U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws…
AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk
AI agents are booking travel at scale. Learn how to enable agentic commerce, stop agent hijacking and loyalty fraud, and protect your revenue. The post AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk appeared first…
WhatsApp-Based Astaroth Banking Trojan Targets Brazilian Users in New Malware Campaign
A fresh look at digital threats shows malicious software using WhatsApp to spread the Astaroth banking trojan, mainly affecting people in Brazil. Though messaging apps are common tools for connection, they now serve attackers aiming to steal financial data.…
Cyber Briefing: 2026.01.27
Malicious Chrome and VS Code tools spread phishing, ClickFix abuses Windows, breach claims rise, AI content probes grow, and surveillance expands. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.27
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025,…
Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without…
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than…
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of…
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as “G_Wagon,” employs multi-stage obfuscation techniques to extract browser credentials, cryptocurrency wallets, cloud authentication keys,…
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork…
5 steps to approach BYOD compliance policies
<p>Endpoint usage policies must evolve as user behavior, device ownership models and regulatory expectations continue to shift. BYOD endpoints present especially complicated challenges for organizations, which have to ensure all endpoints meet data privacy and security regulations, despite not owning…
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork. The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first on SecurityWeek. This article has been indexed from…
India Cracks Down on Grok’s AI Image Misuse
The Ministry of Electronics and Information Technology (MeitY) of India has found that the latest restrictions on Grok’s image generation tool by X are not adequate to prevent obscene content. The platform, owned by Elon Musk, restricted the controversial…
Looking Beyond the Hype Around AI Built Browser Projects
Cursor, the company that provides an artificial intelligence-integrated development environment, recently gained attention from the industry after suggesting that it had developed a fully functional browser using its own artificial intelligence agents, which is known as the Cursor AI-based development…
Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS
Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded…
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on…
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. “Instead of launching PowerShell directly, the attacker uses this script to…
Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack
Keeper Security’s new Slack integration extends secure, policy-driven access governance into the platform. Slack serves as one of the most popular and widely used collaboration platforms in the world for organisations of all sizes. It has a strong adoption across…
NICE Actimize Insights Network combats fraudulent transfers
NICE Actimize launched Actimize Insights Network, an intelligence network designed to give financial institutions real-time visibility into counterparty risk. Leveraging insights from its Fraud and Financial Crime network, the Actimize Insights Network delivers the scale and precision needed to prevent…
China Hacked Downing Street Phones
British media reports indicate that Chinese state-sponsored hackers allegedly targeted the mobile phones of senior aides to multiple UK prime ministers over several years. This article has been indexed from CyberMaterial Read the original article: China Hacked Downing Street Phones
Nova Claims Hack Of KPMG Denied
KPMG has addressed allegations from the Nova hacking collective regarding a purported data breach of its Dutch operations. This article has been indexed from CyberMaterial Read the original article: Nova Claims Hack Of KPMG Denied
Waltio Faces Ransom Threat From Hackers
French crypto tax platform Waltio is currently facing a data extortion threat from the hacking collective ShinyHunters, which claims to have stolen personal information belonging to approximately 50,000 users. This article has been indexed from CyberMaterial Read the original article:…
EU Probes X Over Grok Sexual Images
The European Commission has initiated a formal investigation into X under the Digital Services Act to determine if the platform failed to assess the risks of its Grok AI tool before deployment. This article has been indexed from CyberMaterial Read…
Landmark Trial Tests Social Media Harm
A Los Angeles jury is now considering whether platforms like Instagram and TikTok are directly responsible for causing mental health disorders in teenagers. This article has been indexed from CyberMaterial Read the original article: Landmark Trial Tests Social Media Harm