Hackers Using Malicious QR Codes for Phishing via HTML Table
Hackers have begun delivering phishing QR codes without images, rendering them as dense HTML tables of colored cells. This “imageless” approach evades traditional image‑analysis scanners that look for bitmap QR patterns. Recipients who scan the codes are directed to credential‑harvesting sites, often personalized per target. Security teams are urged to treat any QR‑style content as a phishing indicator, regardless of its format.
Critical N8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Researchers disclosed CVE‑2026‑21858, a CVSS 10.0 flaw in n8n that lets unauthenticated attackers hijack any instance via a Content‑Type confusion in webhook handling. The vulnerability affects all versions up to 1.65.0 and was patched in version 1.121.0 released November 18, 2025. It joins three...
New Veeam Vulnerabilities Expose Backup Servers to RCE Attacks
Veeam announced security updates for its Backup & Replication suite, addressing a critical remote code execution flaw (CVE‑2025‑59470) that impacts version 13.0.1.180 and earlier builds. The patch, delivered in version 13.0.1.1071 on January 6, also resolves two additional high‑ and medium‑severity...
Cybersecurity Firms Secured $14 Billion in Funding in 2025: Analysis
Cybersecurity firms raised nearly $14 billion in 2025 across 392 funding rounds, marking a 47% increase over 2024 and the strongest year since the 2021 $20 billion peak. While seed and Series A deals comprised two‑thirds of the rounds, late‑stage financings delivered half...
Major Data Breach Hits Company Operating 150 Gas Stations in the US
Texas‑based Gulshan Management Services, which operates over 150 Handi Plus and Handi Stop gas stations, disclosed a massive data breach affecting more than 377,000 individuals. Attackers infiltrated an external system between September 17 and September 27, 2025, and the breach was only detected on September 27....
Microsoft Warns of a Surge in Phishing Attacks Exploiting Email Routing Gaps
Microsoft’s Threat Intelligence team reports a sharp rise in phishing campaigns that exploit complex email routing and misconfigured MX, DMARC, and SPF settings. Attackers use these gaps to make malicious messages appear as internal communications, often leveraging phishing‑as‑a‑service platforms such...
Debian Seeks Volunteers to Rebuild Its Data Protection Team
The Debian Project announced that its Data Protection Team has become inactive after all three members stepped down simultaneously. The responsibilities for handling privacy inquiries, maintaining the public privacy policy, and processing data‑subject requests have temporarily shifted to Project Leader...
The Future of Cybersecurity Includes Non-Human Employees
Enterprises are witnessing a surge in non‑human identities (NHIs) such as bots, AI agents, and service accounts, now deemed as critical as human accounts—51% of respondents in ConductorOne's 2025 report affirm this shift. These machine identities often operate with standing,...
WWT Introduces ARMOR, a Vendor-Agnostic Framework for Secure AI Readiness
World Wide Technology (WWT) unveiled ARMOR, a vendor‑agnostic AI Readiness Model for Operational Resilience built with NVIDIA. The framework spans six security domains—from governance and risk to model, infrastructure, operations, SDLC, and data protection—providing end‑to‑end guidance across cloud and on‑prem...
Unpatched TOTOLINK EX200 Flaw Enables Root-Level Telnet Access, CERT/CC Warns
On Jan 6 2026, CERT/CC disclosed CVE‑2025‑65606 affecting the TOTOLINK EX200 range extender. An authenticated attacker can upload a malformed firmware file that forces the device into an error state, automatically launching an unauthenticated root‑level telnet service. The telnet console provides full...
Google Cloud Service Exploited in New Phishing Campaign
Check Point researchers uncovered a phishing campaign that abuses Google Cloud Application Integration’s “Send Email” task to dispatch malicious messages from trusted Google infrastructure. In a two‑week window the attackers sent 9,394 phishing emails targeting roughly 3,200 organizations, primarily in...
Hexnode XDR Unifies Detection, Investigation, and Response in One Platform
Hexnode has introduced Hexnode XDR, an extended detection and response platform that consolidates threat detection, investigation, and remediation into a single interface. The solution embeds a unified dashboard, real‑time correlation, contextual alerts and one‑click remediation, and it integrates tightly with...
Keysight Empowers Engineering Teams to Build Trustworthy AI Systems
Keysight Technologies launched the AI Software Integrity Builder, a lifecycle‑based platform that unifies dataset analysis, model validation, and inference testing for AI systems. The tool is aimed at safety‑critical domains such as automotive, helping engineers demonstrate transparency, reliability, and regulatory...
8 Things CISOs Can’t Afford to Get Wrong in 2026
CISOs face a rapidly evolving threat landscape in 2026, from AI‑driven identity attacks and complex supply‑chain vulnerabilities to heightened geopolitical cyber aggression. Missteps in AI agent governance, cloud security, and compliance can trigger costly breaches, while human error continues to...
When AI Agents Interact, Risk Can Emerge without Warning
New research from the Fraunhofer Institute shows that interactions among AI agents can generate systemic risks even when each agent follows its own design parameters. The study identifies feedback loops, shared signals, and coordination patterns as mechanisms that produce emergent...
What European Security Teams Are Struggling to Operationalize
Kiteworks’ 2026 forecast reveals European security and compliance teams have robust regulatory policies but weak operational execution. AI‑specific incident response, software‑supply‑chain visibility, third‑party coordination, and compliance automation all lag global averages. Adoption rates for AI anomaly detection, SBOM management, and...
.jpg?height=635&t=1767627040&width=1200)
The AI Powered Classroom Network of the Future: Because Hackers Never Take Recess
Schools are rapidly adopting AI-driven learning tools, but these applications demand high‑bandwidth, low‑latency connectivity that legacy networks cannot provide. Modernizing the campus network—both wired and wireless—is essential to sustain real‑time AI services, protect student data, and prevent ransomware disruptions. Integrated...
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A critical remote code execution flaw (CVE‑2026‑0625) has been discovered in legacy D‑Link DSL routers, exploiting the dnscfg.cgi endpoint via command injection. The vulnerability carries a CVSS score of 9.3 and is actively being leveraged in the wild, with attacks...
HIPAA Compliance and Breach Communications: Helpful Tips for SMBs
North Country Communications launched a consultancy on Dec. 15 to help small and mid‑size HIPAA‑regulated entities meet privacy, security, and breach‑notification requirements. The firm offers granular, on‑site or virtual assessments that cover risk analyses, vendor contracts, website security, and state law...
Founder of Spyware Maker pcTattletale Pleads Guilty to Hacking and Advertising Surveillance Software
Bryan Fleming, founder of the U.S. spyware firm pcTattletale, entered a guilty plea in San Diego federal court to charges of computer hacking, illegal sale and advertising of surveillance software, and conspiracy. The case represents the first successful U.S. federal...
Desjardins Data Breach: Quebec Suspect Arrested in Spain
Quebec police announced the arrest of Juan Pablo Serrano, a Canadian fugitive linked to the multimillion‑dollar Desjardins data breach, in Spain on November 6, 2025. Serrano faces charges of fraud, identity theft and trafficking in personal information, and will be extradited to Canada...
Flare Researchers Analyze SafePay Ransomware Leak Data
Flare’s research reveals SafePay ransomware’s rapid rise in 2024‑25, focusing on small and mid‑size businesses (SMBs) through a classic double‑extortion model. By publishing over 500 victim records on Tor leak sites, the group pressures targets with regulatory, legal and reputational...
Hacktivist Exposes and Deletes White Supremacist Websites Live at Conference
At the Chaos Communication Congress in Hamburg, hacktivist Martha Root publicly deleted three white‑supremacist sites—WhiteDate, WhiteChild and WhiteDeal—while the audience cheered. The live takedown was accompanied by the release of data on more than 6,000 users from the dating platform,...
WordPress Admins Targeted by Renewal Email Phishing Scam
A sophisticated phishing campaign is targeting WordPress administrators with fake domain renewal emails. The emails direct victims to a counterfeit WordPress payment portal that harvests credit‑card details and 3‑D Secure one‑time passwords. Stolen data is immediately relayed to attacker‑controlled Telegram...
A Hacker, Known as Martha Root, Takes Down a White Supremacist Dating Site Live
At the Chaos Communication Congress, German hacker known as “Martha Root” publicly dismantled a white‑supremacist dating website. Dressed as a pink Power Ranger, she demonstrated live how she had breached the platform, downloaded every user profile, and ran an AI...
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats From 900,000 Users
Security researchers have identified two malicious Chrome extensions—"Chat GPT for Chrome with GPT‑5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more"—that together have been installed by roughly 900,000 users. The extensions harvest OpenAI ChatGPT...
MacOS Flaw Enables Silent Bypass of Apple Privacy Controls
A newly disclosed macOS vulnerability (CVE-2025-43530) lets attackers silently bypass the Transparency, Consent, and Control (TCC) privacy framework by exploiting trusted VoiceOver services. The flaw combines a lax file‑based validation of Apple‑signed binaries with a TOCTOU race condition, enabling arbitrary...
High-Severity Flaw in Open WebUI Affects AI Connections
A high‑severity vulnerability (CVE‑2025‑64496) was found in Open WebUI versions 0.6.34 and earlier when the Direct Connections feature is enabled. The flaw lets a malicious AI endpoint send crafted server‑sent events that execute JavaScript in the user’s browser, stealing localStorage tokens and...
What Is a Proxy Server? A Complete Guide to Types, Uses, and Benefits
A proxy server acts as an intermediary between client devices and the Internet, forwarding requests, filtering data, and returning responses. The guide distinguishes forward proxies, which protect users by masking IPs, enforcing policies, caching content, and inspecting traffic, from reverse...
How to Avoid Phishing Incidents in 2026: A CISO Guide
By 2026 phishing emails will mimic legitimate messages, evading traditional filters. CISOs are turning to behavior‑based sandbox analysis to see the full attack chain within seconds, dramatically cutting verdict times. Automated interactivity and real‑time threat context enable faster, more accurate...
What Is Identity Dark Matter?
Identity dark matter describes the growing pool of unmanaged human and non‑human identities spread across SaaS, IaaS, on‑prem and shadow applications. Traditional IAM and IGA tools only cover the managed half, leaving bots, service accounts and orphaned users invisible. This...
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX
AI‑powered forks of Microsoft VS Code such as Cursor, Windsurf, Google Antigravity and Trae have been found recommending extensions that do not exist in the Open VSX registry. Because the extension names are unclaimed, threat actors can publish malicious packages under those...
Open WebUI Bug Turns the ‘Free Model’ Into an Enterprise Backdoor
Security researchers have uncovered a high‑severity vulnerability (CVE‑2025‑64496) in Open WebUI, a self‑hosted interface for large language models. The flaw resides in the Direct Connections feature, where unsafe handling of server‑sent events lets a malicious model server inject JavaScript that...
Jaguar Land Rover's Q3 Sales Crash Amid Cyber-Attack Fallout
Jaguar Land Rover reported a sharp sales decline in Q3 2025 after a late‑August cyber‑attack crippled its factories. Retail volumes fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Production stoppages in September and lingering...
Critical N8n Vulnerability Allows Arbitrary Command Execution (CVE-2025-68668)
A critical vulnerability (CVE‑2025‑68668) in n8n’s Python Code Node lets authenticated users bypass the sandbox and execute arbitrary system commands. The flaw affects all n8n versions from 1.0.0 up to, but not including, 2.0.0 and carries a CVSS score of...
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia
AccuKnox has named Connex Information Technologies as its authorized distribution partner for Zero Trust CNAPP solutions across South and Southeast Asia. Connex, operating in 14 countries with a network of over 1,500 channel partners, will drive localized deployment, partner enablement...
6 Strategies for Building a High-Performance Cybersecurity Team
Veteran security leaders outline six strategies to transform cybersecurity groups from collections of high‑performing individuals into cohesive, high‑performing teams. The approach emphasizes hiring a blend of ambitious innovators and reliable "rock stars," while also seeking diverse backgrounds for broader perspective....
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
A critical path‑traversal flaw (CVE‑2026‑21440) in the @adonisjs/bodyparser npm package received a CVSS score of 9.2, allowing remote attackers to write arbitrary files when MultipartFile.move() is called without proper sanitization. The vulnerability affects versions up to 10.1.1 and 11.0.0‑next.5 and...
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Startup Trends Shaking Up Browsers, SOC Automation, AppSec
Startups are reshaping cybersecurity by turning browsers into the new endpoint, leveraging Chrome’s Manifest V3 extensions for Browser Detection and Response, and applying large‑language models to AppSec and SOC automation. MV3‑based extensions from SquareX, Keep Aware and LayerX give real‑time...
Advisor360 Gets a Handle on Shadow AI via Automation
Advisor360, a wealth‑management platform, faced uncontrolled shadow AI use as employees adopted free AI tools, creating security blind spots. Its small security operations center struggled to manually vet tools, taking days to assess risk. In 2024 the firm partnered with...
CISOs Face a Tighter Insurance Market in 2026
Cyber‑insurance premiums have softened but rate cuts are slowing, and insurers now demand verifiable security controls before underwriting. Boards increasingly view cyber coverage as a non‑negotiable component of risk‑management, pairing it with robust controls rather than treating it as a...
Why Arbor Edge Defense and CDN-Based DDoS Protection Are Better Together
Arbor Edge Defense (AED) complements CDN‑based DDoS mitigation by providing inline, on‑premises protection against low‑volume, application‑layer and state‑exhaustion attacks that cloud scrubbing services often miss. AED leverages AI/ML and NETSCOUT’s ATLAS threat intelligence, which monitors roughly half of global internet...
Why Cybersecurity Needs to Focus More on Investigation and Less on Just Detection and Response
Cybersecurity strategies prioritize detection and response, but over‑reliance limits long‑term protection. The article argues that investigative analysis—examining packet‑level data, attack vectors, and root causes—provides essential insights to prevent repeat incidents. Advanced threats like APTs and zero‑days often evade detection, making...
5 Myths About DDoS Attacks and Protection
The article debunks five common DDoS myths, highlighting that attacks are far more frequent and diverse than many believe. NETSCOUT’s ASERT team recorded over 15 million DDoS incidents in 2024, with a 43 % rise in sub‑gigabit, application‑layer assaults. It explains why...
Researchers Warn of Data Exposure Risks in Claude Chrome Extension
Anthropic launched a beta Claude Chrome extension that lets the AI browse, click, and type on users' behalf, fundamentally shifting the browser security model. Zenity Labs discovered the tool stays logged in permanently, exposing OAuth tokens, console logs, and personal...
Stress Caused by Cybersecurity Threats Is Taking Its Toll
Cyber threats are increasingly complex, sparking a mental‑health crisis among IT and security teams. A recent Object First survey of 500 professionals found 84% feel uncomfortably stressed and 78% fear personal blame for breaches. Nearly 60% are actively looking for...
Ca: Leduc County Target of Christmas Day Cybersecurity Attack
Leduc County in Alberta disclosed that a deliberate ransomware attack struck on December 25, disabling several of its information technology systems. The county became aware of the intrusion on Christmas Day and immediately initiated incident response protocols. While officials have...
VVS Stealer Uses Advanced Obfuscation to Target Discord Users
The VVS stealer, a Python‑based malware family distributed as a PyInstaller package, employs Pyarmor obfuscation to evade detection and specifically harvest Discord tokens and browser credentials. It injects malicious JavaScript into the Discord client, extracts data from Chromium‑based and Firefox...
Handala Leak Shows Telegram Account Risk, Not iPhone Hacks
Iran‑linked group Handala claimed full phone compromise of former Israeli PM Naftali Bennett and Chief of Staff Tzachi Braverman, but Kela researchers found the breach was limited to their Telegram accounts. The attackers likely used SIM‑swap, SS7 interception, phishing lures...
Reminder: Survey on Threats Experienced by Journalists and Security Researchers
DataBreaches.net and security journalist Zack Whittaker have issued a reminder for cybersecurity journalists and researchers to complete a threat‑experience survey. The questionnaire captures legal actions, court orders, and violent intimidation faced while covering cybercrime. Participation is free via a Google...
