A serious security vulnerability in Western Digital’s WD Discovery desktop application has been disclosed, potentially allowing attackers to execute arbitrary code on Windows systems. The flaw, tracked as CVE-2025-30248, affects WD Discovery version 5.2.730 and all prior releases. The security…
CISA releases Secure Connectivity Principles Checklist for Operational Technology Networks Connectivity
The Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have jointly released comprehensive guidance on Secure Connectivity Principles for Operational Technology (OT) environments. Published on January 14, 2026, this framework addresses mounting pressures…
Node.js 25.5.0 Released Update Root Certificates and New Command-Line Flags
Node.js version 25.5.0 was released on January 26, 2026, introducing significant developer-focused enhancements and security updates. The release prioritizes simplified application packaging through a new command-line flag while maintaining cryptographic security standards through updated certificate authorities. The most significant developer…
A WhatsApp bug lets malicious media files spread through group chats
Google’s Project Zero team found that WhatsApp can download a malicious media file without you doing anything at all. This article has been indexed from Malwarebytes Read the original article: A WhatsApp bug lets malicious media files spread through group…
NETSCOUT adds Wi-Fi 7 observability and real-time SSL certificate monitoring
NETSCOUT announced new capabilities that further enhance its observability solutions to address critical gaps in remote site management and risks stemming from expired SSL/TLS certificates. New nGeniusONE solution enhancements support real-time deep packet inspection (DPI) over Ethernet or Wi-Fi 7,…
Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce
A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials—including 4,200 pages of messages that lay out its operations in unprecedented detail. This article has been indexed from Security Latest Read the…
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story. This article has been indexed from Security Latest Read the original article: He Leaked the Secrets of a…
149 million compromised credentials expose growing infostealer malware crisis
A recently discovered online database containing 149 million stolen usernames and passwords has been taken offline after being identified by security researcher Jeremiah Fowler. While the exposure has now been addressed, the scale and nature of the data involved underline…
TikTok narrowly avoids a US ban by spinning up a new American joint venture
TikTok may have avoided a ban, but it didn’t become a different company overnight. Like any other social network, assume your data matters, and share accordingly. This article has been indexed from Malwarebytes Read the original article: TikTok narrowly avoids…
High Court to grill London cops over live facial recognition creep
Victim and Big Brother Watch will argue the Met’s policies are incompatible with human rights law The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live…
WhatsApp Faces Increased EU Oversight
EU designates Meta’s WhatsApp as very large online platform, after Channels feature crosses key usage threshold in the region This article has been indexed from Silicon UK Read the original article: WhatsApp Faces Increased EU Oversight
Samsung To Ship Next-Gen Memory To Nvidia In February
Following delays, Samsung reportedly plans to begin shipping next-gen HBM4 memory chips to Nvidia, AMD in February for use with AI chips This article has been indexed from Silicon UK Read the original article: Samsung To Ship Next-Gen Memory To…
Office zero-day exploited in the wild forces Microsoft OOB patch
Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes. Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real…
Organizations Warned of Exploited Linux Vulnerabilities
The flaws allow threat actors to obtain root privileges or bypass authentication via Telnet and gain shell access as root. The post Organizations Warned of Exploited Linux Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
IT Security News Hourly Summary 2026-01-27 12h : 6 posts
6 posts were published in the last hour 10:34 : Amnesia RAT deployed in multi-stage phishing attacks against Russian users 10:34 : He Who Controls the Key Controls the World – Microsoft “Often” Provides BitLocker Keys to Law Enforcement 10:5…
Amnesia RAT deployed in multi-stage phishing attacks against Russian users
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social…
He Who Controls the Key Controls the World – Microsoft “Often” Provides BitLocker Keys to Law Enforcement
Encryption doesn’t guarantee privacy—key ownership does. This article explains how cloud-stored encryption keys let third parties unlock your data, exposing the hidden risks behind “secure” services like BitLocker and Gmail. The post He Who Controls the Key Controls the World…
France Lower House Approves Social Media Ban
France’s National Assembly approves key measures in social media ban for under-15s amid international momentum for restrictions This article has been indexed from Silicon UK Read the original article: France Lower House Approves Social Media Ban
China-Aligned APTs Use PeckBirdy C&C Framework in Multi-Vector Attacks, Exploiting Stolen Certificates
Since 2023, a dangerous malware framework called PeckBirdy has emerged as a primary weapon used by Chinese-aligned hacking groups. This JavaScript-based tool serves as a command-and-control platform designed to work across multiple system environments, giving attackers remarkable flexibility in how…
Multiple Vulnerabilities in React Server Components Enable DoS Attacks
Multiple critical security vulnerabilities have recently been disclosed in React Server Components, enabling threat actors to launch Denial-of-Service (DoS) attacks against vulnerable servers. The flaws, tracked as CVE-2026-23864 with a CVSS score of 7.5, are due to incomplete patches from…
APT Hackers Attacking Indian Government Using GOGITTER Tool and GITSHELLPAD Malware
Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The campaign, identified as Gopher Strike, emerged in September 2025 and represents a significant…
Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published
A critical vulnerability has been identified in the PyPI-distributed version of PLY (Python Lex-Yacc) 3.11, allowing arbitrary code execution through unsafe deserialization of untrusted pickle files. The vulnerability, assigned CVE-2025-56005, affects the undocumented picklefile parameter in the yacc() function, which remains absent from official…
Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files
Caminho Loader is a new Loader-as-a-Service threat that blends steganography, fileless execution, and cloud abuse to quietly deliver malware across several regions. First seen in March 2025 and believed to originate from Brazil, this service hides .NET payloads inside harmless-looking…