Security researchers found a Google Gemini flaw that let hidden instructions in a meeting invite extract private calendar data and create deceptive events. The post Google Gemini Flaw Let Attackers Access Private Calendar Data appeared first on TechRepublic. This article…
Tag: EN
Remember VoidLink, the cloud-targeting Linux malware? An AI agent wrote it
AI + skilled malware developers = security threat VoidLink, the newly spotted Linux malware that targets victims’ clouds with 37 evil plugins, was generated “almost entirely by artificial intelligence” and likely developed by just one person, according to the research…
The Data Center Is Secure, But Your Users Are Not
Today’s data centers are hardened facilities with layered access controls, surveillance, redundancy and security teams focused on keeping threats out. Yet, even the most secure environment can be compromised by a single moment of trust, such as a legitimate-looking email…
Four priorities for AI-powered identity and network access security in 2026
Discover four key identity and access priorities for the new year to strengthen your organization’s identity security baseline. The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog. This article has…
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of…
Geopolitical Conflict Is Increasing the Risk of Cyber Disruption
Cybersecurity is increasingly shaped by global politics. Armed conflicts, economic sanctions, trade restrictions, and competition over advanced technologies are pushing countries to use digital operations as tools of state power. Cyber activity allows governments to disrupt rivals quietly, without deploying…
Vulnerability Summary for the Week of January 12, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike–Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution.…
ClickFix to CrashFix: KongTuke Used Fake Chrome Ad Blocker to Install ModeloRAT
Huntress discovers ‘CrashFix,’ a new attack by KongTuke hacker group using fake ad blockers to crash browsers and trick office workers into installing ModeloRAT malware. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More…
LayerX Links GhostPoster to 17 Extensions and 840K Downloads
LayerX says GhostPoster spread across 17 extensions and 840,000 downloads. The post LayerX Links GhostPoster to 17 Extensions and 840K Downloads appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: LayerX Links…
Why Smart Contract Security Can’t Wait for “Better” AI Models
The numbers tell a stark story: $1.42 billion lost across 149 documented incidents in 2024 due to smart contract vulnerabilities, with access control flaws accounting for $953.2 million in damages alone. While the Web3 community debates the perfect AI solution…
DNS OverDoS: Are Private Endpoints Too Private?
We’ve identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42. This article has been indexed from…
Schneider Electric devices using CODESYS Runtime
View CSAF Summary Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service…
Rockwell Automation Verve Asset Manager
View CSAF Summary Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. The following versions of Rockwell Automation Verve Asset Manager are affected: Verve Asset Manager (CVE-2025-14376, CVE-2025-14377) Verve…
Schneider Electric EcoStruxure Foxboro DCS
View CSAF Summary Schneider Electric is aware of a vulnerability disclosed by INTEL used in the EcoStruxure™ Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The [EcoStruxure™ Foxboro DCS product](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/#overview) is an innovative family…
New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access
A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading…
WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol
WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred…
Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram
Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach. Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in…
Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India
The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data. The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening…
Fight for the Future, EFF, Others Push Back Against Growing ICE Surveillance
The privacy rights group Fight for the Future was one of 44 organizations that sent a letter to lawmakers urging them to pull back on funding for ICE, noting the growing threats to U.S. citizens and others as the agency…
Cybersecurity in the Age of AIOps: Proactive Defense Strategies for IT Leaders
There is a rise in cybersecurity threats in today’s rapidly changing digital landscape. Organizations have struggled to safeguard sensitive data and systems from ransomware and breaches. In fact, about 87% of security professionals report that AI-based cyberattacks are plaguing organizations…