no alarms and no surprises please..
-
Internet Voting is Too Insecure for Use in Elections
Internet Voting is Too Insecure for Use in Elections No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is…
-
ISC Stormcast For Thursday, January 22nd, 2026 https://isc.sans.edu/podcastdetail/9776, (Thu, Jan 22nd)
ISC Stormcast For Thursday, January 22nd, 2026 https://isc.sans.edu/podcastdetail/9776, (Thu, Jan 22nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Automatic Script Execution In Visual Studio Code, (Wed, Jan 21st)
Automatic Script Execution In Visual Studio Code, (Wed, Jan 21st) Visual Studio Code is a popular open-source code editor[1]. But it’s much more than a simple editor, it’s a complete development platform that supports many languages and it is available on multiple platforms. Used by developers worldwide, it’s a juicy target for threat actors because it…
-
Smashing Security podcast #451: I hacked the government, and your headphones are next
Smashing Security podcast #451: I hacked the government, and your headphones are next In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss…
-
Pro-Russian denial-of-service attacks target UK, NCSC warns
Pro-Russian denial-of-service attacks target UK, NCSC warns The UK’s National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations. Are you prepared? Read more in my article on the Hot for Security blog.…
-
‘Contagious Interview’ Attack Now Delivers Backdoor Via VS Code
‘Contagious Interview’ Attack Now Delivers Backdoor Via VS Code Once trust is granted to the repository’s author, a malicious app executes arbitrary commands on the victim’s system with no other user interaction. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Phishing Campaign Zeroes in on LastPass Customers
Phishing Campaign Zeroes in on LastPass Customers The bait incudes plausible subject lines and credible messages, most likely thanks to attackers’ use of large language models to craft them. Alexander Culafi Go to gbhackers.com
-
Complex VoidLink Linux Malware Created by AI
Complex VoidLink Linux Malware Created by AI Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
‘Damn Vulnerable’ Training Apps Leave Vendors’ Clouds Exposed
‘Damn Vulnerable’ Training Apps Leave Vendors’ Clouds Exposed Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in… Go to gbhackers.com
-
Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw
Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the… Go to gbhackers.com
-
Azure Private Endpoint Deployments Expose Cloud Resources to DoS Attacks
Azure Private Endpoint Deployments Expose Cloud Resources to DoS Attacks A critical architectural weakness in Azure’s Private Endpoint deployments could allow both accidental and intentional denial of service (DoS) attacks against cloud resources. The… Go to gbhackers.com
-
Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems
Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive corporate and customer data…. Go to gbhackers.com
-
Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks
Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks A sophisticated phishing campaign exploiting LinkedIn private messages has been identified, delivering remote access trojans (RATs) through a combination of DLL sideloading techniques and… Go to gbhackers.com
-
OpenAI’s ChatGPT Atlas browser is testing actions feature
OpenAI’s ChatGPT Atlas browser is testing actions feature Chromium-based ChatGPT Atlas browser is testing a new feature likely called “Actions,” and it can also understand videos, which is why you might see ChatGPT generating timestamps for videos. […] Mayank Parmar Go to bleepingcomputer
-
Google says Gemini won’t have ads, as ChatGPT prepares to add them
Google says Gemini won’t have ads, as ChatGPT prepares to add them OpenAI recently rolled out ads to ChatGPT in the United States if you use $8 Go subscription or a free account, but Google says it does not plan to put ads in Gemini. […] Mayank Parmar Go to bleepingcomputer
-
OpenAI rolls out age prediction model on ChatGPT to detect your age
OpenAI rolls out age prediction model on ChatGPT to detect your age OpenAI is rolling out an age prediction model on ChatGPT to detect your age and apply possible safety-related restrictions to prevent misuse by teens. […] Mayank Parmar Go to bleepingcomputer
-
ACF plugin bug gives hackers admin on 50,000 WordPress sites
ACF plugin bug gives hackers admin on 50,000 WordPress sites A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. […] Bill Toulas Go to bleepingcomputer
-
VoidLink cloud malware shows clear signs of being AI-generated
VoidLink cloud malware shows clear signs of being AI-generated The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. […] Bill Toulas Go to bleepingcomputer
-
Google Chrome 144 Update Patches High-Severity V8 Vulnerability
Google Chrome 144 Update Patches High-Severity V8 Vulnerability A new Stable-channel release of Chrome version 144 addresses a high-severity vulnerability in the V8 JavaScript engine. The update, version 144.0.7559.96/.97 for Windows and Mac and 144.0.7559.96 for Linux, began rolling out on January 21, 2026, and will reach all users over the coming days and weeks.…
-
Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via “-f root”
Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via “-f root” A critical remote authentication bypass vulnerability has been disclosed in GNU InetUtils affecting the telnetd server component. The flaw, reported by a security researcher on January 19, 2026, allows unauthenticated attackers to gain root access by exploiting improper input sanitization in the telnetd authentication…
-
Attackers Leverages LinkedIn to Deliver Remote Access Trojan Targeting Corporate Environments
Attackers Leverages LinkedIn to Deliver Remote Access Trojan Targeting Corporate Environments A sophisticated phishing campaign is actively exploiting LinkedIn’s trusted social media platform to distribute a dangerous remote access trojan to corporate employees. Attackers are leveraging the professional credibility of LinkedIn to craft convincing messages that appear legitimate, making employees more likely to download and…
-
Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server
Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use…
-
Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack
Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack A critical architectural flaw in Microsoft Azure’s Private Endpoint implementation that enables denial-of-service (DoS) attacks against production Azure resources. The vulnerability affects over 5% of Azure storage accounts, exposing organizations to service disruptions across Key Vault, CosmosDB, Azure Container Registry, Function Apps, and OpenAI accounts.…
-
Old habits die hard: 2025’s most common passwords were as predictable as ever
Old habits die hard: 2025’s most common passwords were as predictable as ever Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well Go to eset
-
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and…
-
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue.…
-
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was…
-
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws can be…
-
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate,…
-
Could ChatGPT Convince You to Buy Something?
Could ChatGPT Convince You to Buy Something? Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI’s development hadn’t consolidated under a small number of big tech firms. Nor had it capitalized on consumer attention, surveilling users and delivering ads. Unfortunately, the AI industry is…
-
ISC Stormcast For Wednesday, January 21st, 2026 https://isc.sans.edu/podcastdetail/9774, (Wed, Jan 21st)
ISC Stormcast For Wednesday, January 21st, 2026 https://isc.sans.edu/podcastdetail/9774, (Wed, Jan 21st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th)
Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th) IDNs or “International Domain Names” have been with us for a while now (see RFC3490[1]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference between: https://youtube.com/ And: https://youtube.com/ The magic is to replace classic characters by others that look…
-
The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network
The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network In episode 84 of The AI Fix, Graham and Mark stare straight into the digital abyss and ask the most important question of our age: “Is AI just a hungry ghost trapped in a jar?” Also this week,…
-
169: MoD
169: MoD Legion of Doom, step aside. There’s a new elite hacker group in town, and they’re calling themselves Masters of Deception (MoD). With tactics that are grittier and more sophisticated than those of the LoD, MoD has targeted high-profile entities and left an indelible mark on the internet. This is part 2 of the…
-
‘CrashFix’ Scam Crashes Browsers, Delivers Malware
‘CrashFix’ Scam Crashes Browsers, Delivers Malware The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Mass Spam Attacks Leverage Zendesk Instances
Mass Spam Attacks Leverage Zendesk Instances The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability. Alexander Culafi Go to gbhackers.com
-
Vulnerabilities Threaten to Break Chainlit AI Framework
Vulnerabilities Threaten to Break Chainlit AI Framework Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Google Gemini Flaw Turns Calendar Invites Into Attack Vector
Google Gemini Flaw Turns Calendar Invites Into Attack Vector The indirect prompt injection vulnerability allows an attacker to weaponize calendar invites to circumvent Google’s privacy controls and access private data. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate… Go to gbhackers.com
-
Redmi Buds Vulnerability Could Allow Call Data Theft and Firmware Instability
Redmi Buds Vulnerability Could Allow Call Data Theft and Firmware Instability Xiaomi’s Redmi Buds series faces critical security flaws that enable attackers to steal sensitive call data and crash devices without authentication. Two newly disclosed… Go to gbhackers.com
-
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five… Go to gbhackers.com
-
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat… Go to gbhackers.com
-
Mandiant Publishes Rainbow Tables That Crack NTLMv1 Admin Passwords
Mandiant Publishes Rainbow Tables That Crack NTLMv1 Admin Passwords Mandiant has publicly released comprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite… Go to gbhackers.com
-
ChatGPT Go now unlocks unlimited access to GPT-5.2 Instant for $8
ChatGPT Go now unlocks unlimited access to GPT-5.2 Instant for $8 ChatGPT Go is finally worth your money, as OpenAI has almost doubled the usage limits and enabled ultimate access to GPT 5.2 Instant. […] Mayank Parmar Go to bleepingcomputer
-
You can get ChatGPT’s $20 Plus subscription for free for a limited time
You can get ChatGPT’s $20 Plus subscription for free for a limited time OpenAI is offering ChatGPT Plus, which costs $20 in the United States, for free, but the offer is valid for some accounts only, and it’s a limited-time deal. […] Mayank Parmar Go to bleepingcomputer
-
Fake ad blocker extension crashes the browser for ClickFix attacks
Fake ad blocker extension crashes the browser for ClickFix attacks A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. […] Bill Toulas Go to bleepingcomputer
-
New PDFSider Windows malware deployed on Fortune 100 firm’s network
New PDFSider Windows malware deployed on Fortune 100 firm’s network Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. […] Bill Toulas Go to bleepingcomputer
-
UK govt. warns about ongoing Russian hacktivist group attacks
UK govt. warns about ongoing Russian hacktivist group attacks The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. […] Bill Toulas Go to bleepingcomputer
-
Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste
Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the user’s clipboard,…
-
Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data
Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting credentials, documents, keystrokes, and screenshots…
-
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate…
-
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent. Security researchers from KU Leuven have uncovered a vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair, that affects hundreds…
-
Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef
Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users searching for appliance manuals…
-
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said,…
-
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster…
-
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have…
-
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to…
-
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote…
-
AI-Powered Surveillance in Schools
AI-Powered Surveillance in Schools It all sounds pretty dystopian: Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device captures audio, listening for sounds of distress. Outside,…
-
ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th)
ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
ChatGPT Health Raises Big Security, Safety Concerns
ChatGPT Health Raises Big Security, Safety Concerns ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety. Alexander Culafi Go to gbhackers.com
-
OpenAI hostname hints at a new ChatGPT feature codenamed “Sonata”
OpenAI hostname hints at a new ChatGPT feature codenamed “Sonata” OpenAI is reportedly testing a new feature or product codenamed “Sonata,” and it could be related to music or audio-related experiences on ChatGPT. […] Mayank Parmar Go to bleepingcomputer
-
New OpenAI leak hints at upcoming ChatGPT features
New OpenAI leak hints at upcoming ChatGPT features OpenAI is internally testing a new update for ChatGPT, at least on the web. It’ll begin rolling out in the coming weeks. […] Mayank Parmar Go to bleepingcomputer
-
Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs
Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Microsoft has released multiple emergency, out-of-band updates for Windows 10, Windows 11, and Windows Server to fix two issues caused by the January Patch Tuesday updates. […] Lawrence Abrams Go to bleepingcomputer
-
CIRO confirms data breach exposed info on 750,000 Canadian investors
CIRO confirms data breach exposed info on 750,000 Canadian investors The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. […] Bill Toulas Go to bleepingcomputer
-
Google Chrome tests Gemini-powered AI “Skills”
Google Chrome tests Gemini-powered AI “Skills” Google is testing “Skills” for Gemini in Chrome, which will allow AI in Chrome to perform tasks automatically, and it could challenge Perplexity Comet or Edge’s Copilot mode. […] Mayank Parmar Go to bleepingcomputer
-
Windows SMB Client Vulnerability Enables Attacker to Own Active Directory
Windows SMB Client Vulnerability Enables Attacker to Own Active Directory A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay attacks over network connections. Seven…
-
CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings
CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy tools online, malicious advertisements…
-
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the Bluetooth implementation of…
-
17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data
17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,”…
-
New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released
New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into requesting tickets…
-
“How many states are there in the United States?”, (Sun, Jan 18th)
“How many states are there in the United States?”, (Sun, Jan 18th) I’ve seen many API requests for different LLMs in the honeypot logs. Like this one: The prompt is always the same: “How many states are there in the United States?”. This is recon to find open LLMs. Not necessarily to exploit them, but to…
-
Weekly Update 487
Weekly Update 487 I thought Scott would cop it first when he posted about what his solar system really cost him last year. “You’re so gonna get that stupid AI-slop response from some people”, I joked. But no, he got other stupid responses instead! And I got the AI-slop responses! Draw your own conclusions on…
-
Google Vertex AI Flaw Lets Low-Privilege Users Escalate to Service Agent Roles
Google Vertex AI Flaw Lets Low-Privilege Users Escalate to Service Agent Roles Security researchers have discovered critical privilege escalation vulnerabilities in Google’s Vertex AI platform that allow attackers with minimal permissions to hijack high-privileged Service Agent… Go to gbhackers.com
-
Google Chrome now lets you turn off on-device AI model powering scam detection
Google Chrome now lets you turn off on-device AI model powering scam detection Google Chrome now lets you delete the local AI models that power the “Enhanced Protection” feature, which was upgraded with AI capabilities last year. […] Mayank Parmar Go to bleepingcomputer
-
Credential-stealing Chrome extensions target enterprise HR platforms
Credential-stealing Chrome extensions target enterprise HR platforms Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious GhostPoster browser extensions found with 840,000 installs
Malicious GhostPoster browser extensions found with 840,000 installs Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. […] Bill Toulas Go to bleepingcomputer
-
Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking
Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated protocol that has been cryptographically broken…
-
Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available
Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160 hours, about six and a…
-
Argus – Python-powered Toolkit for Information Gathering and Reconnaissance
Argus – Python-powered Toolkit for Information Gathering and Reconnaissance Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to include 135 modules. This tool consolidates network analysis, web app scanning, and threat intelligence into one interface. Users access modules through an interactive CLI that…
-
Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles
Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working as intended. Service…
-
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to…
-
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription…
-
Wireshark 4.6.3 Released, (Sat, Jan 17th)
Wireshark 4.6.3 Released, (Sat, Jan 17th) Wireshark release 4.6.3 fixes 4 vulnerabilities and 9 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account Takeover
Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account Takeover Security researchers have uncovered two critical cross-site scripting (XSS) vulnerabilities in Meta’s Conversions API Gateway that could enable attackers to hijack Facebook accounts on… Go to gbhackers.com
-
Researchers Breach StealC Infrastructure, Access Malware Control Panels
Researchers Breach StealC Infrastructure, Access Malware Control Panels Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. Security researchers recently demonstrated this vulnerability by… Go to gbhackers.com
-
Windows 11 January Update Sparks Widespread Shutdown Complaints
Windows 11 January Update Sparks Widespread Shutdown Complaints Microsoft’s latest security update for Windows 11 has triggered an unexpected problem affecting enterprise users: PCs equipped with Secure Launch are unable to shut… Go to gbhackers.com
-
ChatGPT Go subscription rolls out worldwide at $8, but it’ll show you ads
ChatGPT Go subscription rolls out worldwide at $8, but it’ll show you ads OpenAI’s $8 ChatGPT Go subscription, which gives you 10x more messages, is now available in the United States and other regions. […] Mayank Parmar Go to bleepingcomputer
-
OpenAI says its new ChatGPT ads won’t influence answers
OpenAI says its new ChatGPT ads won’t influence answers OpenAI has confirmed ChatGPT is getting ads in the coming weeks, but it promises that ads won’t influence answers generated by ChatGPT. […] Mayank Parmar Go to bleepingcomputer
-
StealC hackers hacked as researchers hijack malware control panels
StealC hackers hacked as researchers hijack malware control panels A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers’ hardware. […] Bill Toulas Go to bleepingcomputer
-
Black Basta boss makes it onto Interpol’s ‘Red Notice’ list
Black Basta boss makes it onto Interpol’s ‘Red Notice’ list The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. […] Bill Toulas Go to bleepingcomputer
-
China-linked hackers exploited Sitecore zero-day for initial access
China-linked hackers exploited Sitecore zero-day for initial access An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. […] Bill Toulas Go to bleepingcomputer
-
Researchers Gain Access to StealC Malware Command-and-Control Systems
Researchers Gain Access to StealC Malware Command-and-Control Systems Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies. The breach highlights critical security failures in criminal operations built around credential theft. XSS Vulnerability Exposes StealC Operators StealC,…
-
Windows 11 PCs Fail to Shut Down After January Security Update
Windows 11 PCs Fail to Shut Down After January Security Update Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported…
-
Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development
Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time employees under Cloudflare’s umbrella to accelerate Astro’s development. Cloudflare positions the move as a commitment to…
-
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the…
-
Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users
Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature, previously unavailable, addresses a common pain point for users who regret their original username choice but didn’t want to abandon years…
-
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. “The actor creates a malformed archive as an anti-analysis technique,” Expel security researcher Aaron Walton…