News•Jan 21, 2026
How to Protect Your Brand From Web Privacy Lawsuits
Retailers are increasingly targeted by web privacy lawsuits, with 43% of recent claims focused on the consumer discretionary sector. Smaller stores under $100 million in revenue account for nearly 60% of filings, often leveraging outdated statutes like California’s 1967 Invasion of Privacy Act. Gaps in privacy policies, low consent‑banner adoption, and undisclosed trackers leave brands vulnerable despite compliance efforts. Experts recommend auditing trackers, deploying in‑context disclosures, and maintaining up‑to‑date policies to mitigate risk.
By Total Retail
News•Jan 21, 2026
Two Unique DHS Cyber Incidents Exposed 1M People’s Data
Within weeks, two state Departments of Human Services suffered separate data breaches, exposing personal information for nearly one million residents. In Illinois, a misconfigured map inadvertently displayed details of about 700,000 individuals, including Medicaid recipients, while Minnesota’s MnCHOICES system was...
By Security Magazine (Cybersecurity)
News•Jan 21, 2026
Professional Crypto Recovery: Essential Steps & Services
A New York Times report highlighted an early Bitcoin investor who lost access to a $220 million stash after forgetting his wallet password, underscoring the high‑stakes nature of self‑custody. The article explains that only when the encrypted wallet file is available can a...
By TechBullion
News•Jan 21, 2026
Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise
Oracle has disclosed CVE‑2026‑21962, a critical flaw in its Fusion Middleware WebLogic proxy plug‑ins that permits unauthenticated attackers to compromise Oracle HTTP Server over HTTP. The vulnerability affects Oracle HTTP Server versions 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0, as well as the...
By eSecurity Planet
News•Jan 21, 2026
CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training
CyberNut, a Miami‑based startup, closed a $5 million minority growth equity round led by Growth Street Partners to scale its K‑12 cybersecurity awareness platform. The company, which emerged from stealth in May 2024 after raising $800,000 in pre‑seed capital, already serves over...
By SecurityWeek
News•Jan 21, 2026
NDSS 2025 – Dissecting Payload-Based Transaction Phishing On Ethereum
The paper presented at NDSS 2025 reveals a new, sophisticated phishing vector on Ethereum called payload‑based transaction phishing (PTXPHISH). Researchers built the first ground‑truth dataset of 5,000 phishing transactions and identified four main tactics across eleven sub‑categories. Their rule‑based detection...
By Security Boulevard
News•Jan 21, 2026
What SaaS Security ROI Looks Like in Practice
AppOmni released an ROI report showing SaaS security delivers tangible operational benefits quickly. Customers reported saving roughly 146 manual hours each month and a 24% reduction in audit findings after gaining visibility. The study found measurable value within two weeks...
By Security Boulevard
News•Jan 21, 2026
Attackers Are Getting Stealthier – How Can Defenders Stay Ahead?
Attackers are abandoning noisy, brute‑force attacks for stealth‑first, multi‑stage malware that can linger for weeks. OPSWAT telemetry shows a 127% rise in malware complexity and an increase from eight to 18 behavioral nodes per sample in six months. Traditional signature‑based...
By TechRadar
News•Jan 21, 2026
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
A sophisticated loan‑phishing campaign in Peru, uncovered by Group‑IB, uses fake loan applications to harvest valid bank card numbers and six‑digit PINs. The operation impersonates a leading Peruvian bank across 16 dedicated domains and more than 370 related sites, employing...
By Infosecurity Magazine
News•Jan 21, 2026
Using Data Upsert to Optimize Test Data Management
Tonic.ai has added upsert capabilities to its test‑data platform, allowing teams to insert new records while updating existing ones without overwriting valuable test data. The feature supports preserving legacy fixtures, merging multiple data subsets, and retaining mock data for unreleased...
By Security Boulevard
News•Jan 21, 2026
Check Point Exposure Management Unifies Threat Intelligence, Context, and Remediation
Check Point unveiled Exposure Management, a platform that fuses threat intelligence, vulnerability prioritization, and automated remediation into a single workflow. The solution offers real‑time situational awareness by correlating dark‑web insights, exploitability context, and attack‑surface visibility. It integrates with more than...
By Help Net Security
News•Jan 21, 2026
How Realm Data Haven Solves Long-Term Log Storage and Fast Resupply for SOC Teams
Realm introduced Data Haven, a dedicated long‑term log archive that separates storage from real‑time SIEM detection. The platform automatically routes all telemetry to secure, low‑cost storage without manual configuration and normalizes logs on ingest. Analysts retrieve archived data by simple...
By Security Boulevard
News•Jan 21, 2026
Cohesity Enhances Identity Resilience with ITDR Capabilities
Cohesity has introduced Identity Threat Detection and Response (ITDR) capabilities, extending its Identity Resilience suite to protect Active Directory and Microsoft Entra ID. The solution continuously monitors identity posture, flags risky changes, and detects attack patterns before an incident. During...
By Help Net Security
News•Jan 21, 2026
Executive Brief: Questions AI Is Creating that Security Can’t Answer Today
AI‑assisted development now dominates software creation, with 92% of developers using tools like GitHub Copilot and AI‑generated code comprising roughly 40% of new code. Traditional application security controls, designed for post‑commit review, fail to see code at the moment it...
By Security Boulevard
News•Jan 21, 2026
Stellar Cyber Appoints Eric Van Sommeren as Vice President of EMEA to Accelerate Regional Expansion
Stellar Cyber announced the appointment of Eric van Sommeren as Vice President of EMEA, accelerating the firm’s push into Europe, the Middle East and Africa. Van Sommeren brings senior leadership experience from SentinelOne, Palo Alto Networks and Corelight, positioning the company...
By AiThority
News•Jan 21, 2026
XBOW Appoints WonLae Lee as General Manager, South Korea
XBOW has named former Samsung SDS penetration‑testing leader WonLae Lee as General Manager for South Korea, tasking him with spearheading the company’s Asia‑Pacific expansion. Lee brings three decades of Red Team, vulnerability research and incident‑response experience to the autonomous offensive...
By AiThority
News•Jan 21, 2026
Furl Lands $10M for AI-Powered Security Remediation
Furl, a security remediation platform, closed a $10 million seed round led by Ten Eleven Ventures, with participation from Rapid7 CEO Corey Thomas and Open Opportunity Fund. The company targets the chronic execution gap in cybersecurity, where only one in ten...
By Just AI News
News•Jan 21, 2026
I Scanned 2,500 Hugging Face Models for Malware/Issues. Here Is the Data
Veritensor launches as a zero‑trust security solution for the AI model supply chain, offering deep static analysis and cryptographic verification of popular model formats such as Pickle, PyTorch, Keras, GGUF, and Python wheels. The tool can detect malicious code—including RCE,...
By Hacker News
News•Jan 21, 2026
Vectra AI Helps Organizations Prevent AI-Powered Cyberattacks
Vectra AI unveiled a next‑generation platform designed to safeguard the emerging AI enterprise, where machine‑speed workloads span on‑premises, multi‑cloud, SaaS, IoT and edge environments. The solution delivers unified observability, automatically discovers AI agents as first‑class identities, and uses behavior‑driven AI...
By Help Net Security
News•Jan 21, 2026
AiFWall Emerges From Stealth With an AI Firewall
aiFWall Inc emerged from stealth, releasing a free AI firewall that protects both inbound prompts and outbound responses of agentic AI deployments. The product leverages contextual analysis and a central AI engine to create just‑in‑time threat markers from malicious prompts....
By SecurityWeek
News•Jan 21, 2026
Sumo Logic Targets Data Pipeline Blind Spots with New Snowflake and Databricks Tools
Sumo Logic announced two new applications for Snowflake and Databricks that enhance real‑time visibility into data pipelines. The Snowflake Logs App provides login analytics, query performance insights, and centralized log correlation, while the Databricks Audit App offers unified monitoring of...
By SiliconANGLE
News•Jan 21, 2026
Nightfall Expands Data Protection with AI Browser Security for Browsers, Endpoints and SaaS
Nightfall unveiled an AI Browser Security solution that protects browsers, endpoints, and SaaS applications from real‑time data theft driven by AI tools. The offering intercepts uploads, clipboard pastes, screenshots and other browser‑based actions that traditional DLP cannot see. Powered by...
By SiliconANGLE
News•Jan 21, 2026
Accelerating Digital Transformation Is the Keystone to Deterring Space War
The article argues that the United States must accelerate digital transformation in its national‑security space architecture to maintain deterrence against a rapidly modernizing China. It highlights current shortcomings such as legacy single‑prime contracts, stovepiped systems, and slow acquisition cycles that...
By SpaceNews
News•Jan 21, 2026
Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms
Pentera uncovered nearly 2,000 publicly exposed security‑testing web apps—such as DVWA, Juice Shop and bWAPP—hosted on AWS, GCP and Azure. These intentionally vulnerable tools were linked to over‑privileged IAM roles, allowing attackers to steal cloud credentials and gain admin access....
By BleepingComputer
News•Jan 21, 2026
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Security researchers discovered that dozens of publicly exposed, intentionally vulnerable training applications—such as Hackazon, OWASP Juice Shop, DVWA and bWAPP—are being run on real cloud infrastructure. These apps often carry over‑permissioned IAM roles, allowing attackers to harvest temporary credentials and...
By Dark Reading
News•Jan 21, 2026
GitLab Warns of High-Severity 2FA Bypass, Denial-of-Service Flaws
GitLab announced patches for a high‑severity two‑factor authentication bypass (CVE‑2026‑0723) and multiple denial‑of‑service flaws affecting both Community and Enterprise editions. The 2FA bypass lets attackers with a known account ID circumvent the second factor, while CVE‑2025‑13927 and CVE‑2025‑13928 enable unauthenticated...
By BleepingComputer
News•Jan 21, 2026
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
Reflectiz’s 2026 State of Web Exposure Research reveals that 64 % of third‑party applications on 4,700 leading websites access sensitive data without a legitimate business justification, up from 51 % a year earlier. The study also shows a sharp rise in malicious...
By HackRead
News•Jan 21, 2026
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
Microsoft Azure’s Private Endpoint design has a DNS flaw that can turn secure Private Link connections into denial‑of‑service conditions. When a Private DNS zone is linked across multiple virtual networks, Azure prefers that zone for name resolution; if the target...
By eSecurity Planet
News•Jan 21, 2026
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
North Korean threat actors have launched a new campaign that abuses Visual Studio Code task configuration files to deliver macOS malware. The attackers masquerade as recruiters, enticing developers to clone malicious GitHub or GitLab repositories under the guise of job...
By SecurityWeek
News•Jan 21, 2026
Rust Package Registry Adds Security Tools and Metrics to crates.io
The Rust package registry crates.io has introduced a Security tab that surfaces RustSec advisories and flags vulnerable versions on each crate page. Publishing workflows were enhanced with Trusted Publishing support for GitLab CI/CD, enabling OIDC‑based authentication without long‑lived tokens. New...
By Help Net Security
News•Jan 21, 2026
Why AI Keeps Falling for Prompt Injection Attacks
Prompt injection exploits the textual nature of large language models, allowing users to bypass safety guardrails with cleverly phrased commands. The article compares this vulnerability to a fast‑food worker refusing to hand over a cash drawer, highlighting how humans rely...
By IEEE Spectrum AI
News•Jan 21, 2026
DigitalOcean Appoints Vinay Kumar as Chief Product and Technology Officer
DigitalOcean announced Vinay Kumar as its new Chief Product and Technology Officer, tasked with steering product strategy, cloud infrastructure, and security as the firm expands its AI inference cloud. Kumar, a founding member of Oracle Cloud Infrastructure and former AWS...
By AI-TechPark
News•Jan 21, 2026
Cyber Fallout Continues as M&S CTO Exits Months After Ransomware Attack
Marks & Spencer’s chief technology officer Josie Smith is leaving the firm, a move that comes nine months after a ransomware attack by the Scattered Spiders group wiped out roughly £229 million and halved the retailer’s 2025 profit. The breach forced...
By InternetRetailing
News•Jan 21, 2026
Alerted to a Breach in November, Advanced Family Surgery Center Remains Publicly Silent
Advanced Family Surgery Center, part of Covenant Health, was notified by the Genesis hacking group on November 26 2025 that its systems had been compromised and 100 GB of sensitive data—including protected health information—had been exfiltrated. Genesis later posted a file‑tree on a...
By DataBreaches.net
News•Jan 21, 2026
Why Identity Security Must Move Beyond MFA
Enterprise MFA usage has reached roughly 70% in early 2025, cementing it as a core defense against automated attacks. Yet cybercriminals exploit AI‑driven phishing, SIM swapping, and credential theft to bypass even strong multi‑factor controls. Recent data shows a 63%...
By SecurityWeek
News•Jan 21, 2026
Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 37 zero‑day vulnerabilities in Tesla's infotainment system, earning $516,500 on day one. Synacktiv secured $35,000 by chaining an information leak and out‑of‑bounds write to gain root, while other teams exploited EV chargers and navigation...
By BleepingComputer
News•Jan 21, 2026
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
SecurityWeek’s Cyber Insights 2026 warns that APIs, already handling roughly 83 % of internet traffic, will become even more critical as agentic AI proliferates. The rise of autonomous AI agents is set to double the number of API endpoints by 2026, expanding...
By SecurityWeek
News•Jan 21, 2026
Last Rites for Perpetual Enterprise Software Licenses?
Enterprise software vendors are accelerating the retirement of perpetual‑license products, declaring many versions End of Availability and pushing customers toward cloud‑based SaaS suites. While the shift may raise short‑term costs, research shows that modern subscription models deliver better cybersecurity, functionality,...
By CIO.com
News•Jan 21, 2026
Adversa AI Wins 2026 BIG Innovation Award for Agentic AI Security Platform
Adversa AI’s Agentic AI Security Platform has been named a winner in the 2026 BIG Innovation Awards for Innovative Products – Software, as announced by the Business Intelligence Group. The platform tackles the emerging attack surface of autonomous AI agents,...
By AI-TechPark
News•Jan 21, 2026
Enterprise-Grade Identity Verification for AI-Enhanced Workflows
Enterprises accelerating AI adoption face a critical gap in identity verification. A GBG report shows 31% of businesses struggle to detect fraud during onboarding, exposing AI workflows to manipulation. Enterprise‑grade verification combines biometrics, document validation, API checks, MFA and continuous...
By Security Boulevard
News•Jan 21, 2026
ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix”
ErrTraffic is a traffic‑distribution system that powers ClickFix social‑engineering attacks by deliberately corrupting website visuals—a technique dubbed “GlitchFix.” When a victim visits a compromised page, the script distorts text, CSS and cursor movement before presenting a fake update prompt that...
By GBHackers On Security
News•Jan 21, 2026
Oracle’s First 2026 CPU Delivers 337 New Security Patches
Oracle has issued its first Critical Patch Update for 2026, delivering 337 security patches that address roughly 230 unique CVEs across more than 30 products. More than two dozen of the fixes target critical‑severity bugs, and over 235 patches remediate...
By SecurityWeek
News•Jan 21, 2026
Meet Confer: Signal Founder’s Privacy-Focused, End-to-End Encrypted ChatGPT Alternative
Signal founder Moxie Marlinspike has launched Confer, a privacy‑first AI chatbot that encrypts every conversation end‑to‑end. The service uses passkey authentication, server‑side encryption, and runs in a Trusted Execution Environment to prevent data leakage. A free tier allows 20 messages...
By Indian Express AI
News•Jan 21, 2026
Vulnerability Prioritization Beyond the CVSS Number
The article argues that relying solely on CVSS scores misguides vulnerability prioritization. Real‑world incidents like Equifax, SolarWinds, and Log4Shell show that medium‑scoring flaws can cause outsized damage when they propagate through interconnected systems. It introduces the Unified Linkage Model (ULM)...
By CSO Online
News•Jan 21, 2026
Exposure Assessment Platforms Signal a Shift in Focus
Gartner’s inaugural Magic Quadrant introduces Exposure Assessment Platforms (EAP) as a formal replacement for traditional vulnerability management, emphasizing Continuous Threat Exposure Management. The report evaluated 20 vendors on continuous discovery, risk‑informed prioritization, and cross‑environment visibility. Data shows 74 % of identified...
By The Hacker News
News•Jan 21, 2026
Linux Users Targeted by Crypto Thieves via Hijacked Apps on Snap Store
Security researcher Alan Pope revealed that crypto thieves are hijacking expired domains linked to Snap Store publishers to gain Snapcraft account access and push malicious updates. The attackers replace benign snaps with crypto‑wallet malware that steals recovery phrases via automatic...
By Help Net Security
News•Jan 21, 2026
Magecart Hack Injects JavaScript to Steal Online Payment Data
Security researchers have uncovered a new Magecart‑style campaign that injects obfuscated JavaScript from cc-analytics.com/app.js into e‑commerce checkout pages. The script captures credit‑card numbers and billing details, then exfiltrates them to attacker‑controlled servers at pstatics.com via XMLHttpRequest POSTs. Infrastructure analysis reveals...
By GBHackers On Security
News•Jan 21, 2026
Cside Targets Hidden Website Privacy Violations with Privacy Watch
cside unveiled Privacy Watch, an AI‑driven platform that continuously monitors client‑side third‑party scripts for hidden data collection and privacy violations. The tool automatically generates evidence logs and regulation‑specific reports to help organizations meet GDPR, CPRA, HIPAA and emerging state‑level requirements. With...
By Help Net Security
News•Jan 21, 2026
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts that within the next two years up to 50% of global enterprises will adopt zero‑trust data governance as AI‑generated content floods books, code repositories, and research papers. The feedback loop of large language models training on prior AI...
By Infosecurity Magazine