The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian…
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of…
10 Dangerous DNS Attacks Types & Prevention Measures – 2026
DNS the Domain Name System faces relentless threats, with no slowdown in sight as tactics evolve. Operating primarily over connectionless UDP (and sometimes TCP), it proves vulnerable to manipulation, making it a prime vector for DDoS abuse. Think of DNS…
5 Best Bug Bounty Platforms for White-Hat Hackers – 2026
Bug bounty platforms form a cornerstone of modern cybersecurity, empowering organizations to crowdsource vulnerability discovery from skilled external researchers. These programs reward private individuals for uncovering flaws in web apps, vulnerability management systems, and more through effective crowdsourced testing. White-hat…
10 Most Dangerous Injection Attacks in 2026
Since you are in the industry, especially in the network and admin team, you need to know a few vulnerabilities, such as injection attacks to stay alert from them. Each attack or vulnerability has a different method, most importantly injection-type…
Top 11 Best DNS Filtering Solutions – 2026
Before diving into DNS filtering solutions, it’s essential to understand the concept of DNS filtering and its significance in cybersecurity. In today’s digital landscape, cybersecurity has become a critical priority as cyberattacks are increasingly prevalent worldwide. Organizations must protect not…
Top 12 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing 2026
We all know very well that getting or gathering any information by using various tools becomes really easy. In this article, we have discussed various OSINT tools, as if we search over the internet, then there will be many different…
Node.js Security Release Fixes 7 Vulnerabilities Across All Supported Versions
The Node.js project has released critical security updates addressing multiple vulnerabilities affecting all active release lines. On January 13, 2026, the Node.js team announced patches for versions 20.x, 22.x, 24.x, and 25.x, tackling three high-severity issues, four medium-severity issues, and…
Microsoft Desktop Window Manager Zero-Day Exploited in Active Attacks
Microsoft has disclosed a critical information disclosure vulnerability in the Desktop Window Manager that threat actors are actively exploiting. The vulnerability, tracked as CVE-2026-20805, was publicly released on January 13, 2026, and allows authenticated local attackers to access sensitive information…
Charity-Themed Malware Used by Threat Actors to Target Ukraine’s Defense Forces
Ukrainian cybersecurity authorities have uncovered a sustained, targeted campaign against Ukraine’s defense forces, orchestrated by Russian-affiliated threat actors that disguise malware distribution as charitable donation requests. Between October and December 2025, the National Cyber Incident Response Team of Ukraine (CERT-UA)…
Node.js Releases Critical Updates to Fix Major Vulnerabilities
The Node.js project has officially released a suite of security patches to address several vulnerabilities identified across its… The post Node.js Releases Critical Updates to Fix Major Vulnerabilities appeared first on Hackers Online Club. This article has been indexed from…
Anthropic finds $1.5 million to help Python Foundation improve security
AI upstart also upscales its Labs to find the next frontier The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem.……
Firmware scanning time, cost, and where teams run EMBA
Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the…
An AI-Driven Game-Theoretic Approach to Attack and Defense
A new research effort from Alias Robotics and Johannes Kepler University Linz proposes a game-theoretic “brain” for cybersecurity AI, aiming to push automated penetration testing and defense planning beyond human-level performance. The work introduces Generative Cut-the-Rope (G-CTR), a guidance layer…
Product showcase: Orbot – Tor VPN for iOS
Orbot for iOS is a free, open-source networking tool that routes supported app traffic through the Tor network. Developed by the Guardian Project, it is intended for users who want to reduce tracking and limit network-level monitoring on iPhone and…
How AI image tools can be tricked into making political propaganda
A single image can shift public opinion faster than a long post. Text to image systems can be pushed to create misleading political visuals, even when safety filters are in place, according to a new study. The researchers examined whether…
FortiOS and FortiSwitchManager Flaw Allows Remote Code Execution
A high heap-based buffer overflow vulnerability in the cw_acd daemon component of Fortinet’s FortiOS and FortiSwitchManager has been disclosed, enabling remote unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-25249, carries a high CVSS v3.1…
Lumo expands its Lumo AI assistant with encrypted, project-based workspaces
Lumo is Proton’s AI assistant, built with a focus on privacy and user control. It runs on Proton’s infrastructure and is designed so conversations are not used to train models or retained beyond what is required to provide the service.…
HPE Open View Vulnerability Hits CISA Known Exploited List
Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active…
Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days
Microsoft has released its January 2026 Patch Tuesday security updates, addressing 114 vulnerabilities across Windows, Office, and other products. The update includes three actively exploited zero-day vulnerabilities and 12 critical-severity flaws that require immediate attention from system administrators. The January…
New Magecart Campaign Steals Credit Card Details During Online Checkouts
Cybersecurity researchers at Silent Push Preemptive Cyber Defense have uncovered an extensive and sophisticated web-skimming campaign that has been actively stealing credit card data from e-commerce websites since at least January 2022. The ongoing operation, operating under the umbrella term…
IT Security News Hourly Summary 2026-01-14 06h : 1 posts
1 posts were published in the last hour 4:34 : Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to…
Instagram denies breach, Sweden detains spying suspect, n8n attack steals OAuth tokens
Instagram denies breach post-data leak Sweden detains consultant suspected of spying n8n supply chain attack steals OAuth tokens Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show…