Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enable cross-site scripting, authorization bypass, and denial of service in selfmanaged instances. The latest patch releases, GitLab 18.7.1, 18.6.3, and 18.5.5, address these security…
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to…
IT Security News Hourly Summary 2026-01-08 09h : 4 posts
4 posts were published in the last hour 7:36 : Three Malicious NPM Packages Attacking Developers to Steal Login Credentials 7:36 : Ni8mare Vulnerability Let Attackers Hijack n8n Servers – Exploit Released With 26,512 Vulnerable Hosts 7:36 : Cybercriminals are…
Three Malicious NPM Packages Attacking Developers to Steal Login Credentials
Three malicious npm packages are targeting JavaScript developers to steal browser logins, API keys, and cryptocurrency wallet data. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, were uploaded to the public npm registry and posed as tools linked to the popular…
Ni8mare Vulnerability Let Attackers Hijack n8n Servers – Exploit Released With 26,512 Vulnerable Hosts
A critical unauthenticated remote code execution vulnerability discovered in n8n, the popular workflow automation platform, exposes an estimated 100,000 servers globally to complete takeover. Tracked as CVE-2026-21858 with a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to…
Cybercriminals are scaling phishing attacks with ready-made kits
Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in…
StackRox: Open-source Kubernetes security platform
Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open…
Cloudflare pours cold water on ‘BGP weirdness preceded US attack on Venezuela’ theory
Suggests rotten routing, not evidence of a cyber-strike before kinetic action Cloudflare has poured cold water on a theory that the USA’s incursion into Venezuela coincided with a cyberattack on telecoms infrastructure.… This article has been indexed from The Register…
Passwords are where PCI DSS compliance often breaks down
Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the…
What happens to insider risk when AI becomes a coworker
In this Help Net Security video, Ashley Rose, CEO at Living Security, discusses how AI is changing insider risk. AI is now built into daily work across departments, which shifts how risk shows up and how security teams should respond.…
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below…
Voice cloning defenses are easier to undo than expected
Many voice protection tools promise to block cloning by adding hidden noise to speech. Researchers at a Texas university found that widely used voice protection methods can be stripped away, restoring speaker identity and allowing fake voices to pass automated…
IT Security News Hourly Summary 2026-01-08 06h : 2 posts
2 posts were published in the last hour 4:13 : Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit 4:13 : Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts
Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit
Hackers are exploiting VMware ESXi instances in the wild with a zero-day exploit toolkit that chains multiple vulnerabilities for VM escapes. Cybersecurity firm Huntress disrupted one such attack, attributing initial access to a compromised SonicWall VPN. Threat actors gained a…
Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts
Secure your MCP deployments with quantum-resistant integrity verification. Learn how to protect machine-to-machine model contexts from future quantum threats. The post Quantum-Durable Integrity Verification for Machine-to-Machine Model Contexts appeared first on Security Boulevard. This article has been indexed from Security…
Spotify Data Scraping Incident Raises Questions on Copyright, Security, and Digital Preservation
A large collection of data reportedly taken from Spotify has surfaced online, drawing attention to serious issues around copyright protection, digital security, and large-scale data misuse. The dataset, which is estimated to be close to 300 terabytes in size,…
Government Flags WhatsApp Account Bans as Indian Number Misuse Raises Cyber Fraud Concerns
The Indian government has expressed concern over WhatsApp banning an average of nearly 9.8 million Indian accounts every month until October, amid fears that Indian mobile numbers are being widely misused for scams and cybercrime. Officials familiar with the…
ISC Stormcast For Thursday, January 8th, 2026 https://isc.sans.edu/podcastdetail/9758, (Thu, Jan 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, January 8th, 2026…
2026-01-07: MassLogger infection from email attachment
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-01-07: MassLogger infection from email attachment
Analysis using Gephi with DShield Sensor Data, (Wed, Jan 7th)
I'm always looking for new ways of manipulating the data captured by my DShield sensor [1]. This time I used Gephi [2] and Graphiz [3] a popular and powerful tool for visualizing and exploring relationships between nodes, to examine the…
IT Security News Hourly Summary 2026-01-08 00h : 10 posts
10 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-01-07 22:36 : IBM’s AI agent Bob easily duped to run malware, researchers show 22:36 : NDSS 2025 – A Multifaceted Study On The Use…
IT Security News Daily Summary 2026-01-07
158 posts were published in the last hour 22:36 : IBM’s AI agent Bob easily duped to run malware, researchers show 22:36 : NDSS 2025 – A Multifaceted Study On The Use of TLS And Auto-detect In Email Ecosystems 22:36…
IBM’s AI agent Bob easily duped to run malware, researchers show
Prompt injection lets risky commands slip past guardrails IBM describes its coding agent thus: “Bob is your AI software development partner that understands your intent, repo, and security standards.” Unfortunately, Bob doesn’t always follow those security standards.… This article has…
NDSS 2025 – A Multifaceted Study On The Use of TLS And Auto-detect In Email Ecosystems
Session 8A: Email Security Authors, Creators & Presenters: Ka Fun Tang (The Chinese University of Hong Kong), Che Wei Tu (The Chinese University of Hong Kong), Sui Ling Angela Mak (The Chinese University of Hong Kong), Sze Yiu Chau (The…