What an AI-Written Honeypot Taught Us About Trusting Machines
Intruder used an AI model to draft a honeypot prototype, but the generated code mistakenly trusted client‑supplied IP headers, allowing attackers to inject payloads via spoofed headers. The flaw went unnoticed by static analysis tools like Semgrep and Gosec, highlighting a gap in automated security scanning. This incident underscores how over‑reliance on AI‑generated code can introduce subtle vulnerabilities that evade traditional checks. The team’s experience serves as a cautionary tale for organizations adopting AI‑assisted development without robust review processes.
Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
Microsoft Teams to Add Brand Impersonation Warnings to Calls
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
INC Ransomware Opsec Fail Allowed Data Recovery for 12 US Orgs
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
Why Active Directory Password Resets Are Surging in Hybrid Work
Hybrid work has turned routine Active Directory password resets into a major productivity drain, as cached credentials and frequent rotation policies cause more lockouts. Since 2022, over half of U.S. employees operate in hybrid models, leading to an estimated 923...
New Android Malware Uses AI to Click on Hidden Browser Ads
A new Android click‑fraud trojan family uses TensorFlow.js to run AI models inside a hidden WebView, visually identifying and tapping ads instead of relying on static JavaScript code. The malware is distributed through Xiaomi’s GetApps store, third‑party mod APK sites,...
Online Retailer PcComponentes Says Data Breach Claims Are Fake
PcComponentes, a leading Spanish tech retailer, denied a claim that a breach exposed 16 million customers, stating the figure was inflated. The company confirmed a credential‑stuffing attack that compromised a limited set of accounts, revealing names, addresses and contact details. Threat...
Fortinet Admins Report Patched FortiGate Firewalls Getting Hacked
Fortinet’s latest FortiOS releases (7.4.9 and 7.4.10) failed to fully remediate the critical CVE‑2025‑59718 authentication bypass, allowing attackers to create privileged admin accounts via crafted SAML messages. Administrators have reported successful exploits on patched firewalls, prompting Fortinet to announce emergency...
Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms
Pentera uncovered nearly 2,000 publicly exposed security‑testing web apps—such as DVWA, Juice Shop and bWAPP—hosted on AWS, GCP and Azure. These intentionally vulnerable tools were linked to over‑privileged IAM roles, allowing attackers to steal cloud credentials and gain admin access....
GitLab Warns of High-Severity 2FA Bypass, Denial-of-Service Flaws
GitLab announced patches for a high‑severity two‑factor authentication bypass (CVE‑2026‑0723) and multiple denial‑of‑service flaws affecting both Community and Enterprise editions. The 2FA bypass lets attackers with a known account ID circumvent the second factor, while CVE‑2025‑13927 and CVE‑2025‑13928 enable unauthenticated...
Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026
Security researchers at Pwn2Own Automotive 2026 demonstrated 37 zero‑day vulnerabilities in Tesla's infotainment system, earning $516,500 on day one. Synacktiv secured $35,000 by chaining an information leak and out‑of‑bounds write to gain root, while other teams exploited EV chargers and navigation...
EU Plans Cybersecurity Overhaul to Block Foreign High-Risk Suppliers
The European Commission has unveiled a comprehensive cybersecurity package that gives it authority to conduct EU‑wide risk assessments and restrict high‑risk foreign suppliers in critical telecom infrastructure. The proposal builds on the voluntary 5G Security Toolbox and expands the Cybersecurity...
Make Identity Threat Detection Your Security Strategy for 2026
Identity Threat Detection & Response (ITDR) is positioned as the core security strategy for 2026, shifting focus from perimeter defenses to monitoring compromised accounts. The article highlights that identity‑based attacks are the most common threat, and traditional controls like MFA...
Webinar: Aligning Cybersecurity Purchases with What Your SOC Team Needs
Security operations centers are plagued by alert fatigue because many tools are selected by executives without input from analysts. A BleepingComputer webinar on Jan. 29 will feature Sumo Logic experts discussing the disconnect between purchasing decisions and SOC needs. The session...
New OpenAI Leak Hints at Upcoming ChatGPT Features
OpenAI is quietly testing a major ChatGPT web update slated for rollout in the next few weeks. The preview, dubbed “Salute,” adds a task‑creation interface with file uploads and progress tracking. Additional changes include a model‑preference flag aimed at hospitality‑specific...
Microsoft Releases OOB Windows Updates to Fix Shutdown, Cloud PC Bugs
Microsoft issued emergency out‑of‑band (OOB) updates for Windows 10, Windows 11, and Windows Server after the January 2026 Patch Tuesday introduced two critical bugs. The first bug broke credential prompts for Microsoft 365 Cloud PC and Azure Virtual Desktop sessions, while the second prevented...
Google Chrome Now Lets You Turn Off On-Device AI Model Powering Scam Detection
Google Chrome now lets users delete the on‑device AI model that powers the Enhanced Protection feature, which uses generative AI to detect scams, malicious downloads, and risky extensions. The toggle appears in Settings > System under “On‑device GenAI.” The capability is currently...
StealC Hackers Hacked as Researchers Hijack Malware Control Panels
Researchers at CyberArk uncovered a cross‑site scripting (XSS) vulnerability in the web‑based control panel of the StealC info‑stealing malware. Exploiting the flaw, they observed active operator sessions, harvested browser and hardware fingerprints, and hijacked session cookies to gain remote control...
Microsoft: Windows 11 Update Causes Outlook Freezes for POP Users
Microsoft is investigating a January Windows 11 security update (KB5074109) that causes the classic Outlook desktop client to freeze for users with POP email accounts. The problem affects devices running the 25H2 and 24H2 builds, preventing Outlook from exiting cleanly and...
Cisco Finally Fixes AsyncOS Zero-Day Exploited Since November
Cisco has released a patch for the critical AsyncOS zero‑day (CVE‑2025‑20393) affecting Secure Email Gateway and Secure Email and Web Manager appliances with internet‑exposed Spam Quarantine. The flaw allowed remote attackers to execute arbitrary commands with root privileges. Cisco Talos...
Microsoft: Some Windows PCs Fail to Shut Down After January Update
Microsoft confirmed that the January 13, 2026 cumulative update KB5073455 causes Windows 11 23H2 Enterprise and IoT devices with System Guard Secure Launch to fail shutting down, forcing a restart instead. The bug does not affect consumer editions and also blocks hibernation, leaving machines...
Grubhub Confirms Hackers Stole Data in Recent Security Breach
Grubhub confirmed that unauthorized actors downloaded data from its systems, prompting an immediate investigation and security hardening. The company disclosed that financial details and order histories were not compromised, but it is facing extortion demands from the ShinyHunters cybercrime group....
Hackers Exploit Modular DS WordPress Plugin Flaw for Admin Access
Security researchers have identified a critical remote authentication bypass in the Modular DS WordPress plugin, tracked as CVE‑2026‑23550. The flaw, present in versions 2.5.1 and earlier, lets attackers obtain admin‑level access by exploiting a trusted‑request bypass and an automatic login fallback....
FTC Bans GM From Selling Drivers' Location Data for Five Years
The U.S. Federal Trade Commission finalized an order against General Motors and its OnStar subsidiary for collecting and selling precise geolocation and driver‑behavior data without consent. The settlement bans GM from sharing such data with consumer reporting agencies for five...
Palo Alto Networks Warns of DoS Bug Letting Hackers Disable Firewalls
Palo Alto Networks disclosed a high‑severity flaw, CVE‑2026‑0227, that lets unauthenticated attackers trigger a denial‑of‑service condition on PAN‑OS firewalls and Prisma Access gateways when GlobalProtect is enabled. The bug forces the appliance into maintenance mode, effectively disabling protection. Palo Alto...
Microsoft Updates Windows DLL that Triggered Security Alerts
Microsoft released a service alert confirming that the WinSqlite3.dll library, a core Windows component, was mistakenly flagged by third‑party security tools as vulnerable to CVE‑2025‑6965. The false‑positive affected Windows 10, Windows 11, and Windows Server 2012‑2025 systems for several months. Microsoft updated...
Reprompt Attack Let Hackers Hijack Microsoft Copilot Sessions
Researchers at Varonis uncovered a “Reprompt” attack that lets hackers hijack Microsoft Copilot Personal sessions by embedding malicious prompts in the URL’s `q` parameter. After a victim clicks a crafted link, the attacker can issue follow‑up commands that bypass Copilot’s...
Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners
Cloud commerce platform Pax8 inadvertently emailed an internal spreadsheet to fewer than 40 UK partners, exposing business data for roughly 1,800 managed service providers. The CSV listed more than 56,000 entries, including partner IDs, customer names, Microsoft SKU counts and...
Victorian Department of Education Says Hackers Stole Students’ Data
The Victorian Department of Education disclosed that an unauthorized party accessed a database containing personal details and school‑issued email addresses of current and former students, along with encrypted passwords. More sensitive information such as birth dates, home addresses, and phone...
Microsoft: Windows 365 Update Blocks Access to Cloud PC Sessions
Microsoft confirmed that a recent Windows 365 update is preventing users from signing into their Cloud PC sessions, causing widespread access failures that began on Tuesday at 19:00 UTC. The issue, tracked under incident WP1217671, stems from a security‑focused update that unintentionally broke...
Monroe University Says 2024 Data Breach Affects 320,000 People
Monroe University disclosed that a December 2024 cyberattack compromised personal, financial, and health data of more than 320,000 individuals. Attackers accessed the network for two weeks, from Dec 9 to Dec 23, before the breach was detected. The university began notifying affected...
Ukraine's Army Targeted in New Charity-Themed Malware Campaign
Ukraine’s Defense Forces were hit by a charity‑themed malware campaign from October to December 2025 that delivered the PluggyApe backdoor. The attacks arrived via Signal or WhatsApp messages promising charitable documents, but instead provided password‑protected PIF archives containing malicious payloads. Ukrainian...
Central Maine Healthcare Breach Exposed Data of over 145,000 People
Central Maine Healthcare suffered a cyber intrusion that lasted from March 19 to June 1, 2024, exposing the personal and health information of 145,381 individuals. The breach affected patients, current and former employees, revealing names, dates of birth, treatment details,...
New Windows Updates Replace Expiring Secure Boot Certificates
Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 devices. The certificates, which protect the pre‑boot environment, are set to expire in June 2026, prompting a phased rollout through Windows quality updates. High‑confidence devices receive the...
Windows 11 KB5074109 & KB5073455 Cumulative Updates Released
Microsoft released the Windows 11 KB5074109 and KB5073455 cumulative updates for 25H2/24H2 and 23H2, delivering the January 2026 Patch Tuesday security patches. The updates raise build numbers to 26200.7623 (or 26100.7462) and 226x1.6050, and they address a range of vulnerabilities, driver compatibility,...
Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Flaws
Microsoft released its January 2026 Patch Tuesday update, addressing 114 security flaws across Windows and related services. The bundle includes eight critical vulnerabilities—six remote code execution and two elevation‑of‑privilege bugs—plus one actively exploited information‑disclosure flaw in Desktop Window Manager. Two publicly...
Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
Scammers are posting fake LinkedIn reply comments that mimic official policy‑violation notices and direct users to malicious links. The fraudsters leverage LinkedIn’s own lnkd.in URL shortener, making the phishing URLs appear legitimate. Impersonated company pages also use the LinkedIn logo...
CISA Orders Feds to Patch Gogs RCE Flaw Exploited in Zero-Day Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal civilian agencies to patch a critical zero‑day vulnerability in the Gogs Git service, identified as CVE‑2025‑8110. The flaw allows authenticated attackers to exploit a path‑traversal weakness in the...
'Bad Actor' Hijacks Apex Legends Characters in Live Matches
A weekend security incident in Apex Legends allowed a bad actor to hijack player characters, disconnect them, and rename teammates to “RSPN Admin.” Respawn clarified that the breach did not involve malware or remote code execution, suggesting the attacker used...
Apple Confirms Google Gemini Will Power Siri, Says Privacy Remains a Priority
Apple announced that its upcoming Siri will be powered by Google’s Gemini large‑language models, marking a multi‑year collaboration between the two rivals. The partnership moves Siri away from Apple’s in‑house AI, which has lagged behind competitors like GPT and Copilot,...
Hidden Telegram Proxy Links Can Reveal Your IP Address in One Click
Security researchers have shown that Telegram’s proxy links (t.me/proxy) automatically trigger a direct connection to the specified server before the user confirms adding the proxy. This behavior lets an attacker‑controlled proxy log the user’s real IP address with a single...
Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers
Spanish utility Endesa disclosed a data breach affecting its Energía XXI customers, with hackers obtaining contract‑related personal information such as IDs, contact details, and IBANs. The company says passwords were not exposed and no fraudulent use has been detected so far....
Prevent Cloud Data Leaks with Microsoft 365 Access Reviews
Microsoft 365’s frictionless sharing fuels productivity but also creates oversharing risks that security teams struggle to monitor. Native Microsoft tools provide no centralized view of shared files across Teams, OneDrive and SharePoint, leaving a blind spot for data leakage. Tenfold’s identity‑governance...
Max Severity Ni8mare Flaw Impacts Nearly 60,000 N8n Instances
Security researchers have identified a maximum‑severity vulnerability, dubbed “Ni8mare,” affecting the open‑source automation platform n8n. Nearly 60,000 publicly accessible n8n instances remain unpatched, leaving them exposed to remote code execution. The flaw stems from improper input validation in the workflow...
Anthropic Brings Claude to Healthcare with HIPAA-Ready Enterprise Tools
Anthropic announced that its Claude large‑language model is now HIPAA‑ready and equipped with enterprise tools for the health‑care sector. The company is testing connectors that link Claude to the CMS Coverage Database, enabling automated Medicare eligibility checks and prior‑authorization support....
California Bans Data Broker Reselling Health Data of Millions
California's Privacy Protection Agency fined data‑broker Datamasters $45,000 and barred it from selling Californians' personal health information after it failed to register under the California Delete Act. The agency also ordered the firm to delete millions of records by the...
Ireland Recalls Almost 13,000 Passports over Missing 'IRL' Code
Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update omitted the mandatory "IRL" issuing‑state code in the machine‑readable zone. The defect affects passports issued between 23 December 2025 and 6 January 2026, potentially causing eGate and border‑control rejections worldwide....
Microsoft May Soon Allow IT Admins to Uninstall Copilot
Microsoft is testing a new RemoveMicrosoftCopilotApp policy that lets IT administrators uninstall the AI‑powered Copilot app from managed Windows 11 devices. The policy rolls out to Dev and Beta Insider channels on build 26220.7535 and works with Intune or SCCM. It targets...
Illinois Man Charged with Hacking Snapchat Accounts to Steal Nude Photos
Illinois prosecutors have charged 26‑year‑old Kyle Svara with a large‑scale phishing scheme that compromised roughly 570 Snapchat accounts, stealing private photos from nearly 600 women. Between May 2020 and February 2021 he impersonated Snap representatives, texting over 4,500 targets to obtain access...
CISA Retires 10 Emergency Cyber Orders in Rare Bulk Closure
The Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives spanning 2019‑2024, the largest bulk closure in its history. All required mitigations are now covered by Binding Operational Directive 22‑01, which leverages the agency’s Known Exploited Vulnerabilities (KEV) catalog....