Mandiant has publicly released comprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite the protocol being deprecated and widely recognized as fundamentally insecure. The decision to release these tables…
ATM maintenance tech broke the bank by forgetting to return a key
Bank staff wore the blame for a silly security slip Who, Me? Welcome to another edition of “Who Me?”, The Register’s Monday column that shares your mistakes and celebrates your escapes.… This article has been indexed from The Register –…
Global tensions are pushing cyber activity toward dangerous territory
Cybersecurity is inseparable from geopolitics. Ongoing conflicts, sanctions, trade wars, geoeconomic rivalry, and technological competition have pushed state competition into cyberspace. States use cyber operations to exert pressure on rivals, enabling disruption without resorting to conventional weapons. Infrastructure vulnerabilities in…
SEON Identity Verification combines KYC checks with real-time fraud intelligence
SEON has unveiled the launch of its AI-powered Identity Verification solution, bringing ID verification, liveness detection and proof of address checks into its unified risk platform. SEON’s solution is built on more than 900 real-time fraud signals, helping organizations assess…
IT Security News Hourly Summary 2026-01-19 09h : 5 posts
5 posts were published in the last hour 7:32 : BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User 7:32 : New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released 7:32 : Review: AI…
BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User
A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotely. Security researcher Aaron Costello from AppOmni disclosed the flaw,…
New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released
A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into…
Review: AI Strategy and Security
AI Strategy and Security is a guide for organizations planning enterprise AI programs. The book targets technology leaders, security professionals, and executives responsible for strategy, governance, and operational execution. It treats AI adoption as an organizational discipline that spans planning,…
Rubrik introduces Security Cloud Sovereign for data sovereignty and regulatory compliance
Rubrik announced Rubrik Security Cloud Sovereign, an offering that gives global organizations control over their data to support national security and operational continuity. Rubrik Security Cloud Sovereign gives customers the ability to maintain control over where data resides and who…
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations.…
Can hackers eavesdrop and track people via Bluetooth audio devices?
Yes, they can. A flaw discovered by cyber researchers last year allowed hackers to eavesdrop. And it also allowed them to track people using regular… The post Can hackers eavesdrop and track people via Bluetooth audio devices? appeared first on…
Researchers Hijack Hacker Domain Using Name Server Delegation
Security researchers from Infoblox have successfully intercepted millions of malicious push notification advertisements by exploiting a DNS misconfiguration technique known as “lame nameserver delegation,” gaining complete visibility into a large-scale affiliate advertising operation without directly compromising any systems. The researchers…
New “BodySnatcher” Flaw Allows Full ServiceNow User Impersonation
Security researcher has disclosed a critical vulnerability in ServiceNow’s Virtual Agent API and Now Assist AI Agents application, tracked as CVE-2025-12420. Dubbed “BodySnatcher,” this flaw enables unauthenticated attackers to impersonate any ServiceNow user using only their email address, bypassing multi-factor…
Bytebase: Open-source database DevOps tool
Bytebase is a DevOps platform for managing database schema and data changes through a structured workflow. It provides a central place for teams to submit change requests, run reviews, and track executions across environments. The open-source edition is designed for…
Microsoft January 2026 Security Update Triggers Credential Prompt Failures in Remote Desktop
Microsoft’s January 2026 security update has disrupted enterprise Remote Desktop infrastructure, triggering widespread credential prompt failures that prevent users from accessing Azure Virtual Desktop and Windows 365 environments. The problematic patch KB5074109, released January 13, 2026, introduced an authentication regression affecting Windows 11 versions…
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Threat intelligence researchers at Huntress have uncovered a sophisticated browser extension campaign orchestrated by the KongTuke threat actor group, featuring a malicious ad blocker impersonating the legitimate uBlock Origin Lite extension. The campaign weaponizes fake browser crash warnings to trick…
A new European standard outlines security requirements for AI
The European Telecommunications Standards Institute (ETSI) has released a new European Standard that addresses a growing concern for security teams working with AI. The standard, ETSI EN 304 223, sets baseline cybersecurity requirements for AI models and systems intended for…
New Kerberos Relay Technique Exploits DNS CNAMEs to Bypass Existing Defenses
A critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows threat actors to force victims into requesting Kerberos service tickets for attacker-controlled systems, facilitating lateral…
When the Olympics connect everything, attackers pay attention
Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in scale and distraction. A new Palo Alto Networks threat study on the Milan…
Cisco Patches Async OS Bug
Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which…
GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically…
Cyber risk keeps winning, even as AI takes over
Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries. Cyber incidents stay…
Hardware Security Module Integration for Quantum-Safe Model Contexts
Learn how to integrate Quantum-Safe HSMs with Model Context Protocol (MCP) to secure AI infrastructure against Shor’s algorithm and context injection. The post Hardware Security Module Integration for Quantum-Safe Model Contexts appeared first on Security Boulevard. This article has been…
AI Can Answer You, But Should You Trust It to Guide You?
Artificial intelligence tools are expanding faster than any digital product seen before, reaching hundreds of millions of users in a short period. Leading technology companies are investing heavily in making these systems sound approachable and emotionally responsive. The goal is…