Of course, organizations see risk. It’s just that they struggle to turn insight into timely, safe action. That gap is why exposure management has emerged, and also why it is now becoming a foundational security discipline. What the diagram makes…
Threat Actors Hiding stealthy PURELOGS Payload Within a Weaponized PNG File
A newly discovered attack campaign has exposed a sophisticated delivery method for the PURELOGS infostealer, a commodity malware sold as a service on underground forums. Threat actors are using weaponized PNG files hosted on legitimate infrastructure to deliver the payload…
Critical Zoom Command Injection Vulnerability Enables Remote Code Execution
A critical command injection vulnerability in Node Multimedia Routers (MMRs) could allow meeting participants to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2026-22844, carries a CVSS severity rating of 9.9, the highest possible score, indicating an extremely…
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
A novel malware delivery technique dubbed “PixelCode” has been demonstrated, showing how malicious executables can be encoded directly into video frames. The approach allows threat actors to host these videos on legitimate platforms such as YouTube, helping the malware evade…
NVIDIA NSIGHT Graphics for Linux Vulnerability Allows Code Execution Attacks
An urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-33206, has been rated as High severity with a CVSS score of…
AI Phishing Is Your Company’s Biggest Security Risk in 2026: Here’s How to Stop It
Phishing used to be easy to spot. Bad grammar, strange links, obvious scams. That version is gone. In 2026, phishing is polished, well-written, and often smarter than it has any right to be thanks to AI. These attacks look like real business emails, slip past…
EU considers whether there’s Huawei of axing Chinese kit from networks within 3 years
Still dominant in Germany’s networks, among others The European Commission (EC) wants a revised Cybersecurity Act to address any threats posed by IT and telecoms kit from third-country sources, potentially forcing member states to confront the thorny issue of suppliers…
LastPass Users Targeted With Backup-Themed Phishing Emails
Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success. The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek. This article has been indexed…
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
Boston, MA, USA, 21st January 2026, CyberNewsWire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
Cybersecurity: A Self-Teaching Introduction
A beginner-friendly, structured primer that teaches core concepts of cybersecurity and cybercrime from the ground up This article has been indexed from CyberMaterial Read the original article: Cybersecurity: A Self-Teaching Introduction
Chainsaw
A fast forensic triage tool for detecting suspicious Windows event log activity using rule based threat hunting This article has been indexed from CyberMaterial Read the original article: Chainsaw
IT Security News Hourly Summary 2026-01-21 15h : 16 posts
16 posts were published in the last hour 13:34 : ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix” 13:34 : VoidLink Emerges: First Fully AI-Driven Malware Signals a New Era of Cyber Threats 13:34 :…
ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix”
ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text, distorted CSS, and cursor jitter to convince victims their device is actually broken. Visual chaos…
VoidLink Emerges: First Fully AI-Driven Malware Signals a New Era of Cyber Threats
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents the first documented case of high-complexity, production-grade malware…
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version…
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows.…
GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS
GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends…
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
A DNS flaw in Azure Private Link can trigger DoS-like outages across linked VNETs. The post Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Ireland wants to give its cops spyware, ability to crack encrypted messages
Its very own Snooper’s Charter comes a month after proposed biometric tech expansion The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.… This article has…
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
The hackers trick victims into accessing GitHub or GitLab repositories that are opened using Visual Studio Code. The post North Korean Hackers Target macOS Developers via Malicious VS Code Projects appeared first on SecurityWeek. This article has been indexed from…
Privacy Takes Center Stage in WhatsApp’s Latest Feature Update
There are billions of WhatsApp users worldwide, making it a crucial communication platform for both personal and professional exchanges alike. But its wide spread has also made it an increasingly attractive target for cybercriminals because of its widespread reach…
AI Expert Warns World Is Running Out of Time to Tackle High-Risk AI Revolution
AI safety specialist David Dalrymple has warned in no unclear terms that humanity may be running out of time to get ready for the dangers of fast-moving artificial intelligence. When talking to The Guardian, the director of programme at the UK…
Rust package registry adds security tools and metrics to crates.io
The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers a…
Beware of Weaponized Shipping Documents that Deliver Remcos RAT with a Wide Range of Capabilities
Threat actors are leveraging a dangerous new campaign that weaponizes ordinary-looking shipping documents to distribute Remcos, a powerful remote access trojan. This phishing scheme uses fake shipping emails as the entry point, tricking users into opening malicious Word documents disguised…