The exploitation activity comes weeks after a similar authentication bypass vulnerability was found. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA, security researchers warn FortiCloud SSO flaw is under attack
Tag: EN
Google targets IPIDEA in crackdown on global residential proxy networks
Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing…
CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical authentication bypass vulnerability in multiple Fortinet products, actively exploited in the wild. Tracked as CVE-2026-24858, the flaw allows attackers with a FortiCloud account to hijack…
Google Announces Android Theft Protection Feature to Make Your Device Harder Target for Hackers
Google has rolled out a comprehensive update to Android’s theft protection capabilities, introducing stronger authentication safeguards and enhanced recovery tools designed to protect users before, during, and after theft attempts. The multi-layered defense system, announced on January 26, 2026, builds…
Google disrupts proxy network used by 550+ threat groups
Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat groups…
France Fines National Employment Agency €5m Over 2024 Data Breach
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR This article has been indexed from www.infosecurity-magazine.com Read the original article: France Fines National Employment Agency €5m Over 2024 Data Breach
Seven habits that help security teams reduce risk without slowing delivery
The right habits change everything Sponsored Post Security teams are under pressure from every direction: supply chain threats are rising, regulatory expectations are tightening, and development cycles aren’t getting any slower. Yet for many organizations, the practical work of improving…
Top 7 Threat Intelligence Platforms & Software
Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons. The post Top 7 Threat Intelligence Platforms & Software appeared first on eSecurity Planet. This article has been indexed from…
New CISA Guidance Targets Insider Threat Risks
CISA urges action against insider threats with publication of a new infographic offering strategies to manage risks This article has been indexed from www.infosecurity-magazine.com Read the original article: New CISA Guidance Targets Insider Threat Risks
Cal.com Access Control Flaws Expose Millions of Bookings
Researchers found access control flaws in Cal.com that could enable account takeover and expose sensitive booking data across organizations. The post Cal.com Access Control Flaws Expose Millions of Bookings appeared first on eSecurity Planet. This article has been indexed from…
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc. This article has been indexed from Securelist…
Microsoft Office zero-day lets malicious documents slip past security checks
Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks. This article has been indexed from Malwarebytes Read the original article: Microsoft Office zero-day lets malicious documents slip past security…
LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’
An LLMjacking operation has been targeting exposed LLMs and MCPs at scale, for commercial monetization. The post LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’ appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: LLMs…
Cyber Briefing: 2026.01.29
Scam warnings rise after disasters as phishing spreads, RCE flaws emerge, banks and schools face attacks, grid threats surface, and platforms boost security. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.29
Microsoft releases update to address zero-day vulnerability in Microsoft Office
Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. This article has been indexed from Cisco Talos Blog Read…
This startup aims to solve crypto’s broken key management problem
Crypto security firm Sodot launches Exchange API Vault to stop API key theft, securing billions in assets while supporting low latency, high frequency trading. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read…
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor,…
Fake “Mac Cleaner” Campaign Uses Google Ads to Redirect Users to Malware
Cybercriminals are exploiting Google Search Ads to distribute malware through deceptive landing pages that impersonate Apple’s official website design. The malicious ads appear prominently in Google Search results when users search for “mac cleaner,” displaying trusted domains such as docs.google.com…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems
Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and…
BlackIce Introduced as Container-Based Red Teaming Toolkit for AI Security Testing
Databricks introduced BlackIce at CAMLIS Red 2025, an open-source containerized toolkit that consolidates 14 widely-used AI security tools into a single, reproducible environment. This innovation addresses critical pain points in AI red teaming by eliminating complex setup procedures and dependency…