News•Jan 20, 2026
Endace Pushes Packet Capture Into Real-Time Security Workflows
Endace released OSm 7.3, a major update that dramatically speeds packet‑capture search and adds a Vault REST API for automated forensic data access. The new search engine delivers up to 50‑fold performance gains, cutting typical query times from nearly a minute to one or two seconds. The Vault REST API supplies raw packets, reassembled files, Zeek logs and visualizations, allowing seamless integration with SIEM, SOAR and xDR platforms from vendors such as Cisco, Splunk and Palo Alto. Executives say the upgrade makes comprehensive network visibility affordable and ready for real‑time security workflows amid tightening regulations.
By Help Net Security
News•Jan 20, 2026
AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'
Group‑IB warns that cybercrime has entered a fifth wave powered by weaponized AI, accelerating attacks with generative tools. Dark‑web marketplaces now sell synthetic identity kits and deep‑fake‑as‑a‑service for as little as $5, while AI‑enhanced phishing kits automate victim targeting and...
By Infosecurity Magazine
News•Jan 20, 2026
The Hidden Risk of Orphan Accounts
Orchid Security highlights the growing threat of orphan accounts—unused human, service, and AI identities that remain active across enterprise environments due to fragmented IAM and IGA processes. These hidden credentials, often with elevated privileges, have been leveraged in high‑profile breaches...
By The Hacker News
News•Jan 20, 2026
Radware Targets API Blind Spots with Real-Time Lifecycle Protection
Radware announced its API Security Service, an end‑to‑end platform that safeguards APIs throughout their entire lifecycle using live production traffic. The solution tackles OWASP Top 10 API risks, including sophisticated Layer 7 DDoS attacks, by delivering continuous discovery, runtime posture management, and...
By Help Net Security
News•Jan 20, 2026
Makina Loses $4.1 Million in Exploit Tied to Price-Feed Manipulation
Makina, a DeFi execution platform, suffered a $4.13 million exploit after an attacker used a flash loan to manipulate the price‑feed of its DUSD/USDC Curve pool. By inflating the MachineShareOracle’s reported prices, the hacker swapped roughly 110 million USDC against a pool holding...
By CoinDesk
%20(1).webp?ssl=1)
News•Jan 20, 2026
OPNsense 25.7.11 Enhances Network Visibility With Host Discovery Feature
OPNsense 25.7.11 introduces a native host discovery service that automatically resolves and stores MAC addresses for IPv4 and IPv6 hosts. The feature feeds live data to MAC‑based firewall aliases and captive‑portal client tracking, improving policy accuracy and device visibility. IPv6...
By GBHackers On Security
News•Jan 20, 2026
Sophos Introduces Workspace Protection to Simplify Hybrid and Remote Work Security
Sophos Group launched Workspace Protection, a browser‑centric security service designed for hybrid and remote work. The offering combines a purpose‑built protected browser with Sophos ZTNA, DNS Protection and an email monitoring add‑on, all managed through the Sophos Central console. By...
By SiliconANGLE
News•Jan 20, 2026
Why Secrets in JavaScript Bundles Are Still Being Missed
Intruder scanned 5 million web applications and uncovered over 42,000 exposed tokens hidden in JavaScript bundles. The secrets spanned 334 types, including active GitHub, GitLab, and Linear API keys, as well as Slack, Zapier, and CAD service credentials. Existing scanners—traditional regex‑based...
By The Hacker News
News•Jan 20, 2026
Major Firms Leave Critical Cyber Risks Unpatched for Months
A KYND study of over 2,000 firms, including FTSE 350 and S&P 500 members, found that 11% were exposed to vulnerabilities actively exploited by attackers. Of those, 88% remained unpatched for six months or longer, highlighting chronic remediation delays. Remote...
By Fintech Global
News•Jan 20, 2026
Intuitive.ai Partners with Matilda Cloud to Accelerate Secure, Compliant AI and Cloud Modernization for Life Sciences
Intuitive.ai has teamed up with Matilda Cloud to help life‑science firms accelerate AI and cloud modernization while meeting strict GxP and CSA regulations. The joint solution offers rapid, compliance‑ready visibility into cost drivers, security posture, and modernization pathways, promising 20‑40%...
By AiThority
News•Jan 20, 2026
Digital Fraud Prevention: 8 Steps to Protect Your Identity
Digital fraud losses surged to $12.5 billion in 2024, a 25% rise from the prior year, as criminals leverage AI, automation, and social engineering. The article outlines eight practical steps—from slowing down on suspicious messages to deploying multi‑factor authentication and secure...
By Fintech Global
News•Jan 20, 2026
Rubrik Introduces CXO Visionaries
Rubrik announced the launch of CXO Visionaries, an exclusive community for Fortune 500 and enterprise 2000 CIOs, CISOs and CTOs. The group aims to help leaders tackle rising cyber‑risk and AI‑driven attacks, offering peer insights and brand‑building opportunities. Rubrik Zero...
By AI-TechPark
News•Jan 20, 2026
Old Habits Die Hard: 2025’s Most Common Passwords Were as Predictable as Ever
In 2025, the password "123456" again topped global lists, accounting for a quarter of the 1,000 most‑used passwords and appearing across all age cohorts. NordPass and Comparitech data show numeric‑only passwords dominate, while the US and UK see "admin" and...
By WeLiveSecurity
News•Jan 20, 2026
Fraud Vs. Conversion: How Payments Can Reduce Risk without Adding Friction
Digital payments must balance speed with security. Consumers abandon 88% of checkout flows due to friction, while e‑commerce fraud costs $44 billion in 2024. The article outlines a multi‑layered strategy—strong authentication, merchant risk scoring, AI‑driven network detection, tokenization, and collaborative data...
By Payments Dive
News•Jan 20, 2026
The Post-Breach Narrative: Winning Back Trust After the Headlines Fade
When a cybersecurity breach dominates headlines, the real challenge begins after the news cycle fades: restoring stakeholder trust. Marketing and public‑relations teams must move beyond immediate statements to a sustained, authentic narrative that demonstrates accountability and transparency. Aligning internal messages...
By Security Magazine (Cybersecurity)
.webp?ssl=1)
News•Jan 20, 2026
TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery Mechanism
TP‑Link disclosed a high‑severity authentication bypass (CVE‑2026‑0629) affecting its VIGI security‑camera line. The flaw exploits the password‑recovery feature, allowing any LAN‑connected attacker to reset admin credentials without verification. With a CVSS v4.0 score of 8.7, the vulnerability grants full control over...
By GBHackers On Security
News•Jan 20, 2026
How to Configure KeyLocker for JarSigner Using the DigiCert KSP Library?
Developers can now sign Java .jar files using DigiCert’s cloud‑based KeyLocker, which keeps private keys inside FIPS‑compliant HSMs. By installing the DigiCert KeyLocker Tools and configuring environment variables, the smctl command registers the DigiCert KSP library and synchronizes the desired...
By Security Boulevard
News•Jan 20, 2026
Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
Security firm CloudSEK’s STRIKE team uncovered a new cryptocurrency‑theft campaign that leverages Discord communities to distribute a clipboard‑hijacking trojan dubbed Pro.exe. The malware, attributed to the RedLineCyber group, monitors Windows clipboard for wallet addresses and silently replaces them with attacker‑controlled...
By GBHackers On Security
News•Jan 20, 2026
Atradius Updates Credit-IQ Software to Boost Accounts Receivable Services Automation, Tighten Data Security for SMEs
Atradius Collections has released a major update to its Credit‑IQ.com accounts‑receivable platform, adding real‑time dashboards, plug‑and‑play ERP integration and support for eight languages. The upgrade also tightens data‑security with GDPR‑aligned EU data‑centers and ISO 27001 certification. Pricing stays at a flat...
By TechBullion
News•Jan 20, 2026
Confusion and Fear Send People to Reddit for Cybersecurity Advice
Researchers from Google and University College London examined 1.1 billion Reddit posts from 2021‑2024 to map how users seek cybersecurity help. Help‑seeking activity remained steady until a sharp 66 % jump in 2024, topping 100 000 questions per month by August. Scams, account‑access...
By Help Net Security
News•Jan 20, 2026
UK Finance Report Examines Fraud Prevention and AML Efforts
UK Finance’s latest report warns that 2023 fraud losses reached £25.2 billion, exposing the flaws of siloed fraud and AML systems. It promotes a unified FRAML framework that blends machine‑learning‑driven fraud detection with anti‑money‑laundering compliance to cut alerts and accelerate investigations....
By Crowdfund Insider
News•Jan 20, 2026
Cloudflare Zero-Day Flaw Allows Attackers to Bypass Security and Access Any Host
A critical zero‑day in Cloudflare’s Web Application Firewall allowed attackers to bypass all WAF rules by targeting the ACME certificate‑validation path. Researchers from FearsOff demonstrated that arbitrary requests to /.well-known/acme-challenge/ could reach origin servers, exposing sensitive endpoints in Spring Boot,...
By GBHackers On Security
News•Jan 20, 2026
This Intune Update Isn’t Optional — It’s a Kill Switch for Outdated Apps
Microsoft Intune MAM will enforce a mandatory update by January 19, requiring all iOS‑wrapped, SDK‑integrated apps and the Android Company Portal to run the latest versions. Outdated apps—including Outlook and Teams—will be blocked from launching. Administrators must push the new SDK...
By CSO Online
News•Jan 20, 2026
Ethereum Posts Record Onchain Activity as Research Points to Possible Spam-Driven Growth: Asia Morning Briefing
Ethereum recorded an all‑time high of nearly 2.9 million daily transactions, yet Ether’s price stayed flat around $3,180, suggesting the activity may not stem from genuine user demand. On‑chain researcher Andrey Sergeenkov attributes the surge to a large‑scale address‑poisoning campaign that...
By CoinDesk
News•Jan 20, 2026
Just-in-Time (JIT) Provisioning: How Automated User Provisioning Works in SSO
Just‑in‑Time (JIT) provisioning automates user account creation the moment a worker logs in via SSO, using SAML or OIDC claims. The approach eliminates manual onboarding steps, cuts admin time, and reduces typo‑related security gaps. However, JIT only creates accounts; it...
By Security Boulevard
News•Jan 20, 2026
Payments Connectivity in the ISO 20022 Era: A Case Study in Future-Proofing
The payments industry is midway through its ISO 20022 transition, with banks leveraging richer data to launch new services while many still depend on legacy translation layers. Real‑time and cross‑border payments are accelerating, pushing institutions to balance cost, liquidity, and resilience....
By Finextra
News•Jan 19, 2026
Top 10 HIPAA Compliance Software Solutions
The article ranks the ten leading HIPAA compliance software platforms, emphasizing a shift from periodic checklists to continuous, automated compliance operations. It highlights that 2025 healthcare breaches averaged $7.42 million per incident, prompting regulators to add MFA, full‑encryption, and annual audits....
By Security Boulevard
News•Jan 19, 2026
How Pointing Errors Impact Quantum Key Distribution Systems
A new IEEE study introduces an analytical framework that quantifies how pointing errors degrade quantum key distribution (QKD) performance in optical wireless links. By applying Rayleigh and Hoyt statistical models to beam misalignment, the researchers derived closed‑form expressions for error...
By Phys.org (Quantum Physics News)
News•Jan 19, 2026
SAP and Fresenius to Build Sovereign AI Backbone for Healthcare
SAP and Fresenius announced a joint venture to create a sovereign AI backbone for European healthcare, leveraging SAP Business AI and Business Data Cloud. The platform will provide a controlled, secure environment for AI models, ensuring data sovereignty and compliance...
By Artificial Intelligence News
News•Jan 19, 2026
Bao Xiong Linked to Cambodia Properties Allegedly Used for Online Fraud Operations
Chinese‑born businessman Bao Xiong, now a naturalized Cambodian, is alleged to control a network of casino‑linked properties that have been repurposed as online fraud and human‑trafficking hubs. U.S. sanctions against related entities such as the Prince Group have intensified scrutiny,...
By TechBullion
News•Jan 19, 2026
Inside SearchGuard: How Google Detects Bots and What the SerpAPI Lawsuit Reveals
Google sued SerpAPI for allegedly circumventing its newly deployed SearchGuard anti‑bot system, which monitors mouse, keyboard, scroll and timing signals to distinguish humans from automated scrapers. The lawsuit, filed under DMCA Section 1201, highlights Google’s effort to protect its search...
By Search Engine Land
News•Jan 19, 2026
Resecurity Leads Cybersecurity Innovation at ITCN Asia 2026
Resecurity has been appointed the Cybersecurity Innovation Partner for ITCN Asia 2026, the region’s largest ICT exhibition held in Lahore, Pakistan. The company will demonstrate its intelligence‑driven platform, featuring cyber‑threat intelligence, digital‑risk monitoring, AI‑powered fraud prevention, investigation tools, and supply‑chain...
By AI-TechPark
News•Jan 19, 2026
Real-Time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon
Seceon Inc. unveiled an AI‑driven real‑time threat intelligence platform that continuously monitors networks, endpoints, cloud services, and user identities. By fusing machine‑learning, behavioral analytics, and global threat feeds, the solution identifies zero‑day attacks, insider threats, and fileless malware as they...
By Security Boulevard
News•Jan 19, 2026
Visual Studio Code Abused in Sophisticated Multistage Malware Attacks
A new campaign dubbed Evelyn Stealer leverages compromised Visual Studio Code extensions, such as the Bitcoin Black theme and Codo AI assistant, to deliver a multi‑stage malware chain. The first‑stage payload uses DLL hijacking of the Lightshot utility to execute PowerShell scripts that...
By GBHackers On Security
News•Jan 19, 2026
Indirect Prompt Injection in Google Gemini Enabled Unauthorized Access to Meeting Data
Miggo Security uncovered an indirect prompt‑injection flaw in Google Gemini that leveraged calendar invite descriptions to bypass privacy controls and exfiltrate meeting data. By embedding a benign‑looking instruction, attackers could trigger Gemini to create a new event containing summaries of...
By SiliconANGLE
News•Jan 19, 2026
AtData Launches Gibberish Detection to Strengthen Fraud Intelligence and Block Bot-Generated Identities
AtData introduced Gibberish Detection, a machine‑learning model that flags synthetic, random or AI‑generated email addresses at the point of capture. The real‑time signal identifies roughly 5% of incoming emails as gibberish, rising to nearly 10% for a global on‑demand services...
By MarTech Series
News•Jan 19, 2026
Token Security Sees Rapid 2025 Growth as Enterprises Secure Agentic AI
Token Security reported triple‑digit growth in 2025 as enterprises grapple with a surge of non‑human identities (NHIs) that now outnumber human users. The company closed a $20 million Series A round and introduced AI‑driven discovery, lifecycle management, and least‑privilege enforcement for autonomous...
By AI-TechPark
News•Jan 19, 2026
‘SolyxImmortal’ Information Stealer Emerges
Cyfirma has uncovered a new Python‑based information stealer dubbed SolyxImmortal, targeting Windows machines. The malware runs silently, establishes persistence in the user’s AppData folder, and exfiltrates credentials, keystrokes, and screenshots through hard‑coded Discord webhooks over HTTPS. It harvests Chrome master...
By SecurityWeek
News•Jan 19, 2026
Cyber Insights 2026: Information Sharing
Cybersecurity information sharing remains essential but faces structural challenges. The Cybersecurity Information Sharing Act of 2015, set to lapse on Jan 30 2026, threatens to curtail the legal protections that encourage voluntary threat‑intel exchange, while the CISA agency confronts funding cuts and...
By SecurityWeek
News•Jan 19, 2026
How to Remove Saved Passwords From Google Chrome (And Why You Should)
Google Chrome’s built‑in password manager offers convenience but accumulates credentials across devices, creating a hidden security liability. The article details how to delete individual, multiple, or all saved passwords on desktop, Android, and iOS, and explains how Chrome sync propagates...
By The Cyber Express
News•Jan 19, 2026
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
A short‑lived campaign from January 11‑15 2026 masqueraded as Malwarebytes installers to deliver infostealers. Attackers distributed ZIP archives named like “malwarebytes‑windows‑github‑io‑X.X.X.zip” that contain a legitimate EXE loader, a malicious CoreMessaging.dll, and a benign‑looking TXT pivot file. The DLL is sideloaded, granting code...
By GBHackers On Security
News•Jan 19, 2026
Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware
Acronis Threat Research Unit uncovered a new espionage campaign that uses a Venezuela‑related news lure to target U.S. government officials. The attack distributes a malicious DLL through DLL sideloading, hidden inside a renamed Tencent music player called “Maduro to be...
By HackRead
News•Jan 19, 2026
Keepnet Bets on Agentic AI Behavioral Training to Curb Security Mistakes
Keepnet introduced Agentic AI for Behavioral Microlearning, shifting training success metrics from completion rates to measurable behavior change and incident reduction. The autonomous platform plans, creates, delivers, and optimizes short, contextual lessons using real‑time risk data, cutting content‑creation time from...
By Help Net Security
News•Jan 19, 2026
Attackers Rerouted Employee Pay Without Breaching IT Systems
An attacker bypassed technical defenses by socially engineering help‑desk staff to reset passwords and re‑enroll MFA, gaining legitimate access to payroll accounts. Using the compromised credentials, the fraudster altered direct‑deposit details and diverted salaries from three employees without triggering alerts....
By GBHackers On Security
News•Jan 19, 2026
CertiK Links $63M in Tornado Cash Deposits to $282M Wallet Compromise
Blockchain security firm CertiK traced roughly $63 million of Tornado Cash deposits to the $282 million wallet hack on Jan. 10. Their analysis shows 686 BTC were bridged to Ethereum, converted into about 19,600 ETH, and then broken into ~400‑ETH chunks before entering the mixer....
By Cointelegraph
News•Jan 19, 2026
British Army to Spend £279 Million on Permanent Cyber Regiment Base
The British Army will invest £279 million to build a permanent base for its 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire. The new facility will house cyber training, operations, and the Army’s Cyber, Information and Security Operations Centre, enhancing...
By Help Net Security
News•Jan 19, 2026
Why FinCrime Detection Is Delayed and How to Fix It
FinCrime detection latency occurs when the signal arrives late or lacks context, not because analysts are slow. Opoint outlines four timestamps—event, first public mention, internal awareness, and decision—to expose where delays happen. Early‑stage OSINT, especially from non‑English sources, can close...
By Fintech Global
News•Jan 19, 2026
TMT Expands Digital Trust and Safety with Microsoft Publishers
The Media Trust (TMT) announced a partnership to bolster digital trust and safety within Microsoft’s advertising ecosystem. Leveraging TMT’s proprietary AI detection, global infrastructure, and malware‑analysis teams, the collaboration will deliver real‑time threat detection and mitigation for malware, redirects, and...
By AI-TechPark
News•Jan 19, 2026
Threat Hunting in 2026: Why Proactive Defence Is the Only Way Forward
Threat hunting is shifting from reactive incident response to proactive, pattern‑based defense as attackers repeatedly exploit known vulnerabilities. Experts at Qualys argue that focusing on adversary telemetry—such as weaponization, ransomware links, and dark‑web chatter—enables teams to anticipate exploitation cycles. Automation...
By The Cyber Express
News•Jan 19, 2026
Oligo Appoints Shira Bendkowski as VP of Product
Oligo Security announced Shira Bendkowski as its new Vice President of Product. Bendkowski, formerly VP of Product at Aqua Security and head of product at XM Cyber, will steer Oligo’s product vision for runtime security across applications, cloud, workloads, and...
By AI-TechPark