Recent Posts
News•Jan 27, 2026
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
Continuous Threat Exposure Management (CTEM) is a Gartner‑defined, continuous cycle that links threats, vulnerabilities, and attack‑surface data to prioritize exploitable exposures. It moves security from isolated scans to an operational model of scoping, discovery, prioritization, validation, and mobilization. By integrating threat intelligence, CTEM narrows focus to the small fraction of vulnerabilities that attackers actually weaponize. The approach demands cross‑team coordination and executive sponsorship to translate evidence into remediation and risk reduction.
By The Hacker News
News•Jan 27, 2026
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Trend Micro researchers have uncovered a JScript‑based command‑and‑control framework called PeckBirdy, used by China‑aligned APT groups since 2023. The framework runs via living‑off‑the‑land binaries across browsers, MSHTA, WScript, Node JS and .NET, delivering modular backdoors such as HOLODONUT and MKDOOR. It powers...
By The Hacker News
News•Jan 26, 2026
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
By The Hacker News
News•Jan 26, 2026
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
Offensive AI is reshaping cyber attacks, with large language models generating and morphing malware in real time. Recent incidents such as Anthropic’s AI‑orchestrated espionage campaign and ClickFix steganography attacks show adversaries bypassing traditional endpoint detection (EDR). Network Detection and Response...
By The Hacker News
News•Jan 22, 2026
Filling the Most Common Gaps in Google Workspace Security
Google Workspace’s default security leaves critical gaps, especially in Gmail where Business Email Compromise and sophisticated spear‑phishing thrive. Native protections lack contextual awareness of VIP contacts and cannot fully safeguard years‑long email archives. The article recommends enabling advanced scanning, enforcing...
By The Hacker News
News•Jan 22, 2026
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A critical authentication‑bypass flaw in SmarterTools' SmarterMail was patched on Jan 15, 2026, but attackers began exploiting it by Jan 17, 2026. The vulnerability allows unauthenticated users to reset the system administrator password via the /api/v1/auth/force-reset-password endpoint and then execute OS commands, yielding a...
By The Hacker News
News•Jan 21, 2026
Exposure Assessment Platforms Signal a Shift in Focus
Gartner’s inaugural Magic Quadrant introduces Exposure Assessment Platforms (EAP) as a formal replacement for traditional vulnerability management, emphasizing Continuous Threat Exposure Management. The report evaluated 20 vendors on continuous discovery, risk‑informed prioritization, and cross‑environment visibility. Data shows 74 % of identified...
By The Hacker News
News•Jan 20, 2026
The Hidden Risk of Orphan Accounts
Orchid Security highlights the growing threat of orphan accounts—unused human, service, and AI identities that remain active across enterprise environments due to fragmented IAM and IGA processes. These hidden credentials, often with elevated privileges, have been leveraged in high‑profile breaches...
By The Hacker News
News•Jan 20, 2026
Why Secrets in JavaScript Bundles Are Still Being Missed
Intruder scanned 5 million web applications and uncovered over 42,000 exposed tokens hidden in JavaScript bundles. The secrets spanned 334 types, including active GitHub, GitLab, and Linear API keys, as well as Slack, Zapier, and CAD service credentials. Existing scanners—traditional regex‑based...
By The Hacker News
News•Jan 17, 2026
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German authorities have arrested two Ukrainian suspects linked to the Black Basta ransomware‑as‑a‑service operation and placed its alleged Russian leader, Oleg Nefedov, on the EU Most Wanted and INTERPOL Red Notice lists. The gang, which emerged in 2022, infiltrated over...
By The Hacker News
News•Jan 16, 2026
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Researchers identified five malicious Chrome extensions that masquerade as HR and ERP tools such as Workday, NetSuite, and SuccessFactors. The add‑ons steal authentication cookies, block security‑admin pages, and enable session hijacking by injecting stolen tokens. While most have been removed...
By The Hacker News
News•Jan 16, 2026
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
Chinese‑linked APT group UAT‑8837 has been exploiting a critical Sitecore zero‑day (CVE‑2025‑53690, CVSS 9.0) to breach American critical‑infrastructure networks. The attackers gain initial access via the vulnerability or stolen credentials, then deploy open‑source tools such as GoTokenTheft, SharpHound and Rubeus to...
By The Hacker News
News•Jan 15, 2026
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The latest ThreatsDay bulletin spotlights a wave of high‑severity, unauthenticated remote code execution flaws—from Redis’s XACKDEL buffer overflow affecting roughly 2,900 servers to AI‑ML libraries that execute malicious model metadata. It also flags a Broadcom Wi‑Fi chipset kill‑switch that can...
By The Hacker News
News•Jan 15, 2026
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
Security teams are still focusing on protecting AI models, but recent incidents show the real risk lies in the workflows surrounding them. Malicious Chrome extensions harvested chat data from over 900,000 users, and prompt‑injection attacks can coerce AI coding assistants...
By The Hacker News
News•Jan 15, 2026
4 Outdated Habits Destroying Your SOC's MTTR in 2026
Many security operations centers still rely on outdated, manual processes that slow incident response. The article highlights four habits—manual sample review, sole reliance on static scans, fragmented toolsets, and excessive alert escalations—that inflate mean time to respond. It shows how...
By The Hacker News
News•Jan 14, 2026
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
Black Lotus Labs at Lumen Technologies announced that it has null‑routed traffic to more than 550 command‑and‑control nodes used by the AISURU/Kimwolf botnet since early October 2025. The botnet now controls over two million Android devices, primarily unsecured TV boxes, and...
By The Hacker News
News•Jan 14, 2026
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
New research shows 64% of third‑party applications on websites access sensitive data without a clear business justification, up from 51% in 2024. Only 39% of security leaders have deployed dedicated web‑exposure solutions, despite 81% ranking web attacks as a top...
By The Hacker News
News•Jan 14, 2026
Critical Node.js Vulnerability Can Cause Server Crashes via Async_hooks Stack Overflow
Node.js released security updates fixing a critical vulnerability (CVE‑2025‑59466) that causes the runtime to terminate with exit code 7 when a stack overflow occurs while async_hooks is enabled. The bug affects all versions from 8.x through 18.x and impacts major frameworks...
By The Hacker News
![[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2N9qZuwkcslheNUOsWaTDrMYeXiBUfw1y-hItTvuGo71srarOm7AWzq3o7ro9E0x_CnC7XmJGXKl1tfkc6gTMK288y6M_zN6Yg1FATduXSQmMlp_jnHESxVYZDuJnNozO_Ff-r-lWIyG5AikC8AwrOckeYVYcCQv2RjeLof2bxV_TrcbvRvZqrTIcjD0/s2600/ai-agent.jpg)
News•Jan 13, 2026
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
The Hacker News webinar spotlights the emerging security gap as agentic AI tools like Copilot, Claude Code, and Codex move from code generation to full‑cycle software deployment. Central to the risk are Machine Control Protocols (MCPs), which dictate which tools,...
By The Hacker News
News•Jan 13, 2026
New Advanced Linux VoidLink Malware Targets Cloud and Container Environments
Check Point Research has uncovered VoidLink, a sophisticated, cloud‑native Linux malware framework designed for long‑term stealth in cloud and container environments. First seen in December 2025, the platform includes custom loaders, rootkits, and more than 30 plug‑in modules written in Zig,...
By The Hacker News
News•Jan 8, 2026
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China‑linked threat group identified as UAT‑7290 has been conducting espionage‑focused intrusions against telecom providers in South Asia and, more recently, organizations in southeastern Europe. The actor performs extensive reconnaissance before exploiting one‑day vulnerabilities and SSH brute‑force to compromise edge...
By The Hacker News
News•Jan 8, 2026
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
This week’s ThreatsDay bulletin highlighted a surge in cyber threats across multiple fronts. CISA expanded its KEV catalog by 245 high‑risk flaws, while a critical hard‑coded token in RustFS exposed clusters to remote takeover. OpenAI faced a court order to...
By The Hacker News