Go Back

World's Security Today

Last updated: 2026-01-29 01:22 Refresh now

From Mandiant

No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network

Wed, 28 Jan 2026 14:00:00 +0000

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure...
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

Tue, 27 Jan 2026 14:00:00 +0000

Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows,...
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation

Thu, 15 Jan 2026 14:00:00 +0000

Written by: Nic Losby Introduction Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite ...
AuraInspector: Auditing Salesforce Aura for Data Exposure

Mon, 12 Jan 2026 14:00:00 +0000

Written by: Amine Ismail, Anirudha Kanodia Introduction Mandiant is releasing AuraInspector, a new open-source tool designed to help defenders identify and audit access control misconfigurations withi...
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Fri, 12 Dec 2025 14:00:00 +0000

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability...
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

Wed, 03 Dec 2025 14:00:00 +0000

Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, In...
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

Thu, 20 Nov 2025 14:00:00 +0000

Written by: Harsh Parashar, Tierra Duncan, Dan Perez Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PR...
Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem

Mon, 17 Nov 2025 14:00:00 +0000

Written by: Mohamed El-Banna, Daniel Lee, Mike Stokkel, Josh Goddard Overview Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, av...
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study

Thu, 13 Nov 2025 14:00:00 +0000

Written by: Josh Stroschein, Jae Young Kim The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the...
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

Mon, 10 Nov 2025 14:00:00 +0000

Written by: Stallone D'Souza, Praveeth DSouza, Bill Glynn, Kevin O'Flynn, Yash Gupta Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series bri...
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Wed, 05 Nov 2025 14:00:00 +0000

Executive Summary Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer...
Preparing for Threats to Come: Cybersecurity Forecast 2026

Tue, 04 Nov 2025 14:00:00 +0000

Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released toda...
Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring

Tue, 28 Oct 2025 14:00:00 +0000

Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today's Threat Landscape Privileged access stands as the most critical pathway fo...
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials

Thu, 23 Oct 2025 14:00:00 +0000

Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individua...
Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace

Tue, 21 Oct 2025 14:00:00 +0000

Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related...
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

Mon, 20 Oct 2025 14:00:00 +0000

Written by: Wesley Shields Introduction COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted operatio...
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and fac...
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) have tracked UNC5142, a financially motivated...
Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Thu, 09 Oct 2025 14:00:00 +0000

Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Update (Oct. 11): On Oct. 11, Oracle released another patch, addressing CVE-2025-61884. Introductio...
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

Tue, 30 Sep 2025 14:00:00 +0000

Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al, Ravi Kumar Raja Update (Nov. 21): In response to the Salesforce advisory related to Gainsight applic...

From Boannews

[김정덕의 AI 시대 보안 패러다임-7] AI 도입의 딜레마: 혁신의 속도와 리스크의 균형

Thu, 29 Jan 2026 15:09:00 +0900

신뢰 기반의 통합 거버넌스 구축 전략[연재목차 Part 2. AI 시대 보안 패러다임]1. AI 시대의 그림자, ‘딥페이크 사기’를 경계하라2. AI 시대, 번아웃 관리3. AI 편향과 공정성, 보안에서 무엇이 다른가4. 설명가능 AI와 인간의 최종 판단5. AI도 인간과 닮았다6. AI, ‘안전’과 ‘보안’의 경계를 허물다7. AI 도입의 딜레마: 혁신의
안랩, 올해 AI 사업전략 공유... ‘안랩 파트너 데이 2026’ 성료

Thu, 29 Jan 2026 15:06:00 +0900

[보안뉴스 강현주 기자] 안랩(대표 강석균)이 총판 및 공인 파트너사들에게 AI 중심의 사업전략을 공유했다. 안랩은 28일 양재동 엘타워에서 ‘안랩 파트너 데이 2026’(AhnLab Partner Day 2026)을 성료했다고 29일 밝혔다. 인공지능(AI) 대전환 시대 속에서 사이버 위협과 보안 복잡성이 매년 심화되는 가운데, 올해 행사는 ‘에이전틱 A
“사이버 범죄가 전체의 90%” 영국판 FBI ‘국가경찰국’ 신설 발표

Thu, 29 Jan 2026 15:06:00 +0900

사이버 범죄 급증 대응... 영국, 경찰 조직 국가 단위 통합 개편AI·디지털 포렌식 역량 강화로 수사 효율성 높여[보안뉴스 김형근 기자] 영국 정부가 사이버 범죄와 사기 등 온라인 범죄 급증에 대응하기 위해 경찰 조직 전면 개편안을 공식 발표했다.현재 영국 경찰 조직은 잉글랜드·웨일스 기준으로 43개 지역 경찰로 분산돼 운영되고 있다. 이로 인해 국경과
“공급망 보안 뚫리면 다 뚫려”... 럭스쉐어 침해로 애플 등 고객사 기술 정보 유출 우려

Thu, 29 Jan 2026 15:05:00 +0900

중국 럭스쉐어, 글로벌 빅테크 핵심 제조 파트너고객사 민감 기술 정보 등 유출 우려[보안뉴스 김형근 기자] 글로벌 전자제품 위탁 생산기업 럭스쉐어(Luxshare)가 랜섬웨어 공격을 받았다. 고객사인 애플, 엔비디아, 테슬라, LG 등 빅테크 기업들의 민감 데이터를 유출하겠다는 압박을 받고 있다. 중국 럭스쉐어는 아이폰, 에어팟, 비전 프로 등 애플 핵심
“양자 칩 제조 세계 1등 국가 되겠다”... 양자 기술 및 산업 육성 종합계획 공개

Thu, 29 Jan 2026 14:57:00 +0900

2035년 세계 1위 양자 칩 제조국 목표, 양자기업 2000개 육성양자전환(QX) 지역 거점 될 ‘양자클러스터’ 7월 확정... 삼성·LG·SK 등 주요 기업 참여해 양자기술 협의체 구성아이온큐, 글로벌 양자인프라 국내 도입, 3년간 1500만 달러 투자[보안뉴스 한세희 기자] 정부가 2035년까지 양자 칩 제조 세계 1위 국가를 목표로 2000개 양자
이노뎁, SK 출신 안태호 사장 CAO 영입 통해 수익성 중심 경영 전환 본격화

Thu, 29 Jan 2026 14:47:00 +0900

안태호 CAO, SK텔레콤과 NSOK 등에서 조직 혁신 이끌어 온 실행형 리더사업 포트폴리오 재정립, 투자 효율 기준 강화, 성과관리 체계 고도화 등 통해 체질 개선SECON 2026 등 통해 고도화 기술 공개 및 북미·일본 등 핵심 시장 글로벌 파트너십 강화[보안뉴스 엄호식 기자] 영상관제 데이터 플랫폼 기업 이노뎁이 SK 그룹 출신의 전문경영인 안태호
지니언스, 홈네트워크 세대간 망분리 보안 솔루션 ‘지니안 홈’ 출시

Thu, 29 Jan 2026 14:29:00 +0900

VPN·VLAN 기반 세대간 망분리 보안 솔루션 동시 제공[보안뉴스 강현주 기자] 사이버 보안 전문기업 지니언스(대표 이동범)는 홈네트워크 세대간 망분리 보안 솔루션 ‘지니안 홈’(Genian Home)을 정식 출시했다고 29일 밝혔다. ‘지니안 홈’은 안전하고 신뢰할 수 있는 주거 네트워크 환경 구현을 목표로, 가상사설명(VPN)과 가상근거리통신망(VLA
소만사, ‘프라이버시-i EDR’ VB100 12회 연속 A등급 획득

Thu, 29 Jan 2026 13:52:00 +0900

10회 이상 A등급·MVI 회원 자격 모두 충족한 국내 기업은 3곳뿐[보안뉴스 강현주 기자] 개인정보보호 전문기업 소만사(대표 김대환)는 자사 엔드포인트 탐지 및 대응(EDR) 솔루션 ‘프라이버시-i EDR’(Privacy-i EDR, 해외명 Privacy-i AV)이 세계 3대 악성코드 평가기관인 바이러스 불러틴의 VB100 테스트에서 12회 연속 A등급
[양자와 보안] 펜타시큐리티, 암호모듈에 PQC 적용 완료

Thu, 29 Jan 2026 13:42:00 +0900

기존 암호 체계에서 양자내성암호 체계로 단계적 전환 지원[보안뉴스 한세희 기자] 펜타시큐리티(대표 김태균)가 자사 암호모듈에 미국 표준기술연구원(NIST) 표준 양자내성암호(PQC) 알고리즘과 한국형 양자내성암호(KPQC) 알고리즘 적용을 모두 완료했다고 29일 밝혔다. 양자컴퓨팅 시대 암호 전환을 위한 기술적 대응 체계를 구축했다는 설명이다. 최근 양자컴
포티넷, CNAPP 기능 강화...클라우드 환경 실제 리스크 기반 우선순위 분석

Thu, 29 Jan 2026 13:16:00 +0900

클라우드 환경에서 리스크 가시성 강화, 경보 확인 우선순위 제공[보안뉴스 한세희 기자] 포티넷(CEO 켄 지)은 자사 포티CNAPP(FortiCNAPP, Cloud Native Application Protection Platform)에 클라우드 구성, ID 노출, 취약점, 네트워크 정책 적용, 데이터 민감도, 런타임 동작을 하나의 워크플로우에서 연계 분석

From Theori

Announcing Xint Code

Tue, 16 Dec 2025 00:43:33 GMT

Real Vulnerabilities. Actionable Results.
Building Effective LLM Agents | AI Cyber Challenge

Fri, 08 Aug 2025 19:28:00 GMT

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)
AI Cyber Challenge and Theori's RoboDuck

Fri, 08 Aug 2025 19:27:40 GMT

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system
Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge

Fri, 08 Aug 2025 19:25:46 GMT

Agent trajectory walkthroughs of a fully autonomous hacking system
How to Identify Phishing Scams

Mon, 28 Apr 2025 23:00:00 GMT

Learn how to spot phishing scams with expert tips recognizing suspicious emails, SMS, and fraudulent request for personal information.
Importance of Continuous Security: Lessons from the Bybit Case

Thu, 27 Mar 2025 06:38:06 GMT

In this article, we briefly look at the circumstances of the Bybit incident and discuss what countermeasures could have been implemented. Then, we discuss the limitations of current solutions and how Xint resolves them.
Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch

Sat, 15 Mar 2025 08:52:16 GMT

A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files.
Four Ways to Protect Your Legacy with Theori’s Cybersecurity Solutions

Sun, 16 Feb 2025 15:00:00 GMT

Discover the top cybersecurity threats for 2025 and how Theori's innovative solutions can safeguard your business from evolving cyber risks and costly data breaches.
DeepSeek Security, Privacy, and Governance: Hidden Risks in Open-Source AI

Thu, 06 Feb 2025 15:00:00 GMT

This post examines DeepSeek's security gaps, privacy practices, and open-source AI risks, offering practical advice for users and developers.
The True Cost of Siloed Security Tools

Fri, 20 Dec 2024 09:00:00 GMT

Security silos occur when different security tools, teams, or systems operate in isolation, unable to effectively share data or communicate.
Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

Wed, 06 Nov 2024 15:00:00 GMT

QueryX, Theori’s program analysis platform, automates variant analysis for vulnerability detection. Learn how its taint analysis module uncovered CVE-2023-39471.
Side Effects: When Continuous Development Introduces Security Threats

Mon, 04 Nov 2024 09:00:00 GMT

Dive into five significant security risks that emerged as unintended consequences of new feature development.
Top 5 Features Your ASM Solution Must Have

Thu, 24 Oct 2024 09:00:00 GMT

So you know what ASM is and why you need it — but which features are crucial? Here’s the run down.
Offensive Security with Large Language Models (2)

Mon, 30 Sep 2024 09:00:00 GMT

How LLMs are changing the game for static analysis — especially when source code is available.
Offensive Security with Large Language Models (1)

Fri, 27 Sep 2024 09:00:00 GMT

Applications of larage language models in offensive security
Winning the AIxCC Qualification Round

Mon, 23 Sep 2024 15:00:00 GMT

Theori’s Cyber Reasoning System (CRS) “Robo Duck” not only cleared the bar to get us $2M and a spot at the AIxCC finals in 2025, it also got the first place among all the submissions in the highly competitive event.
Top Penetration Testing Solutions for IT Security: 2024 Guide

Wed, 11 Sep 2024 09:00:00 GMT

The top 7penetration testing tools of 2024 for hackers and for businesses.
Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)

Tue, 03 Sep 2024 15:00:00 GMT

CVE-2024-27394 is a TCP-AO Use-After-Free vulnerability caused by improper RCU API usage. Read the in-depth analysis and reliable triggering technique.
Offensive Security vs. Defensive Security: Navigating the Two Pillars of Cybersecurity

Fri, 30 Aug 2024 09:00:00 GMT

Explore how offensive and defensive security strategies work together to protect against cyber threats.
A Deep Dive into the CoSoSys EndPoint Protector Exploit: Remote Code Execution

Thu, 29 Aug 2024 15:00:00 GMT

Four critical RCE vulnerabilities (CVE-2024-36072 to CVE-2024-36075) in CoSoSys Endpoint Protector were identified, allowing full server and client compromise. Read the full analysis.
Chaining N-days to Compromise All: Part 6 — Windows Kernel LPE: Get SYSTEM

Tue, 21 May 2024 15:00:00 GMT

The final part of the N-day exploit series analyzes CVE-2023-36802, a privilege escalation vulnerability in mskssrv.sys, used to gain SYSTEM access on a VMware host.
Chaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host Escape

Thu, 02 May 2024 15:00:00 GMT

CVE-2023-20869 was exploited to achieve arbitrary code execution on a VMware host from a guest system. Read the full technical analysis.
Chaining N-days to Compromise All: Part 4 — VMware Workstation Information leakage

Wed, 17 Apr 2024 15:00:00 GMT

CVE-2023-34044, a variant of CVE-2023-20870, was exploited to extract critical information from a VMware host process. Read the in-depth analysis.
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System

Mon, 08 Apr 2024 15:00:00 GMT

CVE-2023-29360, a logic bug in the mskssrv.sys driver, was exploited to escalate privileges to SYSTEM in a 1-day full chain attack. Read the detailed breakdown.
Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)

Sun, 31 Mar 2024 15:00:00 GMT

CVE-2023-21674, a Windows kernel UAF vulnerability, was used to escape the Chrome sandbox in a 1-day full chain exploit. Read the detailed analysis.
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE

Sun, 17 Mar 2024 15:00:00 GMT

This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8.
Fermium-252 : The Cyber Threat Intelligence Database

Sun, 03 Mar 2024 15:00:00 GMT

Fermium-252 is a premier vulnerability intelligence platform providing real-time tracking of 1-day exploits, PoCs, and in-depth reports. Stay ahead of cyber threats with our expert analysis.
A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit

Thu, 25 Jan 2024 15:00:00 GMT

We bypassed the V8 sandbox using a raw pointer in WasmIndirectFunctionTable, enabling arbitrary write and code execution. Read our deep dive into the exploit.
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)

Thu, 09 Nov 2023 15:00:00 GMT

At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology.
NEAT and NES Algorithms

Thu, 20 Apr 2023 15:00:00 GMT

We reverse-engineered NEAT and NES, two unpublished symmetric encryption algorithms from South Korea’s GPKI cryptography library. Read our analysis and implementations.
Linux Kernel Exploit (CVE-2022–32250) with mqueue

Tue, 23 Aug 2022 15:00:00 GMT

We exploited CVE-2022-32250, a use-after-free vulnerability in Linux Netfilter, to achieve root on Ubuntu 22.04. Learn how we bypassed KASLR and modified modprobe_path.
Binary-searching into CVMServer

Thu, 16 Jun 2022 15:00:00 GMT

While analyzing the patch for CVE-2021-30724, we discovered a new uninitialized memory vulnerability (CVE-2022-26721) in macOS's CVMServer. Read our exploitation insights.
Exploiting Safari’s ANGLE Component

Tue, 17 May 2022 15:00:00 GMT

We discovered CVE-2022-26717, an exploitable bug in WebKit's WebGL component affecting Safari on macOS and iOS. Read our analysis and exploitation methodology.
Patch Gapping a Safari Type Confusion

Mon, 24 May 2021 15:00:00 GMT

Safari 14.1 introduced AudioWorklets, but a newly patched type confusion bug left iOS versions vulnerable for weeks. We share our root cause analysis and exploit details.
Compromising virtualization without attacking the hypervisor

Tue, 20 Oct 2020 15:00:00 GMT

Discover CVE-2020-27675 (XSA-331), a denial-of-service and potential out-of-bounds write vulnerability in the Xen paravirtualization driver, and learn how it can impact virtualization security.
Cleanly Escaping the Chrome Sandbox

Sun, 19 Apr 2020 15:00:00 GMT

Learn how we discovered and exploited Issue 1062091, a use-after-free (UAF) vulnerability in Chrome and Chromium-based Edge, leading to a sandbox escape.
Receiving NRSC-5

Thu, 08 Jun 2017 15:00:00 GMT

We have implemented an NRSC-5-C digital radio receiver and released it as open source on GitHub. Explore IBOC-based hybrid broadcasting and security research opportunities.
Chakra JIT CFG Bypass

Tue, 13 Dec 2016 15:00:00 GMT

Learn how attackers bypassed Microsoft's Control Flow Guard (CFG) in Internet Explorer and Edge. We break down our PoC exploit, mitigation bypass, and the MS16-119 patch details.
Patch Analysis of MS16–063 (jscript9.dll)

Sun, 26 Jun 2016 15:00:00 GMT

Microsoft's MS16-063 patch fixed a critical memory corruption vulnerability in jscript9.dll (TypedArray & DataView) affecting Internet Explorer. Read our analysis, vulnerability breakdown, and PoC exploit.
Patch Analysis of CVE-2016–0189

Tue, 21 Jun 2016 15:00:00 GMT

Microsoft's MS16-051 patch addressed a critical Internet Explorer vulnerability (CVE-2016-0189) exploited in South Korea. Explore our in-depth analysis, patch breakdown, and proof-of-concept exploit.

From Dark Reading

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Wed, 28 Jan 2026 22:48:09 GMT

Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

Wed, 28 Jan 2026 21:14:27 GMT

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.
Consumers Reluctant to Shop at Stores That Don't Take Security Seriously

Wed, 28 Jan 2026 20:24:40 GMT

The retail sector must adapt as consumers become more cybersecurity-conscious. Increased attack transparency is a good place to start.
China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

Wed, 28 Jan 2026 16:19:22 GMT

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors.
Surging Cyberattacks Boost Latin America to Riskiest Region

Wed, 28 Jan 2026 14:00:00 GMT

The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI.
AI & the Death of Accuracy: What It Means for Zero-Trust

Tue, 27 Jan 2026 22:31:48 GMT

AI "model collapse," where LLMs over time train on more and more AI-generated data and become degraded as a result, can introduce inaccuracies, promulgate malicious activity, and impact PII protections.
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

Tue, 27 Jan 2026 22:15:39 GMT

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.
Critical Telnet Server Flaw Exposes Forgotten Attack Surface

Tue, 27 Jan 2026 21:00:21 GMT

While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.
Microsoft Rushes Emergency Patch for Office Zero-Day

Tue, 27 Jan 2026 20:07:03 GMT

To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file.
'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector

Tue, 27 Jan 2026 18:20:28 GMT

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data

Tue, 27 Jan 2026 16:41:40 GMT

The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
Hand CVE Over to the Private Sector

Tue, 27 Jan 2026 13:00:00 GMT

How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
Beauty in Destruction: Exploring Malware's Impact Through Art

Mon, 26 Jan 2026 23:08:57 GMT

Artistic initiatives turn cybersecurity into immersive exhibits at the Museum of Malware Art, transforming digital threats into thought-provoking experiences.
Sandworm Blamed for Wiper Attack on Poland Power Grid

Mon, 26 Jan 2026 21:30:14 GMT

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor

Mon, 26 Jan 2026 15:47:40 GMT

The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.
2025 Was a Wake-up Call to Protect Human Decisions, Not Just Systems

Sat, 24 Jan 2026 00:55:56 GMT

Cybersecurity must shift from solely protecting systems to safeguarding human decision-making under uncertainty and system failures.
Swipe, Plug-in, Pwned: Researchers Find New Ways to Hack Vehicles

Fri, 23 Jan 2026 21:04:17 GMT

Security researchers exploited dozens of vulnerabilities in vehicle infotainment systems and EV chargers during the latest Pwn2Own contest at Automotive World 2026.
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Fri, 23 Jan 2026 20:56:42 GMT

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.
Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases

Fri, 23 Jan 2026 20:31:58 GMT

GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.
Healthy Security Cultures Want People to Report Risks

Fri, 23 Jan 2026 16:45:35 GMT

The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly.
Risky Chinese Electric Buses Spark Aussie Gov't Review

Thu, 22 Jan 2026 22:13:49 GMT

Deployed across Australia and Europe, China's electric buses are vulnerable to cybercriminals and sport remote connectivity some worry the Chinese state could exploit.
Fortinet Firewalls Hit With Malicious Configuration Changes

Thu, 22 Jan 2026 21:18:42 GMT

Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files.
From a Whisper to a Scream: Europe Frets About Overreliance on US Tech

Thu, 22 Jan 2026 18:09:00 GMT

Concern is growing across Europe about relying on US cybersecurity companies, and Greenland takeover talk is eroding trust across the EU even further.
Latin American Orgs Lack Confidence in Cyber Defenses, Skills

Thu, 22 Jan 2026 16:05:18 GMT

Cybersecurity professionals in Latin America are least likely to have faith in their countries' preparedness for cyberattacks on critical infrastructure, the World Economic Forum says.
DPRK Actors Deploy VS Code Tunnels for Remote Hacking

Thu, 22 Jan 2026 14:05:11 GMT

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.
Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity

Thu, 22 Jan 2026 00:24:21 GMT

Dark Reading Confidential Episode 14: How curious, ethical problem-solving can continue to serve as a guiding principle for an evolving cybersecurity sector.
AI Agents Undermine Progress in Browser Security

Wed, 21 Jan 2026 23:06:50 GMT

Web browser companies have put in substantial effort over the past three decades to strengthen the browser security stack against abuses. Agentic browsers are undoing all that work.
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Wed, 21 Jan 2026 22:00:37 GMT

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no other user interaction.
Phishing Campaign Zeroes in on LastPass Customers

Wed, 21 Jan 2026 20:22:02 GMT

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.
Complex VoidLink Linux Malware Created by AI

Wed, 21 Jan 2026 14:48:15 GMT

Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware.
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed

Wed, 21 Jan 2026 14:00:00 GMT

Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.
'CrashFix' Scam Crashes Browsers, Delivers Malware

Tue, 20 Jan 2026 21:10:14 GMT

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.
Mass Spam Attacks Leverage Zendesk Instances

Tue, 20 Jan 2026 20:18:30 GMT

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.
Vulnerabilities Threaten to Break Chainlit AI Framework

Tue, 20 Jan 2026 18:04:28 GMT

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
Google Gemini Flaw Turns Calendar Invites Into Attack Vector

Tue, 20 Jan 2026 15:52:35 GMT

The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.
Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

Tue, 20 Jan 2026 15:47:19 GMT

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.
ChatGPT Health Raises Big Security, Safety Concerns

Mon, 19 Jan 2026 17:57:52 GMT

ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

Fri, 16 Jan 2026 21:03:37 GMT

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.
CISOs Rise to Prominence: Security Leaders Join the Executive Suite

Fri, 16 Jan 2026 15:25:40 GMT

Security professionals are moving up the executive ranks as enterprises face rising regulatory and compliance standards.
AI System Reduces Attack Reconstruction Time From Weeks to Hours

Fri, 16 Jan 2026 14:00:00 GMT

Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense.
Predator Spyware Sample Indicates 'Vendor-Controlled' C2

Thu, 15 Jan 2026 21:26:18 GMT

Researchers detailed how Intellexa, Predator's owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks.
Winter Olympics Could Share Podium With Cyberattackers

Thu, 15 Jan 2026 19:10:05 GMT

The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.
Vulnerabilities Surge, But Messy Reporting Blurs Picture

Thu, 15 Jan 2026 15:19:31 GMT

MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
Trio of Critical Bugs Spotted in Delta Industrial PLCs

Thu, 15 Jan 2026 11:00:00 GMT

Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.
Retail, Services Industries Under Fire in Oceania

Wed, 14 Jan 2026 21:19:44 GMT

Last year in Australia, New Zealand, and the South Pacific, Main Street businesses like retail and construction suffered more cyberattacks than their critical sector counterparts.
Microsoft Disrupts Cybercrime Service RedVDS

Wed, 14 Jan 2026 19:07:30 GMT

RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation.
Secure Your Spot at RSAC 2026 Conference
'VoidLink' Malware Poses Advanced Threat to Linux Systems

Wed, 14 Jan 2026 15:59:49 GMT

Researchers discovered a modular, "cloud-first" framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments.
Taiwan Endures Greater Cyber Pressure From China

Wed, 14 Jan 2026 02:00:00 GMT

Chinese cyberattacks on Taiwan's critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day.
CrowdStrike to Buy Seraphic Security in Bid to Boost Browser Security

Tue, 13 Jan 2026 23:59:37 GMT

The browser protection and detection technology will be integrated into CrowdStrike's Falcon platform to protect endpoints, browser sessions, and cloud applications.

From Cyber Security News

New Semantic Chaining Jailbreak Attack Bypasses Grok 4 and Gemini Nano Security Filters

Thu, 29 Jan 2026 06:06:05 +0000

Following the recent Echo Chamber Multi-Turn Jailbreak, NeuralTrust researchers have disclosed Semantic Chaining, a potent vulnerability in the safety mechanisms of multimodal AI models like Grok 4 and Gemini Nano Banana Pro. This multi-stage prompting technique evades filters to produce prohibited text and visual content, highlighting flaws in intent-tracking across chained instructions. Semantic Chaining weaponizes […] The post New Semantic Chaining Jailbreak Attack Bypasses Grok 4 and Gemini Nano Security Filters appeared first on Cyber Security News.
Top 10 Best Data Removal Services In 2026

Thu, 29 Jan 2026 03:50:45 +0000

In 2026, personal data is no longer just a privacy concern, it is a security vector. With the rise of AI-driven scraping and synthetic identity theft, your digital footprint is being harvested at an unprecedented scale. Data removal services have evolved from simple “opt-out” tools into complex cybersecurity platforms that use RPA (Robotic Process Automation)and legal proxy power to scrub your PII […] The post Top 10 Best Data Removal Services In 2026 appeared first on Cyber Security News.
CISA Chief Uploaded Sensitive Documents into Public ChatGPT

Thu, 29 Jan 2026 02:47:37 +0000

The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive contracting documents marked “for official use only” into the public version of ChatGPT last summer, triggering multiple automated security alerts designed to prevent data exfiltration from federal networks, four Department of Homeland Security (DHS) officials told Politico. Madhu Gottumukkala, CISA’s interim head […] The post CISA Chief Uploaded Sensitive Documents into Public ChatGPT appeared first on Cyber Security News.
Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links

Wed, 28 Jan 2026 16:35:33 +0000

In a sophisticated supply chain phishing attack, threat actors hijacked an ongoing email thread among C-suite executives discussing a document awaiting final approval. The intruder, posing as a legitimate participant, replied directly with a phishing link mimicking a Microsoft authentication form. Researchers attribute this to a compromised sales manager account at an enterprise contractor, allowing […] The post Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links appeared first on Cyber Security News.
TP-Link Archer Vulnerability Let Attackers Take Control Over the Router

Wed, 28 Jan 2026 16:15:49 +0000

A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execute arbitrary system commands through the device’s admin interface, potentially leading to complete router compromise. The vulnerability exists in the admin interface component of the Archer MR600 v5 […] The post TP-Link Archer Vulnerability Let Attackers Take Control Over the Router appeared first on Cyber Security News.
Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Wed, 28 Jan 2026 16:06:22 +0000

A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact. According to a new advisory from Trend Micro’s Zero Day […] The post Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.
ZAP JavaScript Engine Memory Leak Issue Impacts Active Scan Usage

Wed, 28 Jan 2026 15:23:44 +0000

The ZAP (Zed Attack Proxy) project, a widely used open-source web application security scanner, has disclosed a critical memory leak in its JavaScript engine. This flaw, likely present for some time, now disrupts active scanning workflows following the introduction of a new JavaScript scan rule in the OpenAPI add-on. Security teams relying on ZAP for […] The post ZAP JavaScript Engine Memory Leak Issue Impacts Active Scan Usage appeared first on Cyber Security News.
Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation

Wed, 28 Jan 2026 14:35:09 +0000

A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2025-9142, the flaw allows local attackers to write or delete files outside the intended certificate working directory, potentially leading to system-level compromise. The vulnerability exists within the Service component of Perimeter81 […] The post Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation appeared first on Cyber Security News.
SoundCloud Data Breach Exposes 29.8 Million Personal users Details

Wed, 28 Jan 2026 13:11:40 +0000

In December 2025, music streaming platform SoundCloud disclosed a significant data breach affecting approximately 29.8 million user accounts. The unauthorized access compromised personally identifiable information (PII), including email addresses, usernames, display names, avatars, follower statistics, and geographic location data. The incident represents one of the most significant music platform breaches in recent years, impacting roughly […] The post SoundCloud Data Breach Exposes 29.8 Million Personal users Details appeared first on Cyber Security News.
Chrome Security Update Patches Background Fetch API Vulnerability

Wed, 28 Jan 2026 10:59:27 +0000

Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API. The update is rolling out across Windows, Mac, and Linux systems over the coming days and weeks, making it essential for users to ensure their browsers are fully updated. The security fix centers […] The post Chrome Security Update Patches Background Fetch API Vulnerability appeared first on Cyber Security News.