A leading digital wealth management platform disclosed on January 9, 2026, that an unauthorized individual obtained access to its internal systems through a sophisticated social engineering attack. Enabling them to impersonate the company and distribute fraudulent cryptocurrency-related messages to a…
Tag: Cyber Security News
Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets
Fortinet disclosed a critical OS command injection vulnerability in FortiSIEM on January 13, 2026, warning users of a high-risk flaw that lets unauthenticated attackers execute arbitrary code. Tracked as CVE-2025-64155, the issue stems from improper neutralization of special elements in…
Researchers Proposed Game-Theoretic AI for Guiding Attack and Defense
Researchers from Alias Robotics and Johannes Kepler University Linz have unveiled a groundbreaking approach to automated penetration testing that combines artificial intelligence with game theory. Led by Víctor Mayoral-Vilches, Mara Sanz-Gómez, Francesco Balassone, Stefan Rass, and their collaborators, the team…
AuraAudit – Open-Source Tool for Salesforce Aura Framework Misconfiguration Analysis
Mandiant has released AuraInspector, an open-source command-line tool that helps security defenders identify and audit access-control misconfigurations in the Salesforce Aura framework. The tool addresses a critical security gap in Salesforce Experience Cloud deployments, where misconfigurations frequently expose sensitive data,…
Elastic Patches Multiple Vulnerabilities That Enables Arbitrary File Theft and DoS Attacks
Elastic has released critical security updates addressing four significant vulnerabilities across its stack, including a high-severity flaw that permits arbitrary file disclosure through compromised connector configurations. The patches resolve issues affecting file handling, input validation, and resource allocation mechanisms in…
Spring CLI Tool Vulnerability Enables Command Execution on the Users Machine
A command injection vulnerability in the Spring CLI VSCode extension poses a security risk to developers still using the outdated tool. The flaw, tracked as CVE-2026-22718, enables attackers to execute arbitrary commands on affected machines, resulting in a medium-severity impact.…
New Android Bug Impacts Volume Buttons Functionality with “Select to Speak” Enabled
Google has identified a critical bug affecting Android devices where the volume buttons malfunction when the Select to Speak accessibility feature is enabled. The issue causes volume keys to adjust accessibility volume rather than media volume. It prevents photo capture…
New Magecart Attack Steals Customers Credit Cards from Website Checkout Pages
A sophisticated web-skimming campaign targeting online shoppers has emerged with renewed intensity in 2026, compromising e-commerce websites and extracting sensitive payment information during checkout processes. The attack, identified as part of the broader Magecart family of threats, represents an evolving…
10 Dangerous DNS Attacks Types & Prevention Measures – 2026
DNS the Domain Name System faces relentless threats, with no slowdown in sight as tactics evolve. Operating primarily over connectionless UDP (and sometimes TCP), it proves vulnerable to manipulation, making it a prime vector for DDoS abuse. Think of DNS…
5 Best Bug Bounty Platforms for White-Hat Hackers – 2026
Bug bounty platforms form a cornerstone of modern cybersecurity, empowering organizations to crowdsource vulnerability discovery from skilled external researchers. These programs reward private individuals for uncovering flaws in web apps, vulnerability management systems, and more through effective crowdsourced testing. White-hat…
10 Most Dangerous Injection Attacks in 2026
Since you are in the industry, especially in the network and admin team, you need to know a few vulnerabilities, such as injection attacks to stay alert from them. Each attack or vulnerability has a different method, most importantly injection-type…
Top 11 Best DNS Filtering Solutions – 2026
Before diving into DNS filtering solutions, it’s essential to understand the concept of DNS filtering and its significance in cybersecurity. In today’s digital landscape, cybersecurity has become a critical priority as cyberattacks are increasingly prevalent worldwide. Organizations must protect not…
Top 12 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing 2026
We all know very well that getting or gathering any information by using various tools becomes really easy. In this article, we have discussed various OSINT tools, as if we search over the internet, then there will be many different…
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to…
Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days
Microsoft’s January 2026 updates fix 114 vulnerabilities, with several remote code execution bugs rated critical across Office applications and Windows services such as LSASS. This Patch Tuesday addresses critical remote code execution flaws and numerous elevation of privilege issues that…
FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code
Fortinet has disclosed a critical heap-based buffer overflow vulnerability (CWE-122) in the cw_acd daemon of FortiOS and FortiSwitchManager. This flaw enables a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests over the network. Organizations…
Node.js Security Release Patches 7 Vulnerabilities Across All Release Lines
Node.js issued critical security updates across its active release lines on January 13, 2026, patching vulnerabilities that could lead to memory leaks, denial-of-service attacks, and permission bypasses. These releases address three high-severity flaws, among others, urging immediate upgrades for affected…
FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests
Fortinet disclosed a Server-Side Request Forgery (SSRF) vulnerability in its FortiSandbox appliance on January 13, 2026, urging users to update amid risks of internal network proxied requests. Tracked as CVE-2025-67685 (FG-IR-25-783), the flaw resides in the GUI component and stems…
HoneyTrap – A New LLM Defense Framework to Counter Jailbreak Attacks
Large language models have become essential tools across industries, from healthcare to creative services, revolutionizing how humans interact with artificial intelligence. However, this rapid expansion has exposed significant security vulnerabilities. Jailbreak attacks—sophisticated techniques designed to bypass safety mechanisms—pose an escalating…
Multi-Stage Windows Malware Invokes PowerShell Downloader Using Text-based Payloads Using Remote Host
Security researchers have identified a sophisticated multi-stage Windows malware campaign called SHADOW#REACTOR that represents a significant evolution in delivery mechanisms for remote access tools. The campaign demonstrates how threat actors combine traditional scripting techniques with modern obfuscation methods to bypass…