Quantum computers could revolutionize everything from drug discovery to business analytics—but their incredible power also makes them surprisingly vulnerable. New research from Penn State warns that today’s quantum machines are not just futuristic tools, but potential gold mines for hackers.…
Apache Airflow Vulnerabilities Enables Expose of Sensitive Data
Multiple vulnerabilities in Apache Airflow versions prior to 3.1.6 could reveal sensitive authentication credentials and secrets within logs and user interfaces. Both issues stem from inadequate masking of sensitive data during rendering and logging operations, potentially compromising proxy credentials and…
WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks
A critical security flaw in the popular Advanced Custom Fields: Extended WordPress plugin has put more than 100,000 websites at risk of full takeover. The vulnerability, tracked as CVE-2025-14533, affects plugin versions up to and including 0.9.2.1 and carries a…
NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services
A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting disruptive denial-of-service (DoS) operations against local government authorities. Critical national infrastructure operators are aiming to…
New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale
A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for…
Ingram Micro Reveals Impact of Ransomware Attack on Employee Records
Ingram Micro quietly divulged all the personal details of their employees and job applicants last summer after a ransomware attack at the height of the summer turned into a far-reaching data exposure, exposing sensitive information about their employees and…
Google Gemini Calendar Flaw Allows Meeting Invites to Leak Private Data
Though built to make life easier, artificial intelligence helpers sometimes carry hidden risks. A recent study reveals that everyday features – such as scheduling meetings – can become pathways for privacy breaches. Instead of protecting data, certain functions may…
Sprocket Security Appoints Eric Sheridan as Chief Technology Officer
Madison, United States, 20th January 2026, CyberNewsWire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Sprocket Security Appoints Eric Sheridan as Chief Technology Officer
Prompt Injection Bugs Found in Official Anthropic Git MCP Server
Three vulnerabilities in Anthropic’s Git server for the MCP can be exploited via prompt injection This article has been indexed from www.infosecurity-magazine.com Read the original article: Prompt Injection Bugs Found in Official Anthropic Git MCP Server
Cyber Briefing: 2026.01.20
China-linked APT activity, critical plugin exploits, Cloudflare WAF bypass fixes, major data breaches, lost government devices, and global cybercrime arrests. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.20
New Windows Flaw Lets Attackers Bypass Mark of the Web
Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files. The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic. This…
Fake extension crashes browsers to trick users into infecting themselves
A fake ad blocker crashes your browser, then uses ClickFix tricks to make you run the malware yourself. This article has been indexed from Malwarebytes Read the original article: Fake extension crashes browsers to trick users into infecting themselves
Exploiting Google Gemini to Abuse Calendar Invites Illustrates AI Threats
Researchers with security firm Miggo used an indirect prompt injection technique to manipulate Google’s Gemini AI assistant to access and leak private data in Google Calendar events, highlighting the challenges AI presents that traditional security measures can’t address. The post…
Ping Identity launches Universal Services for ongoing identity assurance
Ping Identity announced its Universal Services, a set of identity services that enable organizations to move beyond authentication and continuously establish, validate, and protect trust across every digital interaction. As impersonation attacks, synthetic identities, and AI-driven social engineering accelerate, enterprises…
HackerOne extends Safe Harbor protections to AI testing
HackerOne has unveiled the Good Faith AI Research Safe Harbor, a new industry framework that establishes authorisation and legal protections for researchers testing AI systems in good faith. As AI systems scale rapidly across critical products and services, legal ambiguity…
Inside a Multi-Stage Windows Malware Campaign
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware. This article has been indexed from FortiGuard Labs Threat Research Read the original article: Inside a Multi-Stage Windows…
Chainlit Vulnerabilities May Leak Sensitive Information
The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data. The post Chainlit Vulnerabilities May Leak Sensitive Information appeared first on SecurityWeek. This article has been…
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
The post When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time) appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: When…
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading,…
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws…
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey shows cyber risk rising to the top of CEO concerns as confidence in short term business growth weakens This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Risks Among CEOs’ Top Worries…
Grubhub Confirms New Data Breach Incident
Grubhub is currently investigating a new data breach and an associated extortion attempt following a security compromise linked to its Zendesk platform. This article has been indexed from CyberMaterial Read the original article: Grubhub Confirms New Data Breach Incident
Japanese Nuclear Regulator Loses Phone in China
Japan’s nuclear regulator is investigating the potential leak of confidential data after an employee lost a work-issued smartphone during a private trip to China. This article has been indexed from CyberMaterial Read the original article: Japanese Nuclear Regulator Loses Phone…
Eurail Breach Exposes Passenger Info
Eurail recently confirmed a data breach involving customer information following notification emails sent to affected travelers this week. This article has been indexed from CyberMaterial Read the original article: Eurail Breach Exposes Passenger Info