News•Jan 14, 2026
How to Build a Stateless, Secure, and Asynchronous MCP-Style Protocol for Scalable Agent Workflows
The tutorial demonstrates how to construct a Minimal Communication Protocol (MCP) that is stateless, cryptographically signed, and capable of handling asynchronous, long‑running tasks. Using Python, Pydantic models enforce strict schema validation for every request and response, while HMAC signatures guarantee message integrity. The server assigns job identifiers and supports polling, allowing clients to initiate tasks without blocking. This design showcases a lightweight, secure foundation for building scalable agent‑driven workflows.
By MarkTechPost
News•Jan 14, 2026
Project Eleven Scores $20M Series A
Project Eleven, a post‑quantum security and digital‑asset migration startup, announced a $20 million Series A financing round. The round was led by Castle Island Ventures and included investors such as Coinbase Ventures, Balaji Srinivasan, Fin Capital, Variant, and several other venture funds....
By VC News Daily
News•Jan 14, 2026
Secure Your Spot at RSAC 2026 Conference
The RSA Conference (RSAC) will convene cybersecurity leaders in San Francisco from March 23‑26, 2026, offering a platform to explore emerging strategies and bold technologies. Simultaneously, GISEC GLOBAL 2026 will gather CISOs, government officials, and ethical hackers across the Middle East and Africa...
By Dark Reading
News•Jan 14, 2026
NDSS 2025 – PolicyPulse:Precision Semantic Role Extraction For Enhanced Privacy Policy Comprehension
Researchers from the University of Denver introduced PolicyPulse, an information‑extraction pipeline that converts natural‑language privacy policies into structured, machine‑readable formats. The system combines a specialized XLNet classifier with a BERT‑based semantic role labeler, processing sentences to preserve predicate‑argument relationships. Trained...
By Security Boulevard
News•Jan 14, 2026
Iran’s Partial Internet Shutdown May Be a Windfall for Cybersecurity Intel
Iran’s near‑total internet blackout, begun Jan 8, has stripped millions of residential users offline, leaving only government‑controlled networks visible. Cybersecurity analysts say this creates a rare window to fingerprint Iranian state‑linked IPs and map their digital infrastructure. Vendors like Whisper Security...
By CSO Online
News•Jan 14, 2026
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
Black Lotus Labs at Lumen Technologies announced that it has null‑routed traffic to more than 550 command‑and‑control nodes used by the AISURU/Kimwolf botnet since early October 2025. The botnet now controls over two million Android devices, primarily unsecured TV boxes, and...
By The Hacker News
News•Jan 14, 2026
Structure and Reliability in E-Commerce Platforms
E‑commerce platforms depend on a robust technical foundation that goes beyond aesthetics. Scalability, security, speed, and continuous uptime are essential to handle traffic spikes, protect customer data, and maintain conversion rates. Managed hosting and automated backups simplify maintenance while platform‑specific...
By HackRead
News•Jan 14, 2026
From Backup to Business Resilience: Inside Cognizant and Rubrik’s New BRaaS Model
Cognizant and Rubrik have launched a Business Resilience as a Service (BRaaS) platform that merges Rubrik’s cyber‑resilience technology with Cognizant’s delivery expertise. The service addresses modern threats such as ransomware, cloud‑infrastructure attacks, and AI‑driven disruptions by providing unified data protection,...
By CIO.com
News•Jan 14, 2026
Microsoft Updates Windows DLL that Triggered Security Alerts
Microsoft released a service alert confirming that the WinSqlite3.dll library, a core Windows component, was mistakenly flagged by third‑party security tools as vulnerable to CVE‑2025‑6965. The false‑positive affected Windows 10, Windows 11, and Windows Server 2012‑2025 systems for several months. Microsoft updated...
By BleepingComputer
News•Jan 14, 2026
US Cargo Tech Company Publicly Exposed Its Shipping Systems and Customer Data to the Web
Bluspark Global, a U.S. shipping‑tech firm behind the Bluvoyix platform, left its API and customer data exposed to the public internet. Researchers discovered unauthenticated endpoints, plaintext passwords, and the ability to create admin accounts, granting access to decades‑old shipment records....
By TechCrunch (Cybersecurity)
News•Jan 14, 2026
From Bot Noise to Real Insights: How Jobrapido Achieved True Marketing ROI
Jobrapido, a global recruitment‑marketing platform, partnered with DataDome to combat bot‑driven traffic that was inflating costs and skewing performance metrics. The AI‑powered solution filtered out roughly 15% of invalid visits, giving the company a clean, real‑time view of genuine user...
By Security Boulevard
News•Jan 14, 2026
RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement
Microsoft announced a joint operation with international law enforcement to dismantle RedVDS, a cybercrime‑as‑a‑service platform that provides disposable Windows VMs for phishing, BEC and financial fraud. Launched in 2019, RedVDS charged as little as $24 per month and is tied...
By SecurityWeek
News•Jan 14, 2026
Hacker Claims Full Breach of Russia’s Max Messenger, Threatens Public Leak
A hacker using the alias CamelliaBtw posted on DarkForums claiming a full breach of Russia’s Max Messenger, exfiltrating roughly 142 GB of data that includes 15.4 million user records, authentication tokens, passwords, communication metadata, source code, and internal infrastructure assets. The alleged...
By HackRead
News•Jan 14, 2026
AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps
AppOmni, a SaaS security platform vendor, has disclosed a critical vulnerability in ServiceNow identified as CVE‑2025‑12420, nicknamed BodySnatcher. The flaw enables an unauthenticated attacker to impersonate any ServiceNow user and spawn a malicious AI agent within the platform. Because ServiceNow...
By Security Boulevard
News•Jan 14, 2026
Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026
Former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing Lane Billings will host a webinar on January 20 2026, revealing how email‑security vendors will be evaluated in 2026. The session outlines Gartner’s evaluation criteria, essential vendor questions, red‑flags, and a proven shortlisting...
By Help Net Security
News•Jan 14, 2026
Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps
Panorays’ survey of 200 U.S. CISOs reveals that 60% consider AI vendors uniquely risky, yet only 22% have formal vetting processes. The rapid rollout of chat‑bots and AI agents is outpacing traditional third‑party risk controls, leaving most organizations with limited...
By HackRead
News•Jan 14, 2026
Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits
New research by Jamf uncovers that the Predator spyware, sold by Intellexa, includes a self‑diagnostic system that reports detailed error codes when attacks fail. These codes convey why deployments were aborted—such as detection of developer mode, proxies, or analysis tools—allowing...
By SecurityWeek
News•Jan 14, 2026
Reprompt Attack Let Hackers Hijack Microsoft Copilot Sessions
Researchers at Varonis uncovered a “Reprompt” attack that lets hackers hijack Microsoft Copilot Personal sessions by embedding malicious prompts in the URL’s `q` parameter. After a victim clicks a crafted link, the attacker can issue follow‑up commands that bypass Copilot’s...
By BleepingComputer
News•Jan 14, 2026
EasyDMARC Expands Executive Team with Armen Najarian as Chief Commercial Officer
EasyDMARC announced the appointment of Armen Najarian as its new Chief Commercial Officer. Najarian brings over 25 years of experience in email security, fraud prevention, and AI‑driven analytics, previously leading go‑to‑market roles at ThreatMetrix, Agari, Outseer and Sift. He will...
By Security Boulevard
News•Jan 14, 2026
Data Protection Agency Tells Coupang to Stop Publishing Unconfirmed Information About Data Breach
South Korea’s Personal Information Protection Commission (PIPC) has ordered e‑commerce giant Coupang to stop publishing its own findings about a recent data breach that exposed personal information of millions of users. The regulator warned that unverified disclosures could mislead consumers...
By DataBreaches.net
News•Jan 14, 2026
Eurail Passengers Taken for a Ride as Data Breach Spills Passports, Bank Details
Eurail confirmed a data breach that exposed personal information of customers, particularly those who received passes through the EU‑funded DiscoverEU programme. The breach potentially includes passport numbers, issuance details, and bank information, though direct‑purchase customers’ passports were not stored visually....
By DataBreaches.net
News•Jan 14, 2026
Airia Adds AI Governance for Compliance, Accountability, and Control
Airia has launched an AI Governance product, completing its three‑pillar enterprise AI management ecosystem alongside AI Security and Agent Orchestration. The new suite offers a governance dashboard, model and agent registries, compliance automation, and risk assessment tools to provide end‑to‑end...
By Help Net Security
News•Jan 14, 2026
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
SpyCloud unveiled its Supply Chain Threat Protection solution, extending identity‑threat visibility to vendors and other third‑party partners. The platform draws on billions of recaptured breach, malware, phishing and dark‑web data points to deliver real‑time evidence of compromised credentials. It introduces...
By CSO Online
News•Jan 14, 2026
One Identity Manager 10.0 Introduces Risk-Based Governance and ITDR Capabilities
One Identity launched Manager 10.0, adding risk‑based governance, identity threat detection and response (ITDR) playbooks, and AI‑assisted natural‑language reporting. The upgrade integrates third‑party UEBA risk scores, automates remediation actions, and introduces a browser‑based admin console. Enhanced Syslog CEF formatting improves SIEM...
By Help Net Security
News•Jan 14, 2026
Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners
Cloud commerce platform Pax8 inadvertently emailed an internal spreadsheet to fewer than 40 UK partners, exposing business data for roughly 1,800 managed service providers. The CSV listed more than 56,000 entries, including partner IDs, customer names, Microsoft SKU counts and...
By BleepingComputer
News•Jan 14, 2026
Victorian Department of Education Says Hackers Stole Students’ Data
The Victorian Department of Education disclosed that an unauthorized party accessed a database containing personal details and school‑issued email addresses of current and former students, along with encrypted passwords. More sensitive information such as birth dates, home addresses, and phone...
By BleepingComputer
News•Jan 14, 2026
G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems
The G7 Cyber Expert Group has issued a recommended roadmap urging financial institutions and public entities to fully adopt post‑quantum cryptography by 2034. The plan outlines six phases—from awareness and inventory to migration, testing and validation—spanning 2025‑2035. While advisory, it...
By Infosecurity Magazine
News•Jan 14, 2026
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
New research shows 64% of third‑party applications on websites access sensitive data without a clear business justification, up from 51% in 2024. Only 39% of security leaders have deployed dedicated web‑exposure solutions, despite 81% ranking web attacks as a top...
By The Hacker News
News•Jan 14, 2026
Microsoft Fixes Three Zero-Days on Busy Patch Tuesday
Microsoft released its latest Patch Tuesday update, fixing 114 CVEs including three critical zero‑day bugs. The zero‑days are CVE‑2026‑20805 (information disclosure in Desktop Window Manager), CVE‑2026‑21265 (secure‑boot certificate bypass), and CVE‑2023‑31096 (elevation of privilege in legacy Agere modem drivers). The...
By Infosecurity Magazine
News•Jan 14, 2026
Cybersecurity at the State and Local Level: Washington Has the Framework, It’s Time to Act
The March 2025 White House Executive Order calls on states, localities and tribal entities to own their cybersecurity preparedness, while the State and Local Cybersecurity Grant Program (SLCGP) allocates $1 billion over four years to fund those efforts. The bipartisan PILLAR...
By CSO Online
%20(1).webp?ssl=1)
News•Jan 14, 2026
Spring CLI Vulnerability Allows Attackers to Execute Commands on User Systems
A command‑injection flaw (CVE‑2026‑22718) has been discovered in the Spring CLI VS Code extension, affecting all versions up to 0.9.0. The vulnerability allows an attacker with local access to execute arbitrary commands, earning a medium severity rating and a CVSS score...
By GBHackers On Security
News•Jan 14, 2026
Is It Time for Internet Services to Adopt Identity Verification?
Australia has enacted a law prohibiting anyone under 16 from holding a social‑media account, forcing platforms to purge non‑compliant profiles. The move positions the country as a global test case for age‑based bans and sparks a broader debate on mandatory...
By WeLiveSecurity
News•Jan 14, 2026
Microsoft: Windows 365 Update Blocks Access to Cloud PC Sessions
Microsoft confirmed that a recent Windows 365 update is preventing users from signing into their Cloud PC sessions, causing widespread access failures that began on Tuesday at 19:00 UTC. The issue, tracked under incident WP1217671, stems from a security‑focused update that unintentionally broke...
By BleepingComputer
.webp?ssl=1)
News•Jan 14, 2026
Multiple Elastic Vulnerabilities Could Lead to File Theft and DoS
Elastic has issued urgent patches for four critical Kibana vulnerabilities spanning versions 7.x through 9.2.3. The most severe, CVE‑2026‑0532, combines SSRF and file disclosure, allowing authenticated attackers to exfiltrate credentials. Three medium‑severity flaws can cause denial‑of‑service through resource exhaustion in...
By GBHackers On Security
News•Jan 14, 2026
Monroe University Says 2024 Data Breach Affects 320,000 People
Monroe University disclosed that a December 2024 cyberattack compromised personal, financial, and health data of more than 320,000 individuals. Attackers accessed the network for two weeks, from Dec 9 to Dec 23, before the breach was detected. The university began notifying affected...
By BleepingComputer
News•Jan 14, 2026
AI in Manufacturing: The Growing Risk and Reward Dilemma Escalating Data Security
AI adoption in U.S. manufacturing is accelerating, with 55% of firms already using generative AI and many planning further expansion. Meanwhile, ransomware attacks on the sector surged 87% in 2024, making manufacturing the most targeted industry. Without enterprise‑grade security—especially through...
By Security Boulevard
News•Jan 14, 2026
Scamnetic Delivers Fraud Protection Across All Payment Types
Scamnetic launched its patent‑pending IDeveryone Payment Protection solution, extending identity‑proofing to every payment channel—from push and digital payments to cryptocurrency, checks, wire transfers and ACH. The offering adds real‑time recipient verification and optional insurance, aiming to curb the $442 billion global...
By Help Net Security
News•Jan 14, 2026
Critical Node.js Vulnerability Can Cause Server Crashes via Async_hooks Stack Overflow
Node.js released security updates fixing a critical vulnerability (CVE‑2025‑59466) that causes the runtime to terminate with exit code 7 when a stack overflow occurs while async_hooks is enabled. The bug affects all versions from 8.x through 18.x and impacts major frameworks...
By The Hacker News
News•Jan 14, 2026
CISO Assistant: Open-Source Cybersecurity Management and GRC
CISO Assistant’s community edition is an open‑source governance, risk, and compliance (GRC) platform that lets security teams document assets, risks, controls, and framework alignment in a single, self‑hosted system. The tool ships with built‑in mappings to ISO 27001, NIST CSF, and...
By Help Net Security
News•Jan 14, 2026
US Cybersecurity Weakened by Congressional Delays Despite Plankey Renomination
The White House renominated seasoned cyber veteran Sean Plankey as CISA director after his initial nomination lapsed, but Senate holds tied to a Coast Guard issue and a pending telecom security report are delaying confirmation. Simultaneously, deep budget cuts have...
By CSO Online
News•Jan 14, 2026
Firmware Scanning Time, Cost, and Where Teams Run EMBA
A new research paper compares the EMBA firmware analysis tool on a local workstation and an Azure virtual machine, measuring execution time, repeatability, and cost. Identical configurations and a common firmware set were used, revealing that scan duration depends more...
By Help Net Security
News•Jan 14, 2026
Nicole Ozer Joins CPPA to Drive Privacy and Digital Security Initiatives
California Privacy Protection Agency appointed Nicole Ozer to its board, reinforcing the state’s privacy agenda. Ozer, former ACLU tech director and executive at UC Law San Francisco, brings extensive experience in privacy law, AI, and digital civil liberties. Her appointment...
By The Cyber Express
News•Jan 14, 2026
How AI Image Tools Can Be Tricked Into Making Political Propaganda
A new study shows that commercial text‑to‑image models can be coaxed into generating political propaganda by replacing explicit names with descriptive profiles and fragmenting prompts across multiple low‑risk languages. Researchers tested GPT‑4o, GPT‑5 and GPT‑5.1, achieving bypass rates up to...
By Help Net Security
News•Jan 14, 2026
Taiwan Endures Greater Cyber Pressure From China
Taiwan’s National Security Bureau reported an average of 2.63 million cyber attacks per day in 2025, a 6 percent rise from the prior year. Energy utilities faced a ten‑fold surge in malicious traffic while hospitals and emergency services saw attacks climb 54 percent....
By Dark Reading
News•Jan 14, 2026
Personal Details of Thousands of Border Patrol and ICE Agents Allegedly Leaked in Huge Data Breach
A whistleblower allegedly released personal data on roughly 4,500 ICE and Border Patrol employees, including about 2,000 frontline agents, after the Jan. 7 shooting of Renee Nicole Good. The leak, posted on the volunteer‑run ICE List site, contains names, work emails,...
By DataBreaches.net
News•Jan 14, 2026
AI Scraping in Mobile Apps: How It Works and How to Stop It
Scraping has migrated from web sites to mobile apps as AI‑driven bots target richer, structured API data. Attackers decompile Android APKs, extract endpoints and credentials, then replay authenticated requests without using the UI. Traditional defenses—rate limits, CAPTCHAs, and token‑based authentication—fail...
By Security Boulevard
News•Jan 13, 2026
CISO Succession Crisis Highlights How Turnover Amplifies Security Risks
Chief Information Security Officers are facing unprecedented turnover, with average tenure now 18‑26 months. Rapid M&A activity forces CISOs to juggle integration, risk, board advising, and crisis management, leading to burnout and a 66% report of excessive expectations. Surveys show...
By Dark Reading
News•Jan 13, 2026
Ukraine's Army Targeted in New Charity-Themed Malware Campaign
Ukraine’s Defense Forces were hit by a charity‑themed malware campaign from October to December 2025 that delivered the PluggyApe backdoor. The attacks arrived via Signal or WhatsApp messages promising charitable documents, but instead provided password‑protected PIF archives containing malicious payloads. Ukrainian...
By BleepingComputer
News•Jan 13, 2026
NY: Southold Laserfiche Access Remains Suspended After Cyberattack
Southold, New York, has kept its Laserfiche online record‑keeping system offline for more than six weeks after a cyberattack on Nov. 24 compromised its servers. The town announced that public access will remain suspended with no clear restoration timeline. To remediate,...
By DataBreaches.net
News•Jan 13, 2026
Central Maine Healthcare Breach Exposed Data of over 145,000 People
Central Maine Healthcare suffered a cyber intrusion that lasted from March 19 to June 1, 2024, exposing the personal and health information of 145,381 individuals. The breach affected patients, current and former employees, revealing names, dates of birth, treatment details,...
By BleepingComputer