A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys…
Tag: EN
Critical zlib Flaw Let Attackers Can Trigger a Buffer Overflow via untgz
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname() function, where an unbounded strcpy() call copies…
New “Penguin” Platform Sells Pig-Butchering Kits, PII, and Stolen Accounts
The industrialization of pig butchering scams has reached a critical tipping point. A sprawling Pig Butchering-as-a-Service (PBaaS) economy has emerged across Southeast Asia, offering turnkey scam platforms, stolen identities, pre-registered SIM cards, mobile applications, payment infrastructure, and shell company formation services.…
Enshittification is ruining everything online (Lock and Code S07E01)
This week on the Lock and Code podcast, we speak with Cory Doctor about enshittification and its dangerous impact online and off. This article has been indexed from Malwarebytes Read the original article: Enshittification is ruining everything online (Lock and…
Downtime pushes resilience planning into security operations
CISOs describe a shift in how they define success. New research from Absolute Security shows broad agreement that resilience outweighs security goals centered on prevention alone. Security leaders increasingly define their role around keeping the business operating through disruption. The…
FBI Warns of QR Code Phishing & Europol’s Major Cybercrime Crackdown CST Monday Jan 12 2026
In this episode of Cybersecurity Today, host David Shipley covers the FBI’s warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol’s arrest of 34 individuals in Spain tied to the infamous Black Acts…
New ‘Penguin’ Pig Butchering as a Service Selling PII, Stolen Accounts and Fraud Kits
The world of cybercrime has taken a dangerous turn as pig butchering scams now operate as turnkey services, lowering entry barriers for bad actors worldwide. The “Penguin” operation represents a growing marketplace that provides everything scammers need to launch large-scale…
India’s government denies it plans to demand smartphone source code
Says ongoing talks about security are about understanding best practice, not strong-arming vendors India’s government has denied that it is working on rules that would require smartphone manufacturers to provide access to their source code.… This article has been indexed…
New EDRStartupHinder Tool blocks antivirus and EDR services at startup on Windows 11 25H2 Defender
Security researcher TwoSevenOneT, known for EDR evasion tools like EDR-Freeze and EDR-Redir, unveiled EDRStartupHinder this week. The tool blocks antivirus and EDR services at startup by redirecting critical System32 DLLs via Windows Bindlink, demonstrated on Windows Defender in Windows 11…
Hackers Accessed University of Hawaii Cancer Center Patient Data; They Weren’t Immediately Notified
UH officials declined an interview request and have refused to provide key information, including which cancer research project had been affected or how much UH paid the hackers to regain access to files. The post Hackers Accessed University of Hawaii…
ISC Stormcast For Monday, January 12th, 2026 https://isc.sans.edu/podcastdetail/9762, (Mon, Jan 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, January 12th, 2026…
Malaysia and Indonesia block X over failure to curb deepfake smut
PLUS: Cambodia arrests alleged scam camp boss; Baidu spins out chip biz; Panasonic’s noodle shop plan; And more! Asia in Brief The governments of Malaysia and Indonesia have suspended access to social network X, on grounds that it allows users…
Meta admits to Instagram password reset mess, denies data leak
PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more infosec in brief Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem…
Instagram’s “17 Million User Data Leak” Was Just Scraped Records from 2022
Instagram’s 17 million user data leak wasn’t a new breach – Hackread.com’s in-depth analysis shows it was scraped in 2022, leaked in 2023, and falsely repackaged in 2026. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
Instagram says there’s been ‘no breach’ despite password reset requests
Instagram says that although some users received suspicious-looking password reset requests, it has not been breached. This article has been indexed from Security News | TechCrunch Read the original article: Instagram says there’s been ‘no breach’ despite password reset requests
Can Agentic AI reduce the burden of compliance?
How Agentic AI Can Reduce the Compliance Burden Have you ever wondered how much time and resources your organization spends on meeting compliance obligations? Regulatory is complex and changing, creating a significant burden for organizations striving to maintain compliance, especially…
What innovative approaches exist for Agentic AI security?
How Can We Securely Manage Non-Human Identities (NHIs) in the Age of Agentic AI? Have you ever pondered how machine identities are secured? The answer revolves around the robust management of Non-Human Identities (NHIs) and secrets security. With rising threats,…
What makes an NHI management strategy scalable?
What Is Driving the Need for a Scalable NHI Management Strategy? Is your organization grappling with the complexities of managing Non-Human Identities (NHIs)? With digital transformation continues to redefine operational, the management of machine identities becomes a pivotal concern across…
How protected are your secrets in hybrid environments?
Are Your Machine Identities Secure in Hybrid Environments? Managing Non-Human Identities (NHIs) is becoming a crucial aspect of cybersecurity strategies, particularly in hybrid environments. But what are NHIs, and why should they matter to organizations operating in diverse sectors such…
Instagram – 6,215,150 breached accounts
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these…