Today's Cybersecurity Pulse
Updated 2h agoCloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 23, 2026
Secure Your Google Ads Account Against The Rise In Hijackings
Google Ads account hijackings are accelerating, especially against agencies that manage large budgets. Attackers exploit weak login practices, phishing, and even Google Analytics or Tag Manager to bypass two‑factor authentication. Google’s official guide recommends HTTPS, verified @google.com emails, link scrutiny, phone‑call caution, 2‑step verification, and MCC‑level security policies. Additional expert tips stress unique passwords, minimal access, careful invitation handling, and monitoring GA4 and GTM for reconnaissance and session‑hijacking vectors.
By Search Engine Roundtable
News•Jan 23, 2026
Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial...
On Jan. 16, 2026 the Supreme Court granted certiorari in United States v. Chatrie, asking whether bulk geofence warrants satisfy the Fourth Amendment’s particularity requirement. A geofence warrant compels a data custodian to hand over location records for every device within a...
By Security Boulevard
News•Jan 23, 2026
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
By SecurityWeek
News•Jan 23, 2026
Percipience Achieves SOC 2 Type I Compliance
Percipience, an insurtech data and analytics provider, announced it has achieved SOC 2 Type I compliance, confirming that its security, availability, and confidentiality controls are properly designed. The audit, conducted by an independent firm, validated the company’s policies on access management, change...
By AI-TechPark
Social•Jan 23, 2026
Secure Solutions for Journalists and At‑Risk Professionals
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. https://t.co/5eyprsSuBF
By Runa Sandvik
News•Jan 23, 2026
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise
Red Teaming simulates real‑world attacker behavior across people, processes, and technology, going beyond traditional penetration testing that only flags technical flaws. It helps enterprises verify whether detection, response, and containment capabilities can stop a breach before business damage occurs. Leaders...
By Security Boulevard
News•Jan 23, 2026
How ASPM Protects Cloud-Native Applications From Misconfigurations and Exploits
Application Security Posture Management (ASPM) consolidates vulnerability, misconfiguration, and runtime data into a single, continuous risk model for cloud‑native applications. By graph‑linking code commits, container images, Kubernetes objects, and cloud resources, ASPM reveals which findings are truly exploitable. This unified...
By Security Boulevard
News•Jan 23, 2026
149 Million Usernames and Passwords Exposed by Unsecured Database
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
By WIRED (Security)
Social•Jan 23, 2026
FBI Seizes Reporter’s Devices, Including Encrypted Drive
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored reporting notes on an encrypted external drive, so...
By Runa Sandvik
News•Jan 23, 2026
Elastic Agent Builder Expands How Developers Build Production-Ready AI Agents
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
By Help Net Security
News•Jan 23, 2026
Cobalt Achieves CSA AI Trustworthy Pledge
Cobalt, a pioneer of Penetration Testing as a Service, has earned the Cloud Security Alliance (CSA) AI Trustworthy Pledge by completing the STAR Level 1 CAIQ Self‑Assessment based on version 4.0.3. The certification aligns Cobalt’s practices with the CSA Cloud Controls Matrix,...
By AI-TechPark
News•Jan 23, 2026
Ring Now Lets Users Verify Whether Videos Have Been Altered
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
By Help Net Security
News•Jan 23, 2026
What Are Drive-By Download Attacks?
Drive‑by download attacks automatically install malware when a user visits a compromised website, requiring no clicks or consent. They exploit outdated browsers, plugins, or operating systems, often via malicious scripts, malvertising, or exploit kits. The resulting payloads range from trojans...
By Security Boulevard
News•Jan 23, 2026
Buterin Calls 2026 the Year to Reclaim Self-Sovereign Computing
Vitalik Buterin announced 2026 as the year to reclaim self‑sovereign computing, swapping his daily tools for open‑source, privacy‑preserving alternatives. He moved from Google Docs to Fileverse, Telegram to Signal, Google Maps to OrganicMaps/OpenStreetMap, and Gmail to ProtonMail, while also experimenting with...
By Cointelegraph
News•Jan 23, 2026
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
Manage My Health, a New Zealand digital health portal, confirmed a breach that accessed documents in its My Health Documents feature, affecting over 120,000 patients. While live clinical systems remained untouched, fraudsters are now impersonating the service to send phishing and...
By The Cyber Express
News•Jan 23, 2026
Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t
Technology veteran Alan Shimel discovered an Instagram account impersonating him, using the handle shimel.alan, which quickly followed 85 of his contacts and received follow‑backs from ten. He reported the account through Meta’s built‑in AI‑driven reporting tool, only to receive an...
By Security Boulevard
News•Jan 23, 2026
Iboss Unveils AI-Powered SSPM Capability to Reduce SaaS Risk
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
By Help Net Security
News•Jan 23, 2026
This Guide Will Show You How to Create SAML Identity Management.
The guide walks CTOs and VPs of Engineering through building SAML‑based identity management for enterprise single sign‑on, covering claim design, certificate handling, and a step‑by‑step migration from ADFS. It explains how to configure assertions, secure metadata, and align SAML with...
By Security Boulevard
News•Jan 23, 2026
ADIB Names Winners of UAE Cybersecurity Innovation Challenge to Drive Digital Resilience
Abu Dhabi Islamic Bank (ADIB) announced the three winners of its UAE Cybersecurity Innovation Challenge—Corgea, Nothreat and DTEX Systems—selected from more than 50 global applicants. The competition, run with the UAE Cyber Security Council and DIFC Innovation Hub, featured 10...
By The Fintech Times
News•Jan 23, 2026
Finextra & ACI Worldwide Release New Survey Report on the Global State of Fraud and Financial Crime
Finextra and ACI Worldwide released the "AI in Action" global survey, analyzing responses from 154 industry leaders on AI‑driven fraud prevention. Over half of organisations (51%) already run AI solutions, with another 47% planning deployments within two years. The study...
By Finextra
News•Jan 23, 2026
South Korea Probes Loss of Seized Bitcoin in Phishing Attack
South Korean prosecutors in Gwangju are investigating the disappearance of a large bitcoin cache seized in a criminal case, which an internal audit attributes to a phishing breach during official custody. The incident underscores the vulnerability of government-held digital assets...
By CoinDesk
News•Jan 23, 2026
Microsoft Introduces Winapp, an Open-Source CLI for Building Windows Apps
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
By Help Net Security
News•Jan 23, 2026
Ethereum Mainnet Daily Active Addresses Surpass All Layer-2s
Ethereum’s mainnet daily active addresses have surged to roughly 945,000, briefly peaking at 1.3 million, surpassing all major layer‑2 networks. The recent Fusaka upgrade, which slashed gas fees, is credited for the activity boost, though security analysts warn that address‑poisoning attacks...
By Cointelegraph
Blog•Jan 22, 2026
Advances Post-Quantum Aggregation with Code-Based Homomorphic Encryption and LPN
Researchers at the Technical University of Munich present a post‑quantum secure aggregation protocol built on code‑based homomorphic encryption under the Learning Parity with Noise (LPN) assumption. The design features a key‑ and message‑additive homomorphic scheme, a committee‑based decryptor realized via...
By Quantum Zeitgeist
News•Jan 22, 2026
Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
By BleepingComputer
News•Jan 22, 2026
NDSS 2025 – Rethinking Trust In Forge-Based Git Security
The NDSS 2025 paper introduces gittuf, a decentralized security layer for Git repositories that removes reliance on a single trusted forge. By distributing policy declaration, activity tracking, and enforcement among all contributors, gittuf lets developers independently verify changes. The system...
By Security Boulevard
News•Jan 22, 2026
Why AI Is Making Attack Surface Management Mandatory
Amit Sheps of CyCognito warns that AI is rapidly expanding enterprise attack surfaces, making traditional vulnerability hunting insufficient. He stresses that without continuous external discovery and clear ownership mapping, security teams cannot prioritize true risk. AI both creates new entry...
By Security Boulevard
News•Jan 22, 2026
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
By HackRead
News•Jan 22, 2026
AI-Powered Disinformation Swarms Are Coming for Democracy
Researchers warn that advances in AI will enable single operators to command swarms of thousands of autonomous social‑media agents that produce indistinguishable human content. These AI‑driven disinformation networks can adapt in real time, target specific communities, and conduct rapid micro‑testing...
By WIRED AI
News•Jan 22, 2026
ICE Agents Are ‘Doxing’ Themselves
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
By WIRED (Security)
Blog•Jan 22, 2026
Governing Cybersecurity in the AI Era -Pwc Workshop 2026
PwC‑affiliated firm A.F. Ferguson & Co. hosted a one‑day masterclass titled “Governing Cybersecurity in the AI Era – Digital Trust, Risk & Resilience” on 22 January 2026 in Karachi. More than 100 senior technology and business leaders, including CISOs, CIOs and CFOs,...
By Erdal Ozkaya’s Cybersecurity Blog
News•Jan 22, 2026
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
By SecurityWeek
News•Jan 22, 2026
Microsoft Teams to Add Brand Impersonation Warnings to Calls
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
By BleepingComputer
News•Jan 22, 2026
10Web WordPress Photo Gallery Plugin Vulnerability via @Sejournal, @Martinibuster
A vulnerability in the Photo Gallery by 10Web WordPress plugin allows unauthenticated attackers to delete image comments. The flaw stems from a missing capability check in the delete_comment() function and affects all versions up to 1.8.36, primarily the Pro edition...
By Search Engine Journal
News•Jan 22, 2026
INC Ransomware Opsec Fail Allowed Data Recovery for 12 US Orgs
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
By BleepingComputer
News•Jan 22, 2026
Critical Appsmith Flaw Enables Account Takeovers
A critical authentication flaw (CVE‑2026‑22794) was discovered in Appsmith’s low‑code platform. The vulnerability stems from the password‑reset endpoint trusting the client‑supplied Origin header, allowing attackers to craft malicious reset links and capture tokens. Exploitation enables full account takeover, including admin...
By Infosecurity Magazine
Social•Jan 22, 2026
Claude Extension Serves as Fallback when Browsers Blocked
When you don't have an Skill/MCP, a headless browser is blocked, curl and fetch are blocked... the Claude extension is a slow but serviceable backup.
By Jason Haddix
News•Jan 22, 2026
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
A critical vulnerability (CVE‑2025‑67968) in the RealHomes CRM plugin, bundled with a popular WordPress real‑estate theme, affected over 30,000 sites. Versions 1.0.0 and earlier allowed any logged‑in subscriber to upload arbitrary files via a CSV import endpoint, enabling potential full...
By Infosecurity Magazine
News•Jan 22, 2026
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
By SecurityWeek
News•Jan 22, 2026
Why Active Directory Password Resets Are Surging in Hybrid Work
Hybrid work has turned routine Active Directory password resets into a major productivity drain, as cached credentials and frequent rotation policies cause more lockouts. Since 2022, over half of U.S. employees operate in hybrid models, leading to an estimated 923...
By BleepingComputer
News•Jan 22, 2026
RSA Group Announces New $135 Million Capital Infusion and Debt Refinancing to Accelerate AI Product Innovation and Organic Growth
RSA Group announced a $135 million capital infusion backed by its existing lenders, coupled with a refinancing of its first‑ and second‑lien debt. The deal extends debt maturities, de‑leverages the balance sheet, and improves liquidity. Proceeds will fund AI‑driven enhancements to...
By AiThority
Blog•Jan 22, 2026
Kasada Launches AI Agent Trust to Secure Agentic Commerce
Kasada, a bot management and fraud protection company, unveiled AI Agent Trust, a solution designed to secure automated traffic on digital commerce sites. The platform provides a searchable directory that verifies AI agents and lets brands apply policy‑based controls to...
By Shopifreaks
Blog•Jan 22, 2026
Canada Court Overturns Order to Close TikTok Operations
Canada’s Federal Court has overturned a government directive that would have forced TikTok to shut down its Canadian operations. Judge Russell Zinn set aside the order and instructed Industry Minister Melanie Joly to conduct a new security review. The ruling...
By Shopifreaks
News•Jan 22, 2026
Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data
Kazakhstan is drafting legislation to impose criminal liability for mass leaks of personal data, as proposed by the Ministry of Artificial Intelligence and Digital Development. The same proposal would dramatically increase administrative fines for organizations that fail to meet information‑security...
By DataBreaches.net
News•Jan 22, 2026
Searchlight Cyber Adds Ransomware Leak Site Visibility with Ransomware File Explorer
Searchlight Cyber introduced Ransomware File Explorer, a new feature in its Cerberus platform that provides searchable visibility into file‑tree data posted on ransomware leak sites. The tool indexes file‑tree metadata, enabling instant keyword searches without handling malicious archives. It helps...
By SiliconANGLE
News•Jan 22, 2026
Salt Security Expands “Universal Visibility” With Specialized API Security for Databricks and Rapid Edge Support for Netlify
Salt Security announced two strategic integrations that broaden its Universal Visibility platform: the Salt Databricks Connector and the Salt Netlify Collector. The Databricks connector provides dedicated API‑security discovery for the Agentic AI Action Layer, mapping AI agents’ API calls and...
By MarTech Series
News•Jan 22, 2026
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA released a patch on January 20 2026 for four critical vulnerabilities in its CUDA Toolkit, affecting Nsight Systems and Nsight Visual Studio tools. The flaws enable local command injection and arbitrary code execution through inadequate input validation and insecure DLL loading,...
By GBHackers On Security
News•Jan 22, 2026
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability identified as CVE‑2025‑13878 affects BIND 9 DNS servers, allowing remote attackers to crash the named process using malformed BRID or HHIT records. The flaw impacts several stable branches—9.18.40‑9.18.43, 9.20.13‑9.20.17, and 9.21.12‑9.21.16—and carries a CVSS v3.1 score of 7.5,...
By GBHackers On Security
News•Jan 22, 2026
Energy Sector Orgs Targeted with AiTM Phishing Campaign
Microsoft has identified a sophisticated AiTM phishing campaign targeting energy‑sector organizations. Attackers use compromised trusted email accounts to send “NEW PROPOSAL – NDA” messages containing a malicious SharePoint link that leads to a fake login page. The page captures credentials...
By Help Net Security
Social•Jan 22, 2026
Rethink Dispute Processes to Turn Fraud Into Advantage
Banks can turn first-party fraud from a hidden vulnerability into a competitive advantage if they rethink dispute processes. Join our conversation with @shanthi_peace, CEO of Casap. Watch the full episode: https://t.co/aCTj9YH63K https://t.co/vmuPbei31q
By Jim Marous