<p>Who should the chief information security officer report to? It depends on whom you ask and on what the organization wants to accomplish by having a CISO in the first place.</p> <p>That said, for the majority of organizations, it’s critical…
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The…
IT Security News Hourly Summary 2026-01-08 21h : 7 posts
7 posts were published in the last hour 19:32 : AI and the Future of Work: 5 Predictions for 2026 19:31 : GenDigital Research Exposes AuraStealer Infostealer Tactics 19:31 : Critics pan spyware maker NSO’s transparency claims amid its push…
AI and the Future of Work: 5 Predictions for 2026
Experts predict 2026 will bring less AI hype and more governance, delayed enterprise spending, AI moving into OT, smarter cyberattacks, and faster cooling tech. The post AI and the Future of Work: 5 Predictions for 2026 appeared first on TechRepublic.…
GenDigital Research Exposes AuraStealer Infostealer Tactics
GenDigital researchers reveal how AuraStealer uses advanced evasion and a MaaS model to steal data from Windows systems. The post GenDigital Research Exposes AuraStealer Infostealer Tactics appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Critics pan spyware maker NSO’s transparency claims amid its push to enter US market
The infamous spyware maker released a new transparency report claiming to be a responsible spyware maker, without providing insight into how the company dealt with problematic customers in the past. This article has been indexed from Security News | TechCrunch…
Resolutions, shmesolutions (and what’s actually worked for me)
Talos’ editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical…
Internet collapses in Iran amid protests over economic crisis
Internet monitoring firms and experts say Iran’s internet has almost completely shut down, as protests spread through major cities. This article has been indexed from Security News | TechCrunch Read the original article: Internet collapses in Iran amid protests over…
What tools help reduce fraud or friendly fraud for online businesses?
A customer buys. You ship. Everyone seems happy. Then, a few weeks later, you get a chargeback. Or you notice the same card being tried again and again in a few seconds, failing at first and then working. It can…
Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit
No reports of active exploitation … yet Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information – and warned that a…
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…
US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case
A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his “best friend,” even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP…
How to Protest Safely in the Age of Surveillance
Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest. This article has been indexed from Security Latest Read the original article: How to…
Shinhan Card Probes Internal Data Leak Affecting About 190,000 Merchants
Shinhan Card, South Korea’s largest credit card issuer, said on December 23 that personal data linked to about 190,000 merchant representatives was improperly accessed and shared by employees over a three year period, highlighting ongoing concerns around internal data…
Personal and Health Information of 22.6 Million Aflac Clients Stolen in Cyberattack
At the start of 2026, a significant cybersecurity breach that was disclosed heightened awareness of digital vulnerabilities within the American insurance industry, after Aflac, one of the largest supplemental insurance providers in the country, confirmed that a sophisticated cyberattack,…
Microsoft Introduces Hardware-Accelerated BitLocker to Boost Windows 11 Security and Performance
Microsoft is updating Windows 11 with hardware-accelerated BitLocker to improve both data security and system performance. The change enhances full-disk encryption by shifting cryptographic work from the CPU to dedicated hardware components within modern processors, helping systems run more…
Google Testing ‘Contextual Suggestions’ Feature for Wider Android Rollout
Google is reportedly preparing to extend a smart assistance feature beyond its Pixel smartphones to the wider Android ecosystem. The functionality, referred to as Contextual Suggestions, closely resembles Magic Cue, a software feature currently limited to Google’s Pixel 10…
ChatGPT Health: A New Secure Space for Trusted Health and Medical Conversations
ChatGPT Health is launching as a dedicated health-focused version of ChatGPT that combines personalized health data with stronger privacy and security controls to support not replace conversations with clinicians. The new experience isolates health chats, encrypts data with additional protections, and allows users to securely connect medical…
Cisco ISE Vulnerability Enables Access to Sensitive Data
Cisco has disclosed a new XML External Entity (XXE) vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow authenticated attackers with administrative access to read sensitive data from the underlying operating system.…
Trump Signals Possible Cyber Involvement in Caracas Power Loss During Maduro Extraction
President Donald Trump has strongly hinted that the United States used offensive cyber capabilities to help plunge Caracas into darkness during the operation to capture Venezuelan leader Nicolás Maduro an unusually public nod to U.S. cyber power. The blackout, which coincided with pre-dawn…
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices
New research has uncovered a sophisticated phishing campaign that abuses DocuSign’s brand to deliver Vidar malware and infect Windows systems. The operation uses a realistic phishing site, a fake signed installer, access-code checks, and timebased execution barriers to evade both users and automated analysis. DocuSign-themed phishing…
New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys
In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access tokens. The technique, dubbed “ConsentFix”…
Cisco ISE Flaw Lets Admins Access Restricted System Files
A Cisco ISE flaw lets authenticated admins access restricted system files, risking sensitive data exposure. The post Cisco ISE Flaw Lets Admins Access Restricted System Files appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Hitachi Energy Asset Suite
View CSAF Summary Hitachi Energy is aware of a Jasper Report vulnerability that affects the Asset Suite product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product.…