Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
NY: Southold Laserfiche Access Remains Suspended After Cyberattack
Southold, New York, has kept its Laserfiche online record‑keeping system offline for more than six weeks after a cyberattack on Nov. 24 compromised its servers. The town announced that public access will remain suspended with no clear restoration timeline. To remediate, officials approved a $500,000 bond to fund extensive security upgrades before reopening the platform. Supervisor Al Krupski emphasized the priority of safeguarding data before resuming service.
Central Maine Healthcare Breach Exposed Data of over 145,000 People
Central Maine Healthcare suffered a cyber intrusion that lasted from March 19 to June 1, 2024, exposing the personal and health information of 145,381 individuals. The breach affected patients, current and former employees, revealing names, dates of birth, treatment details,...
NDSS 2025 – A Comprehensive Memory Safety Analysis Of Bootloaders
Researchers at NDSS 2025 presented the first systematic memory‑safety study of bootloaders, revealing a growing attack surface as these low‑level programs add features. By surveying prior vulnerabilities and building a dedicated fuzzing framework, the team examined nine popular bootloaders and...
New Windows Updates Replace Expiring Secure Boot Certificates
Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 devices. The certificates, which protect the pre‑boot environment, are set to expire in June 2026, prompting a phased rollout through Windows quality updates. High‑confidence devices receive the...
FortiOS Vulnerability Allows Remote Code Execution Without Login
Fortinet disclosed a heap‑based buffer overflow in the cw_acd daemon of FortiOS and FortiSwitchManager that allows unauthenticated remote code execution. The flaw can be triggered via crafted network requests, especially on exposed fabric interfaces, and affects versions from 6.4.17 up...
Man to Plead Guilty to Hacking US Supreme Court Filing System
Nicholas Moore, a 24‑year‑old from Springfield, Tennessee, is set to plead guilty to unauthorized access of the U.S. Supreme Court’s electronic filing system on 25 separate days between August and October 2023. Prosecutors allege he obtained information from a protected...
Windows 11 KB5074109 & KB5073455 Cumulative Updates Released
Microsoft released the Windows 11 KB5074109 and KB5073455 cumulative updates for 25H2/24H2 and 23H2, delivering the January 2026 Patch Tuesday security patches. The updates raise build numbers to 26200.7623 (or 26100.7462) and 226x1.6050, and they address a range of vulnerabilities, driver compatibility,...
Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Flaws
Microsoft released its January 2026 Patch Tuesday update, addressing 114 security flaws across Windows and related services. The bundle includes eight critical vulnerabilities—six remote code execution and two elevation‑of‑privilege bugs—plus one actively exploited information‑disclosure flaw in Desktop Window Manager. Two publicly...
What Is a DNS Attack? Understanding the Risks and Threats
The Domain Name System (DNS) remains a critical yet vulnerable internet backbone, with 88% of organizations reporting at least one DNS attack in 2023. Attacks such as hijacking, cache poisoning, and DDoS floods can redirect users, cause service outages, and...
After Goldman, JPMorgan Discloses Law Firm Data Breach
JPMorgan Chase disclosed to the Maine Attorney General that a data breach at law firm Fried Frank exposed personal information of 659 investors in a private‑equity fund. The breach involved unauthorized copying of files containing names, contact details, account numbers,...
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
The Salt Typhoon espionage campaign compromised email accounts of U.S. congressional staff by exploiting stolen credentials rather than deploying malware. Attackers blended into normal email and cloud traffic, maintaining persistent, low‑noise access to sensitive communications. The breach underscores that identity systems...
GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide
GitGuardian reported record ARR growth in 2025, fueled by rapid enterprise adoption across North America and Europe. The platform now safeguards over 115,000 developers, monitors more than 610,000 repositories and 210,000 collaboration‑tool sources, a seven‑fold increase from the prior year....
Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
Scammers are posting fake LinkedIn reply comments that mimic official policy‑violation notices and direct users to malicious links. The fraudsters leverage LinkedIn’s own lnkd.in URL shortener, making the phishing URLs appear legitimate. Impersonated company pages also use the LinkedIn logo...
Antwerp’s AZ Monica Hospital Hit by Cyber Attack
AZ Monica hospital in Antwerp suffered a cyber attack on Tuesday, forcing a shutdown of computer systems at its Deurne and Harmonie campuses. The breach was detected at 6:30 am, prompting staff to power down servers and initiate an investigation by...
When the Marketing Graph Becomes the Target Map
A Wired investigation uncovered that Google’s ad service hosted audience segments tied to highly sensitive groups, allowing marketers and potential adversaries to target mobile devices linked to government employees and executives. The article warns that modern ad‑tech pipelines collect granular...
F5 NGINXaaS for Google Cloud Protects Cloud-Native Applications
F5 has introduced F5 NGINXaaS for Google Cloud, a managed, cloud‑native application delivery‑as‑a‑service that unifies load balancing, security and observability. Developed with Google Cloud, the service is available through the Marketplace and targets containerized, AI‑enabled workloads. It offers programmable traffic...
Widespread Magecart Campaign Targets Users of All Major Credit Cards
Silent Push researchers have uncovered a global Magecart campaign that has been skimming credit‑card data from all major networks since 2022. The attackers host malicious JavaScript on innocuous domains such as cdn‑cookie.com and erase the code when a WordPress admin bar...
Concentric AI Releases Private Scan Manager for AWS GovCloud (US)
Concentric AI has added Private Scan Manager support for AWS GovCloud (US), allowing federal agencies, contractors, and partners to run its Semantic Intelligence platform within isolated, U.S.-only cloud regions. The extension follows earlier 2025 announcements of private‑cloud scanning for Azure...
![[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2N9qZuwkcslheNUOsWaTDrMYeXiBUfw1y-hItTvuGo71srarOm7AWzq3o7ro9E0x_CnC7XmJGXKl1tfkc6gTMK288y6M_zN6Yg1FATduXSQmMlp_jnHESxVYZDuJnNozO_Ff-r-lWIyG5AikC8AwrOckeYVYcCQv2RjeLof2bxV_TrcbvRvZqrTIcjD0/s2600/ai-agent.jpg)
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
The Hacker News webinar spotlights the emerging security gap as agentic AI tools like Copilot, Claude Code, and Codex move from code generation to full‑cycle software deployment. Central to the risk are Machine Control Protocols (MCPs), which dictate which tools,...
PowerShell-Driven Multi-Stage Windows Malware Using Text Payloads
Researchers have uncovered the SHADOW#REACTOR campaign, a multi‑stage Windows malware chain that starts with an obfuscated VBS script and escalates through a PowerShell stager, text‑only payloads, and a .NET Reactor‑protected loader. The loader reflectively injects a Remcos RAT payload entirely...
Can You Afford the Total Cost of Free Java?
Running Java on a free, unsupported JVM carries hidden risks as exploit timelines have accelerated dramatically. In 2023, attackers began leveraging newly disclosed Java flaws within five days, and some incidents occurred in under an hour. Without commercial support, organizations...
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
ServiceNow’s Virtual Agent API and Now Assist AI Agents contain a critical broken‑authentication flaw (CVE‑2025‑12420) that lets unauthenticated attackers impersonate any user using only an email address. The vulnerability exploits a static provider secret and email‑only auto‑linking to bypass MFA...
HoneyTrap: Outsmarting Jailbreak Attacks on Large Language Models
Researchers from Shanghai Jiao Tong University, UIUC and Zhejiang University introduced HoneyTrap, a deceptive‑defense framework that counters multi‑turn jailbreak attacks on large language models. The system employs four specialized defensive agents to mislead attackers, prolong interactions, and drain computational resources...
Armenia Probes Alleged Sale of 8 Million Government Records on Hacker Forum
Armenian authorities have launched a probe after a hacker identified as dk0m claimed to be selling eight million government records on a dark‑web forum. The data allegedly originates from a state notification system that distributes legal and administrative notices. Officials...
Massive Cyberattack on Polish Power System in December Failed, Minister Says
Poland’s power grid endured its biggest cyberattack in years during the last week of December, according to Energy Minister Milosz Motyka. The operation attempted to sever communication links between renewable energy installations and distribution operators, but was ultimately thwarted with...
Noction Adds Automatic Anomaly Detection to IRP v4.3 for Faster DDoS Mitigation
Noction launched Intelligent Routing Platform (IRP) v4.3, adding Automatic Anomaly Detection (AAD) that spots abnormal traffic and triggers edge‑level DDoS mitigation. The system can automatically apply BGP FlowSpec filters or blackhole traffic, with optional operator review. IRP v4.3 also upgrades Commit Control...
Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities.
Android banking trojan deVixor, active since October 2025, is distributing through counterfeit automotive‑sale websites targeting Iranian users. The malware harvests SMS OTPs, banking credentials, and cryptocurrency exchange data, and can remotely lock devices with a ransomware command demanding 50 TRX. Its...
Q4 2025 Malware Trends: Telegram Backdoor, Banking Trojans Surge, Joker Returns to Google Play
Doctor Web’s Q4 2025 mobile‑malware report reveals a modified Telegram X app delivering the Android.Backdoor.Baohuo.1.origin backdoor, compromising roughly 58,000 Android devices across phones, tablets, smart TVs and in‑car systems. The same period saw a 65% surge in Android banking trojans and the re‑appearance...
ColorTokens Achieves FedRAMP® Moderate ATO for Xshield™
ColorTokens announced that its Xshield Enterprise Microsegmentation Platform has received a FedRAMP® Moderate Authority to Operate, confirming compliance with hundreds of NIST SP 800‑53 controls. The authorization, validated by an accredited third‑party assessment organization, allows the solution to handle Controlled Unclassified Information...
Minimal Ubuntu Pro Expands Canonical’s Cloud Security Offerings
Canonical has launched Minimal Ubuntu Pro images for public cloud platforms, delivering a leaner base OS with only essential components. The images retain Ubuntu Pro’s extended security maintenance, covering core packages and critical cloud functionality. They are now available through...
1980s Hacker Manifesto
Forty years ago, Loyd Blankenship—known as The Mentor—published “The Conscience of a Hacker” in the underground magazine Phrack, creating what is now called the 1980s Hacker Manifesto. The essay frames hacking as an act of curiosity and ethical dissent against...
CyRC Advisory: Vulnerability in Broadcom Chipset Causes Network Disruption and Client Disconnection on Wireless Routers
The Black Duck Cybersecurity Research Center identified a high‑severity vulnerability in Broadcom’s wireless chipset used in ASUS RT‑BE86U routers. A single over‑the‑air frame can render the 5 GHz Wi‑Fi network unresponsive, forcing a manual router reset and potentially corrupting ongoing data...
Key Learnings From the Latest CyRC Wi-Fi Vulnerabilities
Black Duck Cybersecurity Research Center (CyRC) disclosed high‑risk Wi‑Fi vulnerabilities in ASUS and TP‑Link routers that allow network disruption with a single malformed frame. The flaws were identified through Defensics fuzz testing and bypass WPA2/WPA3 encryption, highlighting protocol‑level weaknesses. Vendors...
New Advanced Linux VoidLink Malware Targets Cloud and Container Environments
Check Point Research has uncovered VoidLink, a sophisticated, cloud‑native Linux malware framework designed for long‑term stealth in cloud and container environments. First seen in December 2025, the platform includes custom loaders, rootkits, and more than 30 plug‑in modules written in Zig,...
Flagging Breach Data as Sensitive Prevents Harmful Doxing
Occasionally, someone takes issue with me flagging a data breach as "sensitive" such that the email addresses can't be publicly searched because they want to dox the users. That's a *really* bad idea, for many reasons: https://t.co/rEtQPHkxf7
Who Decides Who Doesn’t Deserve Privacy?
Troy Hunt reflects on the Ashley Madison breach, noting how public doxing caused suicides, broken marriages and job losses. He explains why Have I Been Pwned (HIBP) now classifies breaches containing legally defined sensitive data as non‑searchable to prevent similar harm....
Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill
The UK Parliament’s Public Bill Committee has opened a consultation for the Cyber Security and Resilience Bill (CSRB), the successor to the 2018 NIS Regulations and a NIS2‑style overhaul for critical infrastructure. After its second reading, the bill now enters...
For Application Security: SCA, SAST, DAST and MAST. What Next?
Application security is moving beyond isolated scanners toward a unified posture, provenance, and proof framework. Gartner and OWASP now emphasize Application Security Posture Management (ASPM) that aggregates SAST, DAST, SCA, MAST and IaC findings into a single, context‑aware view. Provenance...
Global Magecart Campaign Targets Six Card Networks
Security firm Silent Push uncovered a long‑running Magecart skimming operation that has been active since 2022. The campaign injects malicious JavaScript into e‑commerce sites, targeting six major payment networks – American Express, Diners Club, Discover, JCB, Mastercard and UnionPay. Victims see a...
Threat Actors Exploit RMM Tools Through Weaponized PDF Files
Threat actors are leveraging weaponized PDF attachments to install legitimate Remote Monitoring and Management (RMM) tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. The campaign, uncovered by ASEC, began with deceptive PDFs that display error messages or images, prompting users...
Hexaware Partners with AccuKnox for Cloud Security Services
AccuKnox and Hexaware Technologies announced a strategic partnership to deliver a comprehensive Zero Trust cloud security platform for enterprise clients managing hybrid, multi‑cloud, and AI‑driven environments. The collaboration combines AccuKnox’s CNAPP, CSPM, Kubernetes security, and runtime enforcement tools with Hexaware’s...
Your Personal Information Is on the Dark Web. What Happens Next?
A surge in data breaches and cyber‑crime tools has flooded the dark web with personal and financial information, with 1,732 incidents reported in the first half of 2025 alone. Threat actors leverage infostealer malware, AI‑generated phishing, and supply‑chain attacks to...
AI EdgeLabs Launches Compliance Center and Linux Audit for NIS2 and CRA Readiness
AI EdgeLabs unveiled its Compliance Center and Linux Audit suite, targeting organizations bound by the EU NIS2 directive and the Cyber Resilience Act. The platform replaces manual reporting with continuous, AI‑driven visibility, delivering a unified risk score and real‑time posture...
%20(1)%20(1).webp?ssl=1)
SAP January 2026 Security Patch Day Fixes Critical Injection and RCE Flaws
On January 13, 2026 SAP issued its monthly Security Patch Day, releasing 17 security notes that address 15 vulnerabilities across its product portfolio. Four critical‑severity flaws—CVE‑2026‑0501 (SQL injection in S/4HANA General Ledger), CVE‑2026‑0500 (remote code execution in Wily Introscope), and...
Parrot OS Shares Its 2026 Plans for Security Tools and Platform Support
Parrot OS, the Debian‑based cybersecurity distribution, released version 7.0 in late 2025 and outlined its 2026 roadmap. The plan adds new security and AI‑focused tools, enhances lightweight, container and cloud deployment support, and expands documentation for repeatable labs. Development will...
Email Is Not Legacy. It’s Infrastructure.
Email remains the backbone of modern business, not a relic, because it operates as an open protocol that connects vendors, customers, and internal teams. A recent survey shows 82 % of IT leaders consider it the most important channel for external...
Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead
Russia’s crackdown on the illegal probiv data‑leak market, spurred by a personal fraud incident involving President Putin’s associate, led to the arrest of Solaris platform founders but may have unintentionally strengthened the underground ecosystem. The probiv market, originally a convenient...
![MFA Prompt Bombing (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
MFA Prompt Bombing (Noun) [Word Notes]
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this...
DPRK Hackers Earn $600M Posing as Remote Workers
North Korean state‑sponsored hackers are masquerading as remote IT workers, generating up to $600 million annually for the regime. They infiltrate Western firms by securing legitimate remote positions or creating fake front‑company job postings, then use living‑off‑the‑land techniques to embed persistent...
Rakuten Viber CISO/CTO on Balancing Encryption, Abuse Prevention, and Platform Resilience
Rakuten Viber’s CISO/CTO Liad Shnell says the messenger is now critical infrastructure, so security priorities extend beyond confidentiality to availability, integrity and abuse resilience. The platform ships end‑to‑end encryption by default and relies on AI‑driven analysis of metadata, behavioral signals...