the first timeline of January 2026, I collected 61 events (4.07 events/day) with a threat landscape dominated by malware with 36%, a direct comparison with the previous…
At Davos, Cybersecurity Is a Leadership Imperative
As leaders gather at the World Economic Forum Annual Meeting 2026, Fortinet highlights why cybersecurity is now a leadership imperative driven by systemic risk, AI, and the need for collective defense. This article has been indexed from Industry Trends…
Free Converter Apps that Convert your Clean System to Infected in Seconds
Malicious file converter applications distributed through deceptive advertisements are infecting thousands of systems with persistent remote access trojans (RATs). These seemingly legitimate productivity tools perform their advertised functions while secretly installing backdoors that give attackers continuous access to victim computers.…
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user install…
Canadian Investment Watchdog Breach
The Canadian Investment Regulatory Organization recently announced that a sophisticated phishing attack in August 2025 led to a data breach affecting 750,000 people. This article has been indexed from CyberMaterial Read the original article: Canadian Investment Watchdog Breach