The Iran-linked MuddyWater Advanced Persistent Threat group has launched a sophisticated spear-phishing campaign targeting diplomatic, maritime, financial, and telecom sectors across the Middle East. The threat actors are using weaponized Word documents to deliver a new Rust-based malware called RustyWater,…
Fake Fortinet Sites Steal VPN Credentials in Sophisticated Phishing Attack
A new and sophisticated phishing campaign is targeting remote workers and IT administrators by impersonating the official Fortinet VPN download portal. This attack is particularly dangerous because it leverages search engine optimization (SEO) and, alarmingly, AI-generated search summaries to lure…
Cyber Threats Targeting Australia and New Zealand Fueled by Initial Access Sales, and Ransomware Campaigns
The cyber threat environment across Australia and New Zealand has entered a critical phase throughout 2025, with threat actors orchestrating increasingly sophisticated attacks centered on the sale of compromised network access. The Cyble Research and Intelligence Labs documented 92 instances…
Threat Actors Attacking Systems with 240+ Exploits Before Ransomware Deployment
Between December 25–28, a single threat actor conducted a large-scale scanning campaign, testing over 240 different exploits against internet-facing systems and collecting data on every vulnerable target found. This reconnaissance operation, operating from two IP addresses linked to CTG Server…
IT Security News Hourly Summary 2026-01-09 18h : 17 posts
17 posts were published in the last hour 16:32 : X Didn’t Fix Grok’s ‘Undressing’ Problem. It Just Makes People Pay for It 16:32 : pcTattletale founder pleads guilty as US cracks down on stalkerware 16:32 : Putinswap: France trades…
X Didn’t Fix Grok’s ‘Undressing’ Problem. It Just Makes People Pay for It
X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website. This article has been indexed from Security Latest Read the original…
pcTattletale founder pleads guilty as US cracks down on stalkerware
After years of security failures and partner-spying marketing, pcTattletale’s founder has pleaded guilty in a rare US federal stalkerware case. This article has been indexed from Malwarebytes Read the original article: pcTattletale founder pleads guilty as US cracks down on…
Putinswap: France trades alleged ransomware crook for conflict researcher
Basketball player accused of aiding cybercrime gang extradition blocked in exchange for Swiss NGO consultant France has released an alleged ransomware crook wanted by the US in exchange for a conflict researcher imprisoned in Russia.… This article has been indexed…
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained
On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two…
AI Deception Is Here: What Security Teams Must Do Now
Recent research shows that deception can emerge instrumentally in goal-directed AI agents. This means deception can arise as a side effect of goal-seeking, persisting even after safety training and often surfacing in multi-agent settings. In controlled studies, systems like Meta’s…
Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns—and They’re Everywhere
Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any AppSec leader if they have IDOR issues, and most would readily admit they do. But here’s the uncomfortable truth:…
The New Weak Link in Compliance Isn’t Code – It’s Communication
Cybersecurity has never been only a technical problem, but the balance of what truly makes an organization secure has shifted dramatically. For years, the industry assumed the greatest dangers lived in code — in vulnerable servers, old libraries, unpatched systems,…
BitLocker Ransomware Attack Cripples Romanian Water Authority’s IT Systems
Romania’s national water management authority, Administrația Națională Apele Române (Romanian Waters), was targeted in a sophisticated ransomware attack on December 20, 2025, compromising approximately 1,000 IT systems across the organization. The cyberattack affected 10 of the country’s 11 regional…
Okta Report: Pirates of Payrolls Attacks Plague Corporate Industry
IT helps desks be ready for an evolving threat that sounds like a Hollywood movie title. In December 2025, Okta Threat Intelligent published a report that explained how hackers can gain unauthorized access to payroll software. These threats are infamous…
WebRAT Malware Spreads Through Fake GitHub Exploit Repositories
The WebRAT malware is being distributed through GitHub repositories that falsely claim to host proof-of-concept exploits for recently disclosed security vulnerabilities. This marks a shift in the malware’s delivery strategy, as earlier campaigns relied on pirated software and cheats…
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations
Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North…
AWS named Leader in the 2025 ISG report for Sovereign Cloud Infrastructure Services (EU)
For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 8, 2026. ISG is a…
Telecom sector sees steady rise in ransomware attacks
A new threat intelligence report described a potent mixture of unpatched flaws and lax perimeter controls. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Telecom sector sees steady rise in ransomware attacks
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records
A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the…
London council cyber attack exposes personal data and highlights risks of shared public-sector IT
A cyber attack on shared IT systems used by several London councils has resulted in the theft of personal data relating to thousands of residents, raising renewed concerns about the resilience of local government cyber security and the risks posed…
QR codes a powerful new phishing weapon in hands of Pyongyang cyberspies
State-backed attackers are using QR codes to slip past enterprise security and help themselves to cloud logins, the FBI says North Korean government hackers are turning QR codes into credential-stealing weapons, the FBI has warned, as Pyongyang’s spies find new…
In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k
Other noteworthy stories that might have slipped under the radar: Jaguar Land Rover sales crash, hundreds of gen-AI data policy violations, and Chinese cyberattacks against Taiwan intensified. The post In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails,…
Mistral AI Wins French Military Deal
France’s Ministry of the Armed Forces has taken a significant step to deepen its use of AI by awarding a framework agreement to French firm Mistral AI. The post Mistral AI Wins French Military Deal appeared first on TechRepublic. This…
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical OWASP CRS flaw allows encoded XSS attacks to bypass WAF charset validation. The post OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…