News•Jan 15, 2026
Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion
Cyber‑criminals are increasingly abandoning encryption‑based ransomware in favor of pure data‑theft extortion. Symantec and Carbon Black report a jump from 28 incidents in 2024 to nearly 1,500 in 2025, while traditional ransomware remained flat at about 4,700 attacks. The surge is driven by exploitation of unpatched zero‑day flaws and software‑supply‑chain weaknesses, exemplified by ShinyHunters’ Salesforce attacks on firms like Allianz and Google. Experts warn that this new threat vector demands stronger credential hygiene and supply‑chain oversight.
By Infosecurity Magazine
News•Jan 15, 2026
Vulnerabilities Surge, But Messy Reporting Blurs Picture
The National Vulnerability Database recorded a record 48,177 CVE identifiers for 2025, marking the ninth consecutive year of growth. Reporting is now dominated by new CNAs, with Patchstack, Wordfence and WPScan contributing 23% of all entries and MITRE falling to...
By Dark Reading
News•Jan 15, 2026
Seerist Launches AskAnna, a Breakthrough AI-Powered Q&A Tool Transforming Security and Intelligence Workflows
Seerist has launched AskAnna, an AI‑powered natural‑language Q&A tool that taps the company’s proprietary event models and Control Risks’ human‑generated analysis to deliver fully sourced intelligence answers. The platform instantly synthesizes thousands of vetted reports, providing line‑item attribution and transparent...
By AiThority
News•Jan 15, 2026
HHS OCR Comments on Its 2026 Priorities
The HHS Office for Civil Rights (OCR) released its 2026 enforcement roadmap, highlighting four priority areas: continuing the HIPAA Privacy Rule Right of Access initiative, expanding the Security Rule Risk Analysis to broader risk management, intensifying hacking and ransomware actions,...
By DataBreaches.net
News•Jan 15, 2026
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Cybercriminals and hacktivists sharply increased attacks on industrial control systems in 2025, with vulnerability disclosures nearly doubling to 2,451 across 152 vendors. Siemens was the most affected vendor, reporting 1,175 flaws, while Schneider Electric faced a higher proportion of critical...
By Infosecurity Magazine
News•Jan 15, 2026
CodeBuild Flaw Put AWS Console Supply Chain At Risk
Security researchers at Wiz uncovered a critical misconfiguration in AWS CodeBuild that let unauthenticated attackers inject malicious code into core AWS open‑source repositories, including the widely used AWS SDK for JavaScript. The flaw stemmed from an unanchored regular‑expression filter on...
By Infosecurity Magazine
News•Jan 15, 2026
Feedzai and Matrix USA Launch Global Partnership to Modernize Financial-Crime Prevention with AI-Native Defenses
Feedzai, the AI-native risk‑operations platform, has partnered with Matrix USA to create a global Center of Excellence that accelerates AI‑driven fraud and anti‑money‑laundering (AML) deployments for banks. The collaboration blends Feedzai’s real‑time detection engine with Matrix USA’s advisory and integration...
By AiThority
News•Jan 15, 2026
Saying Goodbye to Windows Hello for Business: Five User Experience Pitfalls that Make Business Leaders Go for Best-in-Breed Solutions
The article highlights five user‑experience pitfalls of Windows Hello for Business that cause employees to abandon biometric authentication. Environmental variables—lighting, glasses, hats, facial hair, and device positioning—lead to frequent failures, prompting users to fall back on PINs or passwords. This...
By Security Boulevard
News•Jan 15, 2026
Report: Massive Amounts of Sensitive Data Being Shared with GenAI Tools
A Harmonic Security report analyzing 22.4 million prompts across six generative AI tools reveals an exponential rise in sensitive data exposure, with 71% of incidents tied to ChatGPT. Approximately 579,000 prompts (2.6%) contained company‑sensitive information, especially code, legal discourse, and M&A...
By Security Boulevard
News•Jan 15, 2026
Promptware Kill Chain – Five-Step Kill Chain Model For Analyzing Cyberthreats
The Promptware Kill Chain introduces a five‑step framework that treats malicious prompts and poisoned content as a distinct class of AI malware. It maps the lifecycle of attacks on large language model applications from initial access through privilege escalation, persistence,...
By GBHackers On Security
News•Jan 15, 2026
CISO Role Reaches “Inflexion Point” With Executive-Level Titles
The 2026 State of the CISO Report shows a structural shift, with 46% of North American CISOs now holding executive titles such as EVP or SVP. Over half of respondents say their role has expanded to cover SecOps, architecture, GRC,...
By Infosecurity Magazine
News•Jan 15, 2026
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The latest ThreatsDay bulletin spotlights a wave of high‑severity, unauthenticated remote code execution flaws—from Redis’s XACKDEL buffer overflow affecting roughly 2,900 servers to AI‑ML libraries that execute malicious model metadata. It also flags a Broadcom Wi‑Fi chipset kill‑switch that can...
By The Hacker News
News•Jan 15, 2026
AI Security Platform WitnessAI Raises $58m to Expand Globally
WitnessAI secured $58 million in strategic funding led by Sound Ventures, aiming to accelerate global expansion and broaden its AI security suite. The platform provides enterprises with real‑time visibility and control over large‑language models and autonomous AI agents, addressing governance gaps...
By Fintech Global
News•Jan 15, 2026
Meeting the New ETSI Standard for AI Security
ETSI has released EN 304 223, the first globally applicable European standard that defines baseline security requirements for AI systems across enterprises. The standard aligns with the EU AI Act and introduces concrete provisions covering deep neural networks, generative AI,...
By Artificial Intelligence News
News•Jan 15, 2026
JPMorgan Claims Ex-Advisor In Fla. Stole Trade Secrets To Poach Clients For LPL
JPMorgan has filed a federal lawsuit seeking a temporary restraining order against former private‑client advisor Kevin J. Sercia. The bank alleges Sercia accessed roughly 175 client profiles on its Advisor Central system after hours and stole confidential information to solicit...
By DataBreaches.net
News•Jan 15, 2026
New CastleLoader Variant Linked to 469 Infections Across Critical Sectors
Cyber‑security firm ANY.RUN has identified a new, more stealthy variant of the CastleLoader malware, now linked to 469 compromised devices across U.S. government agencies and European critical infrastructure. The loader uses a social‑engineering “ClickFix” prompt and Inno Setup/AutoIt to gain...
By HackRead
News•Jan 15, 2026
Delinea Acquries StrongDM to Secure Access to IT Infrastructure
Delinea announced it will acquire StrongDM, a platform that provides just‑in‑time (JIT) access to IT infrastructure for both human operators and non‑human identities. The deal expands Delinea’s privileged access management suite to cover dynamic, AI‑driven workloads and supports a zero...
By Security Boulevard
News•Jan 15, 2026
7 Reasons to Get Certified in API Security
Wallarm University now offers a free, hands‑on API security certification that lets participants run real attacks and practice defenses. The program is built by seasoned API security experts and covers emerging threats such as AI‑driven and agentic APIs. Recent Wallarm...
By Security Boulevard
News•Jan 15, 2026
Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns
ISACA’s State of Privacy 2026 report reveals that median privacy team size dropped to five members, down from eight the previous year, while technical privacy roles face the steepest shortages. Budget pressures persist, with only 36% of respondents feeling adequately...
By Infosecurity Magazine
News•Jan 15, 2026
Classroom Device Management: 8 Strategies for K-12 Success
Classroom device management is essential for K‑12 schools integrating laptops, tablets, and BYOD. The article outlines eight practical strategies, including clear rules, mobile device management tools, app whitelisting, screen monitoring, scheduled access, BYOD integration, activity tracking, and continuous teacher development....
By Security Boulevard
News•Jan 15, 2026
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
Researchers at KU Leuven uncovered critical Fast Pair flaws in 17 audio accessories from ten manufacturers, enabling a WhisperPair attack that silently hijacks Bluetooth earbuds, headphones, and speakers within 50 feet. The vulnerability lets attackers take control of audio streams, activate...
By WIRED (Security)
News•Jan 15, 2026
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
Security teams are still focusing on protecting AI models, but recent incidents show the real risk lies in the workflows surrounding them. Malicious Chrome extensions harvested chat data from over 900,000 users, and prompt‑injection attacks can coerce AI coding assistants...
By The Hacker News
News•Jan 15, 2026
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads
Sonatype researchers reported that over 387,000 downloads of Apache Struts 2 occurred in a single week, and 98% of those were for end‑of‑life versions vulnerable to CVE‑2025‑68493. The flaw, a high‑severity (8.8) unsafe XML parsing issue affecting versions 2.0.0 through 6.1.0,...
By HackRead
News•Jan 15, 2026
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Researchers from OPSWAT’s Unit 515 uncovered four serious flaws in Delta Electronics’ DVP‑12SE11T programmable logic controller, including three critical CVSS 9+ vulnerabilities. Delta issued a firmware patch just before the 2026 New Year, but many OT environments may delay updates due to...
By Dark Reading
News•Jan 15, 2026
4 Outdated Habits Destroying Your SOC's MTTR in 2026
Many security operations centers still rely on outdated, manual processes that slow incident response. The article highlights four habits—manual sample review, sole reliance on static scans, fragmented toolsets, and excessive alert escalations—that inflate mean time to respond. It shows how...
By The Hacker News
News•Jan 15, 2026
FTC Bans GM From Selling Drivers' Location Data for Five Years
The U.S. Federal Trade Commission finalized an order against General Motors and its OnStar subsidiary for collecting and selling precise geolocation and driver‑behavior data without consent. The settlement bans GM from sharing such data with consumer reporting agencies for five...
By BleepingComputer
News•Jan 15, 2026
Guarding Europe’s Hidden Lifelines: How AI Could Protect Subsea Infrastructure
The episode explores how AI can safeguard Europe’s extensive subsea cables and pipelines, focusing on the EU‑funded VIGIMARE project led by researcher Johanna Karvonen. It details how machine‑learning models will fuse satellite imagery, AIS data, radar and acoustic signals from...
By AIhub
News•Jan 15, 2026
Cyb3r Operations Raises $5.4M in Financing
London‑based Cyb3r Operations secured $5.4 million in a financing round led by Octopus Ventures, bringing its total capital to $6.75 million after a follow‑on from Pi Labs. The startup provides continuous, automated third‑party cyber risk visibility across tech stacks, flagging vulnerabilities, sanctions,...
By FinSMEs
News•Jan 15, 2026
AWS Flips Switch on Euro Cloud as Customers Fret About Digital Sovereignty
Amazon Web Services launched its European Sovereign Cloud to general availability, promising a fully EU‑located environment that is physically and logically separate from other AWS regions. The offering initially includes 90 services spanning compute, storage, networking, security, and AI, and...
By The Register
News•Jan 15, 2026
Bitwarden Advances Passkeys and Credential Risk Controls
Bitwarden unveiled Access Intelligence, delivering application‑level visibility into weak, reused or exposed credentials and guiding remediation, cutting average resolution time from nine days. The company also expanded passkey support, adding native Windows 11 integration, cross‑platform portability via the FIDO Credential Exchange...
By Help Net Security
News•Jan 15, 2026
Arcjet Python SDK Sinks Teeth Into Application-Layer Security
Arcjet has released a Python SDK that brings its application‑layer security platform directly into Python services and APIs. The SDK provides built‑in bot protection, rate limiting, email validation and signup spam prevention, and works with both FastAPI and Flask with...
By Security Boulevard
News•Jan 15, 2026
F5 Targets AI Runtime Risk with New Guardrails and Adversarial Testing Tools
F5 announced the general availability of two AI‑runtime security products—F5 AI Guardrails and F5 AI Red Team. The Guardrails solution provides model‑agnostic, real‑time protection for AI agents, while the Red Team offers automated adversarial testing using a continuously updated threat...
By Help Net Security
News•Jan 15, 2026
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Phoenix Contact and Aveva issued a dozen Patch Tuesday advisories on Jan. 15, 2026, addressing critical and high‑severity flaws across edge devices, process automation platforms, routers and optimization software. Siemens released five advisories,...
By SecurityWeek
News•Jan 15, 2026
Palo Alto Networks Warns of DoS Bug Letting Hackers Disable Firewalls
Palo Alto Networks disclosed a high‑severity flaw, CVE‑2026‑0227, that lets unauthenticated attackers trigger a denial‑of‑service condition on PAN‑OS firewalls and Prisma Access gateways when GlobalProtect is enabled. The bug forces the appliance into maintenance mode, effectively disabling protection. Palo Alto...
By BleepingComputer
News•Jan 15, 2026
Asimily Extends Cisco ISE Integration to Turn Device Risk Into Segmentation Policy
Asimily announced new microsegmentation capabilities that add Security Group Access Control List (SGACL) support to Cisco Identity Services Engine (ISE). The integration lets organizations automatically translate device classification, behavior analysis, and risk scores into enforceable segmentation policies. By extending its...
By Help Net Security
News•Jan 15, 2026
DeFi Quietly Breaks up with Discord as Scams Overwhelm Public Channels
DeFi protocols are pulling back from public Discord servers as scam activity overwhelms community channels. Morpho announced its Discord is now read‑only and redirected users to ticket‑based tools like Intercom, while data platform DefiLlama is shifting to live chat and...
By Cointelegraph
News•Jan 15, 2026
Modern Executive Protection: Digital Exposure & Physical Risk
Executive protection is expanding beyond physical guards to include digital exposure analysis. Executives and their households generate extensive online footprints that adversaries exploit to shape targeting before any physical action. The article argues that most security teams have abundant data...
By Security Boulevard
News•Jan 15, 2026
Microsoft Shuts Down RedVDS Cybercrime Subscription Service Tied to Millions in Fraud Losses
Microsoft announced a coordinated legal operation in the United States and United Kingdom, backed by Europol and German authorities, to dismantle RedVDS, a subscription‑based cybercrime platform. Since March 2025, RedVDS has enabled fraudsters to rent disposable virtual machines for $24...
By Help Net Security
News•Jan 15, 2026
From Typos to Takeovers: Inside the Industrialization of Npm Supply Chain Attacks
The npm ecosystem has moved from simple typosquatting to coordinated credential‑driven attacks that compromise maintainers and CI/CD pipelines. Attackers now hijack trusted packages, inject malicious post‑install scripts, and use stolen tokens as a "master key" to reach millions of downstream...
By CSO Online
News•Jan 15, 2026
Cyb3r Operations Raises £4M to Address Third-Party Risk Blind Spots
London‑based Cyb3r Operations secured £4 million in a round led by Octopus Ventures, bringing its total funding to £5 million. The capital will accelerate its platform that delivers continuous, automated visibility into third‑party cyber risk for large enterprises. As SaaS, cloud and...
By Tech.eu
News•Jan 15, 2026
New Cloudflare Report Warns of a ‘Technical Glass Ceiling’ Stifling AI Growth and Weakening Cybersecurity
Cloudflare’s inaugural 2026 App Innovation Report finds that organizations that modernize their application stacks are three times more likely to realize tangible AI returns, while legacy‑bound firms face heightened security exposure. The study shows 93% of leaders credit software updates...
By AiThority
News•Jan 15, 2026
LinkedIn Wants to Make Verification a Portable Trust Signal
LinkedIn is launching a self‑serve API that lets its Verified on LinkedIn badge be displayed on third‑party platforms, turning the verification badge into a portable trust signal. The company reports that 75 members verify each minute, now exceeding 100 million verified...
By Help Net Security
News•Jan 15, 2026
GoLogin vs MultiLogin vs VMLogin – What’s the Anti-Detect Browsers Difference?
Anti-detect browsers let users conceal fingerprints and manage multiple online identities. The article compares three leading solutions—GoLogin, MultiLogin, and VMLogin—detailing their core features, user bases, and pricing models. GoLogin distinguishes itself with cloud‑based profile storage, multilingual support, and a seven‑day...
By GBHackers On Security
News•Jan 15, 2026
QR Codes Are Getting Colorful, Fancy, and Dangerous
QR codes have evolved from plain black‑and‑white squares to colorful, logo‑embedded designs, making them a popular yet risky communication channel. Researchers at Deakin University identified a surge in "quishing" attacks that exploit these stylized codes to bypass traditional URL‑based security...
By Help Net Security
News•Jan 15, 2026
How the OWASP Application Security Verification Standard Helps Improve Software Security
Centraleyes recently integrated the OWASP Application Security Verification Standard (ASVS) into its cyber‑risk platform, enabling structured, repeatable assessments for web and cloud services. ASVS defines three verification levels—opportunistic, standard, and advanced—allowing organizations to match security controls to application risk. The...
By Security Boulevard
News•Jan 15, 2026
Cybersecurity Spending Keeps Rising, so Why Is Business Impact Still Hard to Explain?
Cybersecurity budgets are set to increase again, yet security leaders still struggle to demonstrate clear business value. Finance executives express uneven trust in security teams’ ability to translate risk mitigation into financial outcomes, creating friction in budget approvals. Divergent definitions...
By Help Net Security
News•Jan 15, 2026
The NSA Lays Out the First Steps for Zero Trust Adoption
The National Security Agency has published the first two documents in its Zero Trust Implementation Guidelines series—a Primer and a Discovery Phase guide. The Primer explains the structure and principles of the series, while the Discovery Phase directs organizations to...
By Help Net Security
News•Jan 15, 2026
Microsoft, Law Enforcement Disrupt RedVDS Global Cybercrime Service
Microsoft and international law‑enforcement agencies, including Europol, dismantled RedVDS, a cybercrime‑as‑a‑service platform that has stolen roughly $40 million since March 2025. The operation seized the service’s marketplace, customer portal, and associated domains, cutting off access to cheap virtual dedicated servers rented for...
By Security Boulevard
News•Jan 14, 2026
Depthfirst Secures $40M to Expand Agentic Approach to Software Security
Depthfirst Inc. announced a $40 million Series A round led by Accel to accelerate its AI‑native security platform. The startup’s General Security Intelligence platform deploys custom AI agents that continuously analyze code, infrastructure and workflows, delivering context‑aware vulnerability detection. In its first...
By SiliconANGLE
News•Jan 14, 2026
Aikido Security Raises $60M Series B at $1B Valuation to Unify Application Security
Belgian cybersecurity firm Aikido Security announced a $60 million Series B round that values the company at $1 billion, making it Europe’s fastest unicorn in the sector. The funding will accelerate its unified application security platform, which combines static and dynamic testing, software...
By SiliconANGLE