Many records also contained additional personal information such as names, dates of birth, genders, geographic locations, and purchase information. The post Under Armour Ransomware Attack Exposes 72M Email Addresses appeared first on TechRepublic. This article has been indexed from Security…
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Appsmith Flaw Enables Account Takeovers
IT teams aren’t equipped to stop rogue AI agents
Autonomous systems represent an attack surface existing cybersecurity services models aren’t designed to protect. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: IT teams aren’t equipped to stop rogue AI agents
Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online
TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user’s approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach. This article has been indexed from Security…
Keeper Introduces Instant Account Switching and Passkey Improvements
Keeper Security has announced instant account switching and passkey enhancements across its mobile applications and browser extension. This update is said to be available across all major web browsers including iOS, Android and the Keeper Browser Extension. The instant account…
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
A team of researchers from the Graz University of Technology in Austria has revived page Linux page cache attacks. The post Old Attack, New Speed: Researchers Optimize Page Cache Exploits appeared first on SecurityWeek. This article has been indexed from…
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What…
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites This article has been indexed from www.infosecurity-magazine.com Read the original article: RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Cyber Briefing: 2026.01.22
Critical camera and WordPress takeovers, FortiGate attack surges, major public sector breaches, supply-chain ransomware, auto zero-days, and arrests. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.22
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the…
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the…
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all…
Critical Vivotek Flaw Enables Remote Arbitrary Code Execution
Akamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse…
New Osiris Ransomware Leverages Living Off the Land and Dual-Use Tools in Attacks
A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat with no connection to…
CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that…
FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data
A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December…
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy…
New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages
Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through…
Webinar Today: Rethinking Email Security for Mid-Sized Organizations
See how modern AI-driven detection can block sophisticated attacks that traditional tools miss The post Webinar Today: Rethinking Email Security for Mid-Sized Organizations appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Webinar Today:…
Obsidian Security unveils end-to-end SaaS supply chain security to stop integration-led breaches
Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies depend on hundreds of SaaS applications to operate their business. The security threat posed by…
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware
TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Watering…
Fake LastPass maintenance emails target users
LastPass is warning users about phishing emails that pressure users to back up their vaults within 24 hours. This article has been indexed from Malwarebytes Read the original article: Fake LastPass maintenance emails target users
Minnesota DHS Data Breach Hits 300K
The Minnesota Department of Human Services recently notified nearly 304,000 residents that their demographic and personal data were compromised due to unauthorized system access by an affiliated user. This article has been indexed from CyberMaterial Read the original article: Minnesota…