🎯Today's Cybersecurity Pulse
Updated 55m agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
News•Jan 16, 2026
StealC Hackers Hacked as Researchers Hijack Malware Control Panels
Researchers at CyberArk uncovered a cross‑site scripting (XSS) vulnerability in the web‑based control panel of the StealC info‑stealing malware. Exploiting the flaw, they observed active operator sessions, harvested browser and hardware fingerprints, and hijacked session cookies to gain remote control of the panel. The investigation revealed that a StealC operator was using an Apple M3 system from Ukraine, inadvertently exposing a real IP address after bypassing a VPN. The disclosure is intended to disrupt the malware‑as‑a‑service ecosystem that has seen a surge in StealC operators.
By BleepingComputer
News•Jan 16, 2026
CCPA: Understanding How Synthetic Data Can Help Achieve Compliance
The California Consumer Privacy Act (CCPA) and its 2023 amendment, the CPRA, now affect any firm handling data from California residents, yet only 11 % of U.S. businesses are fully compliant. Compliance requires embedding consent management, sensitive‑data classification, audit trails, and...
By Security Boulevard
News•Jan 16, 2026
NASA Develops Blockchain Technology to Enhance Air Travel Safety and Security
NASA researchers conducted a drone‑based flight test at Ames Research Center using an open‑source blockchain framework to secure real‑time transmission of flight data. The system proved capable of protecting telemetry, flight plans and operator registrations from interception or tampering. By...
By NASA - News Releases
News•Jan 16, 2026
NDSS 2025 – Vulnerability, Where Art Thou? Vulnerability Management In Android Smartphone Chipsets
The NDSS 2025 paper presents the first unified knowledge base of 3,676 Android smartphone chipset vulnerabilities spanning 437 chipset models and 6,866 phone models. It shows that many flaws are inherited across multiple chipset generations, contradicting the assumption that newer...
By Security Boulevard
News•Jan 16, 2026
Jordanian Man Admits Selling Unauthorized Access to Computer Networks of 50 Companies
Jordanian national Feras Albashiti, operating under several aliases, pleaded guilty in U.S. federal court to acting as an access broker. He sold unauthorized network credentials for at least 50 companies to an undercover officer in May 2023, receiving payment in...
By DataBreaches.net
News•Jan 16, 2026
Hacker Steals $282 Million Crypto in Hardware Wallet Social-Engineering Attack
A hacker executed a sophisticated social‑engineering attack on a hardware wallet, stealing roughly $282 million worth of Bitcoin and Litecoin. The stolen assets—1,459 BTC and 2.05 million LTC—were quickly swapped for the privacy coin Monero and partially bridged to Ethereum, Ripple, and Litecoin via...
By CoinDesk
Social•Jan 16, 2026
Iran-Linked Hack Targets Middle East Gmail, WhatsApp Accounts
Spoke to @zackwhittaker about a hacking campaign targeting high-profile Gmail and WhatsApp accounts across the Middle East, found by @NarimanGharib earlier this week. Gharib believes the campaign is linked to Iran, TechCrunch was unable to attribute it. https://t.co/XH9cRWtxh2
By Runa Sandvik
News•Jan 16, 2026
JWT Claims Explained: Complete Guide to Standard & Custom JWT Token Claims
The article outlines emerging quantum‑resistant frameworks for federated learning, highlighting how lattice‑based cryptography can slash communication overhead by roughly 20 percent while preserving privacy. It details new P2P tunnel architectures and Gopher Security’s post‑quantum encryption to thwart man‑in‑the‑middle attacks. Zero‑trust...
By Security Boulevard
News•Jan 16, 2026
How a Hacking Campaign Targeted High-Profile Gmail and WhatsApp Users Across the Middle East
A WhatsApp‑delivered phishing campaign targeting high‑profile Gmail and WhatsApp users across the Middle East was uncovered after activist Nariman Gharib shared a malicious link. Researchers traced the attack to DuckDNS‑masked domains such as alex-fabow.online, which harvested credentials, two‑factor codes, and...
By TechCrunch (Cybersecurity)
News•Jan 16, 2026
The Recent Computer Hack of the European Space Agency Was Bigger than It Admitted
The European Space Agency (ESA) disclosed a December‑era hack that it described as limited, but new reports reveal a far larger breach. Security researchers say attackers gained initial access in September via an unpatched public CVE and exfiltrated roughly 500 GB...
By Behind the Black
Blog•Jan 16, 2026
Data Breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization Impacts 750,000 People
Canada’s self‑regulatory body, the Canadian Investment Regulatory Organization (CIRO), disclosed a data breach affecting roughly 750,000 individuals. The breach stemmed from a phishing attack in August 2025 that allowed threat actors to copy a limited set of investigative, compliance and...
By Security Affairs
News•Jan 16, 2026
Google Vertex AI Security Permissions Could Amplify Insider Threats
XM Cyber uncovered two privilege‑escalation flaws in Google Vertex AI where default configurations let a low‑privileged "Viewer" user hijack high‑privilege service‑agent identities. Google responded that the behavior is "working as intended," echoing similar stances from other cloud providers. The issue...
By CSO Online
News•Jan 16, 2026
Act Now: Survey on Threats Researchers and Journalists Experience Ends January 18
A new survey by DataBreaches.net and Zack Whittaker seeks to document threats faced by cybersecurity researchers and journalists, closing on January 18. The call follows recent high‑profile incidents, including an FBI raid on Washington Post reporter Hannah Natanson and court‑ordered injunctions that...
By DataBreaches.net
News•Jan 16, 2026
To Forecast Agentic Commerce Adoption, Look to Biometrics and Digital IDs
The episode explores how the rollout patterns of biometric authentication and digital ID cards can inform expectations for agentic commerce adoption, noting that none of these technologies are yet ubiquitous but will see broader real‑world pilots in 2026. Analyst Christopher...
By Payments Journal
News•Jan 16, 2026
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Researchers identified five malicious Chrome extensions that masquerade as HR and ERP tools such as Workday, NetSuite, and SuccessFactors. The add‑ons steal authentication cookies, block security‑admin pages, and enable session hijacking by injecting stolen tokens. While most have been removed...
By The Hacker News
News•Jan 16, 2026
AI System Reduces Attack Reconstruction Time From Weeks to Hours
Pacific Northwest National Laboratory unveiled ALOHA, an AI‑driven system that reconstructs cyber attacks in hours instead of weeks. Leveraging Anthropic’s Claude LLM and MITRE’s Caldera framework, ALOHA translates threat reports into full attack playbooks and automatically tests them against simulated...
By Dark Reading
News•Jan 16, 2026
From Quantum Resilience to Identity Fatigue: Three Trends Shaping Print Security in 2026
Print devices are emerging as high‑risk edge nodes, with 2025 attacks exposing blind spots in firmware, default credentials, and network exposure. In 2026 organizations must adopt continuous, automated monitoring of printer fleets to curb IoT‑related breaches. Simultaneously, the rollout of...
By Security Boulevard
News•Jan 16, 2026
Inside the Rise of the Always Watching, Always Learning Enterprise Defense System
Enterprises are abandoning perimeter‑based defenses in favor of zero‑trust architectures that continuously verify identity, intent, and behavior. AI‑driven detection platforms now ingest authentication logs, network flows, and telemetry to spot anomalies in real time. Automated remediation isolates suspicious devices or...
By Security Boulevard
News•Jan 16, 2026
Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise
A critical Windows Admin Center Azure SSO vulnerability (CVE‑2026‑20965) enables an attacker with local administrator rights on a single Azure VM or Arc‑connected system to forge a WAC.CheckAccess token and a PoP token, impersonating privileged users across the entire tenant. The...
By eSecurity Planet
News•Jan 16, 2026
Swimlane Joins the WIN to Bring Agentic AI Automation to Cloud Security Ops
Swimlane has joined the Wiz Integration Network, linking its Turbine agentic AI automation platform with Wiz’s cloud risk visibility. The integration streams real‑time misconfiguration and vulnerability data from Wiz into Turbine, which automatically enriches, prioritizes and remediates findings. Custom playbooks...
By AI-TechPark
News•Jan 16, 2026
DataDome Names Pradheep Sampath Chief Product Officer
DataDome announced the appointment of Pradheep Sampath as Chief Product Officer, bringing extensive identity, authentication, and fraud‑prevention expertise. Sampath has helped protect over $200 billion in digital transactions and previously led product strategy at Entersekt and ID.me. His role will steer...
By AI-TechPark
Social•Jan 16, 2026
Bots Now Dominate Web Traffic, Malicious Bots Rising
Here's what makes up a website's traffic today. It used to be mainly humans, but now bots make up the majority of website traffic. In addition, more malicious bots have been visiting sites than in the past. Check out the data. https://t.co/fpsvUqwlhE
By Neil Patel
News•Jan 16, 2026
Microsoft: Windows 11 Update Causes Outlook Freezes for POP Users
Microsoft is investigating a January Windows 11 security update (KB5074109) that causes the classic Outlook desktop client to freeze for users with POP email accounts. The problem affects devices running the 25H2 and 24H2 builds, preventing Outlook from exiting cleanly and...
By BleepingComputer
News•Jan 16, 2026
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals
The TamperedChef campaign uses malvertising to deliver trojanized PDF manuals that install a backdoor-infostealer on victim networks. Researchers at Sophos observed widespread targeting across Europe, especially in Germany, the UK and France, focusing on firms that rely on specialized technical...
By Infosecurity Magazine
News•Jan 16, 2026
It Was A Big Year For Cybersecurity
Cybersecurity venture funding surged to $18 billion in 2025, a 26% increase over 2024 and the third‑largest total in a decade. Seven mega‑rounds of $400 million or more, highlighted by Cyera’s $940 million and Saviynt’s $700 million raises, drove the headline growth. Despite higher...
By Crunchbase News
News•Jan 16, 2026
Account Compromise Surged 389% in 2025, Says eSentire
eSentire’s 2025 Year in Review reports a 389 % year‑over‑year surge in account compromise, now accounting for 55 % of all attacks. Credential theft dominates, representing 75 % of malicious activity, with Microsoft 365 as the prime target. Phishing‑as‑a‑Service (PHaaS) kits drove 63 % of...
By Infosecurity Magazine
News•Jan 16, 2026
Cybersecurity Firms React to China’s Reported Software Ban
China’s government has ordered domestic companies to cease using cybersecurity software from U.S. and Israeli vendors, naming more than a dozen firms including CrowdStrike, Palo Alto Networks, and Check Point. Most of the listed companies say they have little or no...
By SecurityWeek
News•Jan 16, 2026
Dropzone AI Closes 2025 with 11x ARR Growth, Fortune Cyber 60 Recognition, and $37M Series B
Dropzone AI announced an explosive 2025 performance, scaling its annual recurring revenue eleven‑fold and securing a $37 million Series B round led by Theory Ventures. The company now serves over 300 enterprises, achieving 370% net revenue retention and expanding into regulated sectors...
By AiThority
News•Jan 16, 2026
Top E-Signature Solutions for Fintech: A 2026 Review
The 2026 review evaluates five leading e‑signature platforms—pdfFiller, Scrive, OneSpan, Adobe Sign, and DocuSign—tailored for financial institutions. It outlines each solution’s core features, compliance focus, and pricing structures, highlighting pdfFiller’s low‑cost integration and OneSpan’s bank‑grade security. The analysis shows how...
By TechBullion
News•Jan 16, 2026
WordPress Membership Plugin Flaw Exposes Sensitive Stripe Data via @Sejournal, @Martinibuster
A critical vulnerability was discovered in StellarWP’s Membership Plugin – Restrict Content, exposing Stripe SetupIntent client_secret values. The flaw lets unauthenticated attackers retrieve these secrets without any login or capability checks. Rated 8.2 (high) on the CVSS scale, it affects all releases...
By Search Engine Journal
News•Jan 16, 2026
Blue Mantis Promotes Adam Caponigro to Senior Vice President of Services
Blue Mantis announced the promotion of Adam Caponigro to Senior Vice President of Services, effective Jan. 1, 2026. In his expanded role he will oversee Managed Services, Professional Services, and Global Delivery Centers across the U.S., Canada, and India, supervising more...
By AI-TechPark
News•Jan 16, 2026
Cisco Finally Fixes AsyncOS Zero-Day Exploited Since November
Cisco has released a patch for the critical AsyncOS zero‑day (CVE‑2025‑20393) affecting Secure Email Gateway and Secure Email and Web Manager appliances with internet‑exposed Spam Quarantine. The flaw allowed remote attackers to execute arbitrary commands with root privileges. Cisco Talos...
By BleepingComputer
News•Jan 16, 2026
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has identified a coordinated exploitation campaign by the Linux‑based RondoDox botnet targeting HPE OneView’s critical CVE‑2025‑37164 vulnerability. The flaw, scored 10.0 on the CVSS scale, allows unauthenticated remote code execution via the ExecuteCommand REST endpoint. In early...
By Infosecurity Magazine
News•Jan 16, 2026
Microsoft: Some Windows PCs Fail to Shut Down After January Update
Microsoft confirmed that the January 13, 2026 cumulative update KB5073455 causes Windows 11 23H2 Enterprise and IoT devices with System Guard Secure Launch to fail shutting down, forcing a restart instead. The bug does not affect consumer editions and also blocks hibernation, leaving machines...
By BleepingComputer
News•Jan 16, 2026
Trusted Smart Chain Completes CertiK Audit, Advancing Secure RWA Tokenization
Trusted Smart Chain announced the successful completion of a comprehensive security audit by CertiK, a leading blockchain audit firm. The audit examined smart‑contract logic, permissioning and threat resilience, confirming the network’s readiness for tokenized securities and real‑world asset issuance. By...
By TechBullion
News•Jan 16, 2026
You Have Built an AI. Have You Tried to Break It?
Enterprises are racing to deploy generative AI models, but lab performance alone isn’t enough. Generative AI red teaming flips traditional testing by deliberately provoking models with adversarial prompts to uncover hidden failure modes. This process reveals security leaks, bias, hallucinations,...
By AiThority
News•Jan 16, 2026
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
Chinese‑linked APT group UAT‑8837 has been exploiting a critical Sitecore zero‑day (CVE‑2025‑53690, CVSS 9.0) to breach American critical‑infrastructure networks. The attackers gain initial access via the vulnerability or stolen credentials, then deploy open‑source tools such as GoTokenTheft, SharpHound and Rubeus to...
By The Hacker News
News•Jan 16, 2026
Illumynt Reports 60% Revenue Growth and Launches Global Innovation Center to Meet Rising Enterprise Security and Sustainability Demands
illumynt announced a 60% year‑over‑year revenue increase for 2025, driven by demand from hyperscalers and data‑intensive enterprises. The company expanded its Columbus, Ohio, site to over 190,000 square feet and designated it as a Global Innovation Center of Excellence. The...
By AiThority
News•Jan 16, 2026
Building a Better Bugbot
Cursor’s Bugbot, an AI‑driven code‑review agent, has evolved from a prototype to an agentic architecture that now scans over two million pull requests each month. By introducing a custom resolution‑rate metric and running 40 systematic experiments, its bug‑resolution rate climbed from...
By Hacker News
Social•Jan 16, 2026
New Dev Tools Promise End‑to‑End Encryption for Open‑Source L
Are there any other developer tools that let you encrypt your workflow? I met with the founders, video coming tomorrow, and they claim that everything is encrypted on open source LLMs even in and out of the LLM.
By Robert Scoble
News•Jan 16, 2026
How Banks Can Reduce Fraud and False Declines with Predictive AI and Stream-First Architecture
Banks face soaring transaction volumes and increasingly complex payment corridors, expanding the fraud surface. Experts argue that merely reacting to bad transactions is insufficient; banks must detect “bad journeys” using predictive AI. When combined with a stream‑first architecture, AI can...
By TechBullion
News•Jan 16, 2026
New Intelligence Is Moving Faster than Enterprise Controls
A new NTT global study finds AI integration outpaces enterprise security and governance. Companies expand AI deployments but many lack infrastructure readiness, data integrity controls, and mature governance. Only a small share can support AI at scale; performance drives design,...
By Help Net Security
News•Jan 16, 2026
APD Investigates Third-Party Cybersecurity Incident, Says No Evidence of Data Compromise
The Anchorage Police Department (APD) disclosed a cybersecurity incident on Jan 7, 2026 involving its third‑party data‑migration vendor, Whitebox Technologies. APD reported no evidence that its systems or data were compromised and immediately shut down affected servers while revoking vendor access....
By The Cyber Express
News•Jan 16, 2026
Who’s on the Other End? Rented Accounts Are Stress-Testing Trust in Gig Platforms
A TransUnion study of U.S. gig workers reveals that 34% have been defrauded by customers, while nearly half admit to renting or selling their accounts. Victims demand stronger identity checks, yet confidence in existing safety tools remains low. The research...
By Help Net Security
News•Jan 16, 2026
Google Brings Generative AI to Gmail, Raising New Privacy Questions
Google is embedding its Gemini generative‑AI engine into Gmail, launching an AI Inbox that auto‑summarizes messages, generates replies, and extracts to‑do items. The rollout includes free features like smart replies and email overviews, while advanced search and proof‑reading tools are...
By Indian Express AI
News•Jan 16, 2026
All In One SEO WordPress Vulnerability Affects Over 3 Million Sites via @Sejournal, @Martinibuster
A critical vulnerability was found in the All in One SEO (AIOSEO) WordPress plugin, affecting over three million sites. The flaw stems from a missing permission check on the /aioseo/v1/ai/credits REST endpoint, allowing contributors to retrieve the site‑wide AI access...
By Search Engine Journal
News•Jan 15, 2026
Grubhub Confirms Hackers Stole Data in Recent Security Breach
Grubhub confirmed that unauthorized actors downloaded data from its systems, prompting an immediate investigation and security hardening. The company disclosed that financial details and order histories were not compromised, but it is facing extortion demands from the ShinyHunters cybercrime group....
By BleepingComputer
News•Jan 15, 2026
New PayPal Scam Sends Verified Invoices With Fake Support Numbers
Scammers are exploiting PayPal's official invoice feature to send verified emails that display the blue tick, making them appear authentic. The malicious invoices include a fake support phone number in the "Note to Customer" section, prompting recipients to call and...
By HackRead
News•Jan 15, 2026
Hackers Exploit Modular DS WordPress Plugin Flaw for Admin Access
Security researchers have identified a critical remote authentication bypass in the Modular DS WordPress plugin, tracked as CVE‑2026‑23550. The flaw, present in versions 2.5.1 and earlier, lets attackers obtain admin‑level access by exploiting a trusted‑request bypass and an automatic login fallback....
By BleepingComputer