Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet Confirms…
Teaching Cyber: Building the Bridge Between Education and Industry
A practical roadmap for preparing the next generation of cybersecurity professionals through education–industry collaboration. This article has been indexed from CyberMaterial Read the original article: Teaching Cyber: Building the Bridge Between Education and Industry
IT Security News Hourly Summary 2026-01-23 15h : 12 posts
12 posts were published in the last hour 13:34 : Phishers Abuse SharePoint in New Campaign Targeting Energy Sector 13:34 : Kimwolf Botnet Hijacks 1.8M Android Devices for DDoS Chaos 13:7 : New Watering Hole Attacking EmEditor User with Stealer…
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Kimwolf Botnet Hijacks 1.8M Android Devices for DDoS Chaos
The Kimwolf botnet is one of the largest recently found Android-based threats, contaminating over 1.8 million devices mostly Android TV boxes and IoT devices globally. Named after its reliance on the wolfSSL library, this malware appeared in late October 2025 when…
New Watering Hole Attacking EmEditor User with Stealer Malware
A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the software’s official download page fell victim to a compromise that allowed attackers to distribute malicious…
76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day…
Microsoft to Add Brand Impersonation Protection Warning to Teams Calls
A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later.…
Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports
Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency. Node.js has implemented a new threshold for vulnerability report submissions through its HackerOne program, mandating…
New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users
A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multiple custom phishing kits available on an as-a-service basis that criminals…
Fortinet admits FortiGate SSO bug still exploitable despite December patch
Fix didn’t quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully…
Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements
Cyber regulations are where politics meets business – where business becomes subject to political realities. The post Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
Let’s get something out of the way: retrospectives can feel a bit like mandatory fun. Someone gathers up the year’s events, packages them into neat categories, and delivers “key takeaways” that land somewhere between obvious and forgettable. This is not…
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made…
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. “In the last 24 hours, we have identified a number of cases where the exploit…
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters claim more data breaches and leaks are coming soon! This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa…
More than half of former UK employees still have access to company spreadsheets, study finds
More than half of UK employees retain access to company spreadsheets they no longer need, leaving sensitive business data exposed long after people change roles or leave organisations, according to new research from privacy technology company Proton. The study, based…
Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information. The breach is believed to have…
Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial Intelligence
The Supreme Court’s review of United States v. Chatrie puts geofence warrants and mass digital data seizures under Fourth Amendment scrutiny, raising urgent questions about particularity, AI-driven searches, and constitutional limits in the digital age. The post Mass Data, Mass…
AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools…
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords This article has been indexed from www.infosecurity-magazine.com Read the original article: Under Armour Investigates Data Breach…
HPE Alletra and Nimble Storage Vulnerability Grants Admin Access to Remote Attacker
A critical privilege escalation vulnerability affecting multiple storage platforms could allow remote attackers to gain administrative access without physical interaction. The flaw, tracked as CVE-2026-23594, impacts HPE Alletra 6000, Alletra 5000, and Nimble Storage arrays running vulnerable firmware versions. The…
TrustAsia Revoked 143 Certificates Following LiteSSL ACME Service Vulnerability
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a vulnerability in its LiteSSL ACME service. The flaw allowed for the improper reuse of domain validation data across different ACME accounts, prompting an immediate suspension of issuance services and…