In yesterday's podcast, I mentioned “tailsnitch”, a new tool to audit Tailscale configurations. Tailscale is an easy-to-use overlay to Wireguard. It is probably best compared to STUN servers in VoIP in that it allows devices behind NAT to connect directly…
Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Server
A critical path traversal vulnerability has been discovered in AdonisJS’s multipart file handling, potentially allowing remote attackers to write arbitrary files to server locations outside the intended upload directory. The vulnerability, tracked as CVE-2026-21440, affects @adonisjs/bodyparser versions through 10.1.1 and…
New n8n Vulnerability Allows Attackers to Execute Arbitrary Commands
A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems. The flaw, tracked as CVE-2025-68668, affects all n8n versions from 1.0.0 to 1.999.999 and…
Threat Actors Exploit Office Assistant to Deliver Malicious Mltab Browser Plugin
A sophisticated malware campaign has been discovered exploiting Office Assistant, a widely used AI-powered productivity software in China, to distribute a malicious browser plugin that hijacks user traffic and exfiltrates sensitive information. The RedDrip Team from QiAnXin Technology’s Threat Intelligence…
Copilot, Recall, and Other AI Tools Can Be Removed from Windows 11 with New Tool
A new community tool is giving Windows 11 users far more control over Microsoft’s growing stack of AI features. An open‑source project called RemoveWindowsAI now lets administrators and power users disable or strip out components such as Copilot, Recall, and other AI…
CloudEyE MaaS Downloader and Cryptor Infects Over 100,000 Users Globally
ESET Research has uncovered a significant surge in CloudEye malware detections, with a 30-fold increase in the second half of 2025. The security firm detected more than 100,000 infection attempts over the six months, signaling a widespread threat affecting organizations…
Fake Windows BSODs check in at Europe’s hotels to con staff into running malware
Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls Russia-linked hackers are sneaking malware into European hotels and other hospitality outfits by tricking staff into installing it themselves through fake Windows Blue Screen of Death (BSOD) crashes.……
Researchers Trap Scattered Lapsus$ Hunters in Honeypot
Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers. The post Researchers Trap Scattered Lapsus$ Hunters in Honeypot appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Turning AI Risk Awareness Into Robust AI Governance | Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Turning AI Risk Awareness Into Robust AI Governance | Kovrr appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Cloud File Sharing Sites Targeted For Theft
AI-powered coding tools like Cursor and Trae are vulnerable to supply chain attacks because they recommend extensions that do not exist on the Open VSX registry. This article has been indexed from CyberMaterial Read the original article: Cloud File Sharing…
NordVPN Denies Breach After Data Leak
The incident began when a hacker posted on a cybercrime forum claiming to have compromised a development server containing sensitive internal data. This article has been indexed from CyberMaterial Read the original article: NordVPN Denies Breach After Data Leak
Brightspeed Probes Possible Cyberattack
Brightspeed is currently looking into reports of a data breach following claims from a hacking group known as Crimson Collective regarding the theft of customer records. This article has been indexed from CyberMaterial Read the original article: Brightspeed Probes Possible…
Ledger Customers Hit By Global E Breach
Ledger recently notified customers that their personal information was leaked following a security breach at Global-e, a third-party payment processor used for transactions on Ledger’s website. This article has been indexed from CyberMaterial Read the original article: Ledger Customers Hit…
Bitfinex Hack Perpetrator Freed Early
Ilya Lichtenstein was originally sentenced to five years in prison for orchestrating a massive money laundering conspiracy following the theft of nearly 120,000 bitcoin. This article has been indexed from CyberMaterial Read the original article: Bitfinex Hack Perpetrator Freed Early
IT Security News Hourly Summary 2026-01-06 15h : 7 posts
7 posts were published in the last hour 14:2 : Resecurity Went on the Cyber Offensive – When ‘Shiny Objects’ trick ‘Shiny Hunters’ 14:2 : Critical Dolby Vulnerability Patched in Android 14:2 : 3.5 Million Students Impacted in US College…
Resecurity Went on the Cyber Offensive – When ‘Shiny Objects’ trick ‘Shiny Hunters’
Resecurity released 105 pages with 1,000+ messages tied to hacker John Erin Binns, detailing contacts with an unnamed woman in Turkey and an associate called “S.M.” Resecurity released 105 pages containing over 1,000 messages related to John Erin Binns, a…
Critical Dolby Vulnerability Patched in Android
The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek. This article has been indexed from…
3.5 Million Students Impacted in US College Data Breach
Several significant cyber security breaches have prompted a growing data security crisis for one of the largest private higher education institutions in the United States. University of Phoenix, an established for-profit university located in Phoenix, Arizona, has suffered an extensive…
San Francisco Power Outage Brings Waymo Robotaxi Services to a Halt
A large power outage across San Francisco during the weekend disrupted daily life in the city and temporarily halted the operations of Waymo’s self-driving taxi service. The outage occurred on Saturday afternoon after a fire caused serious damage at…
Sophisticated ClickFix Campaign Targeting Hospitality Sector
Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections. The post Sophisticated ClickFix Campaign Targeting Hospitality Sector appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Dec Recap: New AWS Privileged Permissions and Services
As December 2025 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a continued expansion of cloud privilege. This month’s updates span identity, observability, AI, and managed service infrastructure, with changes across CloudWatch, CloudFront, Bedrock, EKS,…
Guardrails Make AI-Assisted Development Safer By Design
AI coding assistants are rapidly becoming part of everyday software development. From generating boilerplate code to suggesting entire dependency stacks, these tools promise faster delivery and higher productivity. The post Guardrails Make AI-Assisted Development Safer By Design appeared first on…
Tiny 3D-printed light cages could unlock the quantum internet
A new chip-based quantum memory uses nanoprinted “light cages” to trap light inside atomic vapor, enabling fast, reliable storage of quantum information. The structures can be fabricated with extreme precision and filled with atoms in days instead of months. Multiple…
CloudEyE MaaS Downloader and Cryptor Infects 100,000+ Users Worldwide
A dangerous malware campaign has emerged across Central and Eastern Europe, causing widespread concern among cybersecurity professionals and organizations. CloudEyE, a Malware-as-a-Service downloader and cryptor, has rapidly gained traction among threat actors seeking to distribute other harmful malware payloads. In…