Microsoft’s BitLocker encryption, long viewed as a safeguard for Windows users’ data, is under renewed scrutiny after reports revealed the company provided law enforcement with encryption keys in a criminal investigation. The case, detailed in a government filing [PDF],…
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. This article has been indexed from Trend Micro Research, News and…
Apple updates AirTag with expanded range and improved findability
Apple has released a new version of its AirTag tracking accessory that extends its connectivity range and improves how items are located. The updated AirTag uses a second-generation Ultra Wideband chip, similar to the chip in the iPhone 17 lineup,…
Cyber Briefing: 2026.01.26
North Korea targets blockchain devs, FortiGate and VMware exploits spread, major breach claims surface, phishing grows, and tech giants probe failures. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.26
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the “Contagious Interview” campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17…
New Malware Toolkit Redirects Victims to Malicious Sites Without Changing the URL
A dangerous new malware toolkit is being sold on Russian cybercrime forums that can redirect victims to fake websites while keeping the real domain name visible in their browser’s address bar. The toolkit, called Stanley, costs between $2,000 and $6,000…
Instagram Investigates Reported Vulnerability Allowing Access to Private Content
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protecting user privacy. Technical Overview According to the disclosure, the vulnerability…
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute…
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities…
Distant entangled atoms acting as one sensor deliver stunning precision
Researchers have demonstrated that quantum entanglement can link atoms across space to improve measurement accuracy. By splitting an entangled group of atoms into separate clouds, they were able to measure electromagnetic fields more precisely than before. The technique takes advantage…
Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports
The curl project ended its bug bounty program in January 2026 because it received too many low-quality and useless bug reports. The decision reflects growing frustration within the open-source security community regarding the unintended consequences of financial incentive structures on…
Get paid to scroll TikTok? The data trade behind Freecash ads
Ads promised up to $35 an hour to watch videos. Instead, users were funneled into mobile games designed to drive spending and collect data. This article has been indexed from Malwarebytes Read the original article: Get paid to scroll TikTok?…
Upwind Raises $250 Million at $1.5 Billion Valuation
The CNAPP company will use the fresh investment to scale its runtime-first cloud security offering across data, AI and code. The post Upwind Raises $250 Million at $1.5 Billion Valuation appeared first on SecurityWeek. This article has been indexed from…
Upwind secures $250 million to expand runtime-first cloud security for AI workloads
Upwind has raised $250 million in Series B funding, bringing its total funding to $430 million. The round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Existing investors include Greylock, Cyberstarts, Leaders Fund, Craft…
EU opens new investigation into Grok on X
The European Commission has opened a new formal investigation into X under the Digital Services Act over risks linked to the deployment of its AI tool Grok in the EU. Regulators are examining whether X properly assessed and mitigated risks…
Researchers Uncover “Haxor” SEO Poisoning Marketplace
Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO” This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover “Haxor” SEO Poisoning Marketplace
Microsoft Probes Windows 11 Boot Failures
Microsoft is currently looking into reports of Windows 11 systems failing to start following the January 2026 security updates. This article has been indexed from CyberMaterial Read the original article: Microsoft Probes Windows 11 Boot Failures
NTSB Probes Waymo Robotaxi Bus Violations
The National Transportation Safety Board has launched an investigation into Waymo robotaxis for failing to stop for school buses in Austin, Texas. This article has been indexed from CyberMaterial Read the original article: NTSB Probes Waymo Robotaxi Bus Violations
Booz Allen’s Vellox Reverser accelerates malware analysis and threat intelligence
Booz Allen Hamilton announced the general availability of Vellox Reverser, a malware reverse engineering and threat intelligence product designed to accelerate cyber defense. Built with a resilient agentic AI architecture, Vellox Reverser automates time-intensive in-depth malware analysis of the most…
CISA Warns VMware RCE Now Exploited
CISA has issued an urgent mandate for federal agencies to patch a critical remote code execution vulnerability in VMware vCenter Server by February 13th. This article has been indexed from CyberMaterial Read the original article: CISA Warns VMware RCE Now…
Crunchbase Confirms Data Breach Claims
Crunchbase has officially confirmed a security breach following the unauthorized publication of corporate data by the cybercrime group ShinyHunters. This article has been indexed from CyberMaterial Read the original article: Crunchbase Confirms Data Breach Claims
ShinyHunters Claim Okta SSO Hacks
The ShinyHunters extortion group has claimed responsibility for a series of voice phishing attacks targeting employees at major organizations using Okta, Microsoft, and Google for single sign-on services. This article has been indexed from CyberMaterial Read the original article: ShinyHunters…
Nike Probes Possible Data Breach Claims
Nike is looking into a potential security compromise following claims by the WorldLeaks group that they successfully breached the company’s internal servers. This article has been indexed from CyberMaterial Read the original article: Nike Probes Possible Data Breach Claims
1Password Adds Phishing Site Warnings
1Password has introduced a new security feature that proactively alerts users when they land on potential phishing websites. This article has been indexed from CyberMaterial Read the original article: 1Password Adds Phishing Site Warnings