A critical security advisory warned of severe vulnerabilities in WHILL electric wheelchairs that could allow attackers to hijack the devices via Bluetooth remotely. The alert affects two popular models used worldwide: the WHILL Model C2 Electric Wheelchair and Model F…
Cognizant Hit With Multiple US Class-Action Lawsuits Following TriZetto Data Breach
Cognizant Technology Solutions is facing multiple class-action lawsuits following a significant data breach at TriZetto Provider Solutions (TPS), its healthcare claims processing subsidiary. The lawsuits, filed in federal courts in New Jersey and Missouri, allege that the company failed to…
Threat Actors Testing Modified and Highly Obfuscated Version of Shai Hulud Strain
Cybersecurity researchers have identified a new variant of the Shai Hulud malware that reveals important insights into how threat actors are evolving their attack strategies. The malware, first observed in recent security analysis, demonstrates significant changes from its original version,…
Goldman Sachs Clients Data May Be Exposed
Goldman Sachs recently informed investors in its alternative investment funds that their personal information may have been compromised due to a cyberattack at the law firm Fried Frank Harris Shriver & Jacobson LLP. This article has been indexed from CyberMaterial…
Thousands Of Medical Records Found
Thousands of medical records containing social security numbers and private health data were discovered by a hobbyist who purchased a delinquent storage unit at auction in Memphis. This article has been indexed from CyberMaterial Read the original article: Thousands Of…
ServiceNow To Buy Cyber Firm Armis
ServiceNow has entered into an agreement to acquire the cybersecurity firm Armis for 7.75 billion dollars in a move to bolster its security and automation portfolio. The acquisition, expected to close in the second half of 2026, aims to integrate…
Treasury Lifts Sanctions On Intellexa Execs
The Treasury Department has removed three individuals associated with the Intellexa Consortium and its Predator spyware from a federal sanctions list. This move reverses 2024 penalties imposed on Merom Harpaz, Andrea Gambazzi, and Sara Hamou for their roles in a…
Georgia Arrests Ex Spy Chief Over Scam Aid
Georgian authorities have detained Grigol Liluashvili, the former chief of the state security service, on various bribery charges. He is accused of accepting over a million dollars to protect international scam call centers from law enforcement. The former head of…
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy. The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42. This article…
How Protesters Became Content for the Cops
The tactics behind protest policing are changing—from one of cooperation to intentional antagonism for political marketing purposes. This article has been indexed from Security Latest Read the original article: How Protesters Became Content for the Cops
RondoDox Botnet Exploiting React2Shell Vulnerability
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: RondoDox Botnet Exploiting…
New ErrTraffic Service Enables ClickFix
The emergence of ErrTraffic marks a significant shift in the accessibility of sophisticated social engineering tactics. This article has been indexed from CyberMaterial Read the original article: New ErrTraffic Service Enables ClickFix
IT Security News Hourly Summary 2026-01-02 12h : 7 posts
7 posts were published in the last hour 11:2 : IBM warns of critical API Connect bug enabling remote access 11:2 : How AI made scams more convincing in 2025 10:32 : Adobe ColdFusion Servers Targeted in Coordinated Campaign 10:31…
IBM warns of critical API Connect bug enabling remote access
IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass. IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass.…
How AI made scams more convincing in 2025
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control. This article has been indexed from Malwarebytes Read the original article: How AI made scams more convincing in 2025
Adobe ColdFusion Servers Targeted in Coordinated Campaign
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Covenant Health Data Breach Impacts 478,000 Individuals
The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post Covenant Health Data Breach Impacts 478,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Email-first cybersecurity predictions for 2026
Explore key cybersecurity predictions for 2026, from AI-powered phishing to DMARC enforcement, BIMI adoption, SPF and DKIM limits, Zero Trust, and automation. The post Email-first cybersecurity predictions for 2026 appeared first on Security Boulevard. This article has been indexed from…
India’s Spyware Policy Could Reshape Tech Governance Norms
Several months ago, India’s digital governance landscape was jolted by an unusual experiment in the control of state-controlled devices, one that briefly shifted the conversation from telecommunication networks to the mobile phones carried in consumers’ pockets during the conversation. …
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google…
Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics
After a decade of disappearing from the cybersecurity landscape, the Careto threat group, also known as “The Mask,” has resurfaced with sophisticated new attack methods targeting high-profile organizations. Security researchers have identified fresh evidence of Careto’s activity, revealing how the…
Lessons From Mongobleed Vulnerability (CVE-2025-14847) That Actively Exploited In The Wild
The cybersecurity community was alarmed in late December 2025 when MongoDB announced a serious vulnerability called “Mongobleed” (CVE-2025-14847). This high-severity flaw allows unauthenticated attackers to steal sensitive data directly from server memory. With a CVSS score of 8.7 and over…
Apache NuttX Vulnerability Let Attackers to Crash Systems
A newly disclosed use-after-free vulnerability in Apache NuttX RTOS could allow attackers to cause system crashes and unintended filesystem operations, prompting urgent security warnings for users running network-exposed services. The flaw, tracked as CVE-2025-48769 and rated moderate in severity, affects…
Cisco XDR in 30: Turning Security Signals Into Confident Action
How network-led Cisco XDR helps teams see threats clearly and respond faster Sponsored Post Security teams are being asked to do more with less, while the environments they protect continue to grow in size and complexity. Alerts arrive from dozens…