News•Jan 19, 2026
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Researchers have uncovered PDFSIDER, a backdoor malware that exploits DLL side‑loading in the legitimate PDF24 Creator application to evade endpoint detection and response tools. The malicious payload is delivered via spear‑phishing ZIP archives, signed with valid certificates, and replaces the authentic cryptbase.dll with a malicious version. PDFSIDER operates primarily in memory, encrypts its command‑and‑control traffic with AES‑256‑GCM, and tunnels data through DNS port 53 to hide communications. The malware includes sandbox‑evasion checks, terminating on low‑memory or virtual environments.
By GBHackers On Security
News•Jan 19, 2026
Argus: Python-Based Recon Toolkit Aims to Boost Security Intelligence
Argus v2.0, a Python‑based reconnaissance toolkit, launches with 135 specialized modules unified under a professional command‑line interface. The overhaul adds multi‑threaded execution, over 25 CLI commands, and four deployment options—including pip, Docker, script, and direct Python. It integrates major threat‑intelligence...
By GBHackers On Security
News•Jan 19, 2026
SEON Identity Verification Combines KYC Checks with Real-Time Fraud Intelligence
SEON introduced an AI‑powered Identity Verification solution that combines document validation, biometric liveness detection, proof‑of‑address checks, and optional government database queries within its unified risk platform. The service draws on more than 900 real‑time fraud signals to evaluate both the...
By Help Net Security
News•Jan 19, 2026
SIOS Technology VP of CX Cassius Rhue Shares 2026 IT Predictions
SIOS Technology’s Vice President of Customer Experience, Cassius Rhue, outlined a forward‑looking vision for high‑availability (HA) and disaster‑recovery (DR) solutions through 2026. He predicts HA will evolve from pure uptime guarantees to a strategic pillar for hybrid‑cloud resilience, cybersecurity, AI...
By AI-TechPark
News•Jan 19, 2026
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Geopolitical rivalries are increasingly manifesting as cyber operations that target critical infrastructure, disinformation networks, and supply‑chain dependencies. Recent incidents—from the Ukrainian power‑grid outage to a Norwegian dam breach—illustrate how state actors can weaponize digital tools against civilian services. AI‑generated disinformation...
By Help Net Security
News•Jan 19, 2026
Rubrik Introduces Security Cloud Sovereign for Data Sovereignty and Regulatory Compliance
Rubrik unveiled Security Cloud Sovereign, a data‑protection platform that keeps all data, metadata, and control planes inside a customer‑chosen jurisdiction. The solution offers immutable safeguards that prevent encryption, deletion, or alteration even if attackers gain elevated access. Integrated threat‑detection analytics...
By Help Net Security
News•Jan 19, 2026
Outsourcing IT Support: Benefits, Risks, and Smart Next Steps
The episode outlines how fast‑growing SaaS companies can outsource IT support by contracting for clear outcomes, defining precise scopes, and applying zero‑trust controls. It emphasizes data‑driven metrics such as First Contact Resolution, MTTR, and CSAT to justify the move, while...
By Security Boulevard
News•Jan 19, 2026
Why Wrench Attacks Are Becoming One of the Most Violent Forms of Crypto Crimes
Wrench attacks are physical coercion crimes that force cryptocurrency holders to reveal credentials or authorize transfers, bypassing technical defenses. The phenomenon gained headlines after the 2025 kidnapping of Ledger co‑founder David Balland and has accelerated as crypto market capitalisation climbs, with...
By Cointelegraph
News•Jan 19, 2026
Review: AI Strategy and Security
AI Strategy and Security, authored by Dr. Donnie W. Wendt, is a practical guide for technology leaders and security professionals designing enterprise AI programs. The book maps AI adoption to business objectives, outlines readiness assessments, and defines a comprehensive team...
By Help Net Security
News•Jan 19, 2026
7 Top Cybersecurity Projects for 2026
The 2026 cybersecurity roadmap highlights seven priority projects for CISOs, ranging from AI‑aware identity and access management to advanced email protection, autonomous code‑vulnerability discovery, and enterprise‑wide zero‑trust adoption. Leaders emphasize extending IAM controls to non‑human agents, leveraging small language models...
By CSO Online
News•Jan 19, 2026
Researchers Hijack Hacker Domain Using Name Server Delegation
Infoblox researchers exploited a DNS misconfiguration called lame nameserver delegation to seize control of abandoned hacker domains. Within hours they intercepted over 57 million push‑notification logs from roughly 120 misconfigured domains, capturing traffic at 30 MB per second. The data exposed a...
By GBHackers On Security
News•Jan 19, 2026
Bytebase: Open-Source Database DevOps Tool
Bytebase is an open‑source DevOps platform that streamlines database schema and data changes through a structured change‑request workflow. It lets teams submit SQL changes, run automated reviews, and track executions across development, staging, and production environments. The tool includes built‑in...
By Help Net Security
News•Jan 19, 2026
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Huntress researchers uncovered a malicious Chrome extension, NexShield, that masquerades as the legitimate uBlock Origin Lite ad blocker. The extension installs a delayed denial‑of‑service loop, then displays a fake crash warning that tricks users into running a PowerShell command which...
By GBHackers On Security
News•Jan 19, 2026
Traveling? ‘Evil Twin’ WiFi Networks Can Steal Crypto Passwords
Evil Twin attacks clone legitimate Wi‑Fi hotspots, luring travelers to connect and exposing them to credential theft. The method is prevalent in airports, cafés, hotels and conference venues, where attackers intercept traffic and harvest exchange logins, 2FA codes, or seed...
By Cointelegraph
News•Jan 19, 2026
Entity Resolution Vs. Identity Verification: What Security Teams Actually Need
The episode clarifies the distinction between identity verification—confirming a person’s claimed identity at a specific moment—and entity resolution—linking disparate identity fragments into a unified profile. It explains why security teams, facing credential exposure and reuse, need entity resolution combined with...
By Security Boulevard
News•Jan 19, 2026
Return Fraud, Counterfeits and Other Scams: 2025 Was a Banner Year
2025 proved a banner year for retail fraud, with the OECD and EUIPO estimating counterfeit sales near US$467 billion and Liquidonate reporting US$127 billion in fraudulent returns alone. Online returns now outpace in‑store returns three‑to‑one, creating fertile ground for tactics like wardrobing,...
By Inside Retail Australia
News•Jan 19, 2026
Why Financial Analysts Need Robust PC Security—And How Online Cleaners Help
Financial analysts face heightened cyber risk, making workstation hygiene essential. Modern online PC cleaners now combine malware detection, registry repair, and privacy safeguards, turning routine maintenance into a security layer. Paid solutions add real‑time monitoring, frequent definition updates, and enterprise...
By TechBullion
News•Jan 19, 2026
New OpenAI Leak Hints at Upcoming ChatGPT Features
OpenAI is quietly testing a major ChatGPT web update slated for rollout in the next few weeks. The preview, dubbed “Salute,” adds a task‑creation interface with file uploads and progress tracking. Additional changes include a model‑preference flag aimed at hospitality‑specific...
By BleepingComputer
News•Jan 19, 2026
OAuth Scopes & Consent: Complete Guide to Secure API Authorization
The episode explains OAuth scopes as granular permission strings that let users grant apps only the access they need, illustrating real‑world examples from healthcare, retail, and finance and showing how consent screens translate technical scopes into plain language. It covers...
By Security Boulevard
News•Jan 18, 2026
Hundreds Answer Europe's 'Public Call for Evidence' On an Open Digital Ecosystem Strategy
The European Commission launched a public call for evidence on open digital ecosystems, running from 6 January to 3 February 2026. More than 370 submissions have already been received, reflecting strong stakeholder interest. The evidence will shape a Commission communication that outlines concrete...
By Slashdot
News•Jan 18, 2026
Microsoft Releases OOB Windows Updates to Fix Shutdown, Cloud PC Bugs
Microsoft issued emergency out‑of‑band (OOB) updates for Windows 10, Windows 11, and Windows Server after the January 2026 Patch Tuesday introduced two critical bugs. The first bug broke credential prompts for Microsoft 365 Cloud PC and Azure Virtual Desktop sessions, while the second prevented...
By BleepingComputer
.webp?ssl=1)
News•Jan 18, 2026
How Security Teams Use IP Location and DNS History In Cybercrime Investigation
Security teams start cybercrime investigations with a single alert—often a suspicious IP or login—and quickly need context beyond raw logs. By enriching that alert with IP location data and DNS history, analysts can identify geographic anomalies, hosting providers, and past...
By GBHackers On Security
News•Jan 18, 2026
NDSS 2025 – Compiled Models, Built-In Exploits
Researchers at NDSS 2025 unveiled a systematic study of bit‑flip attacks targeting deep‑learning executables compiled by modern DL compilers. Unlike prior work that focused on flipping weights within frameworks, the new approach exploits publicly known model structure embedded in the...
By Security Boulevard
News•Jan 18, 2026
4 in 5 Small Businesses Had Cyberscams Last Year, Almost Half Were AI Powered
A recent Identity Theft Resource Center survey shows that four out of five small businesses experienced a cyber‑scam or breach in the past year, with almost half of those attacks powered by artificial intelligence. The study found that 38% of...
By DataBreaches.net
News•Jan 18, 2026
Japanese Nuclear Regulator Employee Loses Phone Containing Sensitive Info in China
Japan’s Nuclear Regulation Authority disclosed that an employee lost a government‑issued smartphone while on a personal trip to China in November. The device contained a database of contact information for senior nuclear officials, plant operators, and emergency responders, classified as...
By DataBreaches.net
News•Jan 18, 2026
80% of Hacked Crypto Projects Never ‘Fully Recover,’ Expert Warns
Nearly four out of five crypto projects hit by a major hack never fully recover, according to Immunefi CEO Mitchell Amador. He attributes the low survival rate to operational paralysis, lack of incident‑response plans, and breakdowns in communication that erode...
By Cointelegraph
News•Jan 18, 2026
Google Chrome Now Lets You Turn Off On-Device AI Model Powering Scam Detection
Google Chrome now lets users delete the on‑device AI model that powers the Enhanced Protection feature, which uses generative AI to detect scams, malicious downloads, and risky extensions. The toggle appears in Settings > System under “On‑device GenAI.” The capability is currently...
By BleepingComputer
News•Jan 17, 2026
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German authorities have arrested two Ukrainian suspects linked to the Black Basta ransomware‑as‑a‑service operation and placed its alleged Russian leader, Oleg Nefedov, on the EU Most Wanted and INTERPOL Red Notice lists. The gang, which emerged in 2022, infiltrated over...
By The Hacker News
News•Jan 17, 2026
A Faceless Hacker Stole My Therapy Notes – Now My Deepest Secrets Are Online Forever
Finnish psychotherapy provider Vastaamo suffered a massive data breach, exposing personal and therapy records of about 33,000 patients. Hackers contacted victims, demanding Bitcoin payments under threat of publishing the sensitive information. In September 2025, a Helsinki court released the alleged...
By DataBreaches.net
News•Jan 17, 2026
JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability
JFrog researchers have demonstrated a remote code execution (RCE) exploit for Redis vulnerability CVE‑2025‑62507, leveraging a stack buffer overflow triggered by the XACKDEL command with multiple IDs. The flaw, originally rated 8.8 CVSS, now warrants urgent patching to Redis version 8.3.2....
By Security Boulevard
News•Jan 17, 2026
How Attackers Target Financial Applications and VAPT Stops Them?
Financial applications faced a staggering 1.2 billion attacks in 2025, double the frequency of other sectors. Exploitation of known CVEs jumped 74%, while API abuse and business‑logic flaws emerged as primary breach vectors. The report underscores the necessity of Vulnerability Assessment...
By Security Boulevard
News•Jan 17, 2026
Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account Takeover
Security researchers identified two critical cross‑site scripting flaws in Meta’s Conversions API Gateway that enable zero‑click Facebook account takeover. The client‑side XSS stems from improper postMessage origin validation, while a stored XSS arises from unsafe string concatenation in the backend...
By GBHackers On Security
News•Jan 17, 2026
Identity Management Challenges in Pharma & Biotech SaaS Platforms (And How to Solve Them)
Pharma and biotech firms are accelerating SaaS adoption for drug discovery, clinical trials, and manufacturing, but fragmented identity and access management (IAM) threatens compliance and intellectual‑property protection. The life‑sciences software market hit $16.1 billion in 2024 and is growing 11‑13% annually,...
By Security Boulevard
News•Jan 17, 2026
Best Security Awareness Training Platforms For 2026
The 2026 roundup identifies the ten leading security awareness training platforms, highlighting AI‑driven phishing simulations, micro‑learning, gamification, and comprehensive compliance reporting. Solutions such as KnowBe4, Proofpoint, and Cofense demonstrate measurable risk reductions, with industry benchmarks showing up to an 80%...
By GBHackers On Security
News•Jan 16, 2026
How Is AI Improving the Management of Cloud Secrets
Non‑human identities (NHIs) such as machine tokens and keys now outnumber human accounts, making their secret management a critical security priority. Organizations are shifting from point‑solution secret scanners to comprehensive NHI platforms that cover discovery, classification, monitoring, and automated rotation....
By Security Boulevard
News•Jan 16, 2026
Is Advanced AI Security Affordable for Small Businesses
Small businesses can adopt AI‑driven security without breaking the bank by choosing scalable, subscription‑based or open‑source solutions that integrate with existing infrastructure. Managing Non‑Human Identities (NHIs) with automated discovery and lifecycle tools further reduces breach risk and compliance costs. A...
By Security Boulevard
News•Jan 16, 2026
Can We Be Certain AI Keeps Cloud Data Secure
Non‑human identities (NHIs) are machine credentials—secrets, tokens, keys—essential for securing cloud environments. Organizations across finance, healthcare, and travel are shifting from point solutions like secret scanners to comprehensive NHI management platforms that cover discovery, classification, monitoring, and decommissioning. The article...
By Security Boulevard
News•Jan 16, 2026
Is Your Data Truly Secure with Free AI Tools
Enterprises are increasingly dependent on non‑human identities (NHIs) such as tokens, keys, and certificates to power cloud and DevOps workflows. The article argues that many organizations still treat these machine passports like afterthoughts, exposing them to breach risk and compliance...
By Security Boulevard
News•Jan 16, 2026
How AI Impacts the Cyber Market and The Future of SIEM
The rise of large‑language models is prompting a fundamental rethink of cyber‑security architectures, especially around Security Information and Event Management (SIEM). After decades of network‑centric prevention, data‑heavy SIEMs, and the EDR‑driven response era, AI has sparked a fifth phase where...
By Security Boulevard
News•Jan 16, 2026
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet disclosed a critical OS‑command‑injection flaw in its FortiSIEM platform (CVE‑2025‑64155) on Jan. 13, assigning it a 9.4 CVSS rating. The vulnerability enables unauthenticated remote code execution via crafted TCP requests to the phMonitor service. Within days, security firm Defused reported...
By Dark Reading
News•Jan 16, 2026
StealC Hackers Hacked as Researchers Hijack Malware Control Panels
Researchers at CyberArk uncovered a cross‑site scripting (XSS) vulnerability in the web‑based control panel of the StealC info‑stealing malware. Exploiting the flaw, they observed active operator sessions, harvested browser and hardware fingerprints, and hijacked session cookies to gain remote control...
By BleepingComputer
News•Jan 16, 2026
CCPA: Understanding How Synthetic Data Can Help Achieve Compliance
The California Consumer Privacy Act (CCPA) and its 2023 amendment, the CPRA, now affect any firm handling data from California residents, yet only 11 % of U.S. businesses are fully compliant. Compliance requires embedding consent management, sensitive‑data classification, audit trails, and...
By Security Boulevard
News•Jan 16, 2026
NASA Develops Blockchain Technology to Enhance Air Travel Safety and Security
NASA researchers conducted a drone‑based flight test at Ames Research Center using an open‑source blockchain framework to secure real‑time transmission of flight data. The system proved capable of protecting telemetry, flight plans and operator registrations from interception or tampering. By...
By NASA - News Releases
News•Jan 16, 2026
NDSS 2025 – Vulnerability, Where Art Thou? Vulnerability Management In Android Smartphone Chipsets
The NDSS 2025 paper presents the first unified knowledge base of 3,676 Android smartphone chipset vulnerabilities spanning 437 chipset models and 6,866 phone models. It shows that many flaws are inherited across multiple chipset generations, contradicting the assumption that newer...
By Security Boulevard
News•Jan 16, 2026
Jordanian Man Admits Selling Unauthorized Access to Computer Networks of 50 Companies
Jordanian national Feras Albashiti, operating under several aliases, pleaded guilty in U.S. federal court to acting as an access broker. He sold unauthorized network credentials for at least 50 companies to an undercover officer in May 2023, receiving payment in...
By DataBreaches.net
News•Jan 16, 2026
Hacker Steals $282 Million Crypto in Hardware Wallet Social-Engineering Attack
A hacker executed a sophisticated social‑engineering attack on a hardware wallet, stealing roughly $282 million worth of Bitcoin and Litecoin. The stolen assets—1,459 BTC and 2.05 million LTC—were quickly swapped for the privacy coin Monero and partially bridged to Ethereum, Ripple, and Litecoin via...
By CoinDesk
News•Jan 16, 2026
JWT Claims Explained: Complete Guide to Standard & Custom JWT Token Claims
The article outlines emerging quantum‑resistant frameworks for federated learning, highlighting how lattice‑based cryptography can slash communication overhead by roughly 20 percent while preserving privacy. It details new P2P tunnel architectures and Gopher Security’s post‑quantum encryption to thwart man‑in‑the‑middle attacks. Zero‑trust...
By Security Boulevard
News•Jan 16, 2026
How a Hacking Campaign Targeted High-Profile Gmail and WhatsApp Users Across the Middle East
A WhatsApp‑delivered phishing campaign targeting high‑profile Gmail and WhatsApp users across the Middle East was uncovered after activist Nariman Gharib shared a malicious link. Researchers traced the attack to DuckDNS‑masked domains such as alex-fabow.online, which harvested credentials, two‑factor codes, and...
By TechCrunch (Cybersecurity)
News•Jan 16, 2026
The Recent Computer Hack of the European Space Agency Was Bigger than It Admitted
The European Space Agency (ESA) disclosed a December‑era hack that it described as limited, but new reports reveal a far larger breach. Security researchers say attackers gained initial access in September via an unpatched public CVE and exfiltrated roughly 500 GB...
By Behind the Black