Microsoft has confirmed it is actively investigating a new service incident affecting multiple core services within the Microsoft 365 ecosystem. The company acknowledged the disruption on Wednesday evening, following reports of connectivity issues and service degradation for users relying on…
New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework
The cybersecurity landscape has entered a dangerous new chapter with the discovery of VoidLink, the first documented advanced malware framework built almost entirely by artificial intelligence. Unlike earlier attempts where inexperienced hackers used AI to create basic malicious tools, VoidLink…
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development…
Can you use too many LOLBins to drop some RATs?
An attempt to drop two RATs on a system used an uncanny assortment of legitimate Windows tools. This article has been indexed from Malwarebytes Read the original article: Can you use too many LOLBins to drop some RATs?
IT Security News Hourly Summary 2026-01-21 18h : 4 posts
4 posts were published in the last hour 17:4 : Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise 17:4 : Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants 16:34 : ACME flaw in Cloudflare allowed attackers to reach…
Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise
CVE-2026-21962 lets unauthenticated attackers remotely compromise Oracle WebLogic proxies. The post Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Oracle WebLogic Proxy Bug…
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations continue moving forward, displaying fresh variants that target different computer systems and platforms. Recently, leaked…
ACME flaw in Cloudflare allowed attackers to reach origin servers
Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach…
CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training
CyberNut emerged from stealth in May 2024 with $800k in pre-seed funding for its cybersecurity platform. The post CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Grok AI Faces Global Backlash Over Nonconsensual Image Manipulation on X
A dispute over X’s internal AI assistant, Grok, is gaining attention – questions now swirl around permission, safety measures online, yet also how synthetic media tools can be twisted. This tension surfaced when Julie Yukari, a musician aged thirty-one…
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers…
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Everest ransomware gang said to be sitting on mountain of Under Armour data
Have I Been Pwned reckons 72.7M customer accounts affected, sportswear firm remains silent Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware attack in November.… This article has been indexed…
LinkedIn Phishing Abuses DLL Sideloading for Persistent Access
A LinkedIn phishing campaign uses DLL sideloading to gain stealthy, persistent access. The post LinkedIn Phishing Abuses DLL Sideloading for Persistent Access appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: LinkedIn…
Asymmetric Security Emerges From Stealth With $4.2 Million in Funding
The startup’s platform leverages AI to automate forensic investigations, accelerating incident response. The post Asymmetric Security Emerges From Stealth With $4.2 Million in Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Asymmetric…
Cyber Briefing: 2026.01.21
Gemini prompt abuse leaks data as ransomware targets enterprises, major state breaches emerge, DDoS attacks rise, and regulators push tougher cyber rules. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.21
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel
Four in 10 surveyed finance leaders said quantified risk reduction would make it easier to justify a cybersecurity spending hike. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CFOs, CISOs clash over cybersecurity…
Valkey: The Future of Open Source In-Memory Data Stores
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Valkey: The Future of Open Source In-Memory Data Stores
LastPass Warns of Fake Maintenance Message Tracking Users to Steal Master Passwords
A critical security alert regarding an active phishing campaign that commenced on January 19, 2026. The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users. The…
Multiple GitLab Vulnerabilities Enables 2FA Bypass and DoS Attacks
Critical security patches addressing five vulnerabilities across versions 18.8.2, 18.7.2, and 18.6.4 for both Community Edition (CE) and Enterprise Edition (EE). The patches resolve issues ranging from high-severity authentication flaws to denial-of-service conditions affecting core platform functionality. Critical 2FA Bypass…
ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete…
A new era of agents, a new era of posture
AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. The post A new era of agents, a new era of posture appeared first on Microsoft Security Blog. This article has been indexed from Microsoft…
Cohesity enhances identity resilience with ITDR capabilities
Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID. Identity is foundational…
Check Point Exposure Management unifies threat intelligence, context, and remediation
Check Point announced Check Point Exposure Management, a new approach designed to help organizations defend against attacks by turning fragmented exposure data into prioritized, actionable, and safe remediation. Exposure Management delivers real-time situational awareness by unifying threat intelligence, dark-web insights,…