A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers from FearsOff discovered on October 9, 2025, that requests targeting a specific certificate-validation path could completely…
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered…
Google Gemini Flaw Allows Access to Private Meeting Details Through Calendar Events
A harmless-looking Google Calendar invite has revealed a new frontier in the exploitation of artificial intelligence (AI). Security researchers at Miggo discovered a vulnerability in Google Gemini’s integration with Google Calendar that allowed attackers to bypass privacy controls and exfiltrate sensitive…
Akamai CEO wants help to defeat piracy, reckons he can handle edge AI alone
OG CDN boss says fighting illegal streams is about stopping criminals cashing in, not free speech Interview After Cloudflare CEO Matthew Prince recently threatened to disrupt the Winter Olympics to protect free speech after Italian authorities fined his company for…
SAML vs OIDC: Choosing the Right Protocol for Modern Single Sign-On
Comparing SAML and OIDC for enterprise SSO. Learn which protocol works best for web, mobile, and CIAM solutions in this deep dive for CTOs. The post SAML vs OIDC: Choosing the Right Protocol for Modern Single Sign-On appeared first on…
Just-in-Time (JIT) Provisioning: How Automated User Provisioning Works in SSO
Learn how Just-in-Time (JIT) provisioning automates user account creation in SSO. Expert guide for CTOs on SAML, SCIM vs JIT, and enterprise IAM security. The post Just-in-Time (JIT) Provisioning: How Automated User Provisioning Works in SSO appeared first on Security…
Cybersecurity jobs available right now: January 20, 2026
Application Security Engineer xAI | USA | On-site – View job details As an Application Security Engineer, you will review and analyze code to identify vulnerabilities, define secure coding standards, and embed security practices into the CI/CD pipeline. You will…
IT Security News Hourly Summary 2026-01-20 06h : 1 posts
1 posts were published in the last hour 4:36 : Researchers Exploit Flaw in StealC Malware Panel to Monitor Cybercriminals
Researchers Exploit Flaw in StealC Malware Panel to Monitor Cybercriminals
Security researchers have identified a weakness in the web-based dashboard used by operators of the StealC information-stealing malware, allowing them to turn the malware infrastructure against its own users. The flaw made it possible to observe attacker activity and gather…
2026-01-14: Lumma Stealer infection with follow-up malware
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-01-14: Lumma Stealer infection with follow-up malware
2026-01-15: XLoader (Formbook) infection
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-01-15: XLoader (Formbook) infection
2026-01-19: Six days of scans and probes and web traffic hitting my web server
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-01-19: Six days of scans and probes and web…
Google Gemini Privacy Controls Bypassed to Access Private Meeting Data Using Calendar Invite
A significant vulnerability within the Google ecosystem allowed attackers to bypass Google Calendar’s privacy controls using a standard calendar invitation. The discovery highlights a growing class of threats known as “Indirect Prompt Injection,” where malicious instructions are hidden within legitimate…
IT Security News Hourly Summary 2026-01-20 03h : 2 posts
2 posts were published in the last hour 2:2 : ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th) 1:34 : Department of Know: Easterly helms RSAC, Third party apps report, Self-poisoning AI
ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, January 20th, 2026…
Department of Know: Easterly helms RSAC, Third party apps report, Self-poisoning AI
Link to episode page This week’s Department of Know is hosted by Sarah Lane with guests Dmitriy Sokolovskiy, senior vice president, information security, Semrush, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Dropzone AI…
Granular Policy Enforcement for Decentralized Model Context Resources
Secure your Model Context Protocol (MCP) deployments with granular policy enforcement and post-quantum cryptography. Prevent tool poisoning and puppet attacks. The post Granular Policy Enforcement for Decentralized Model Context Resources appeared first on Security Boulevard. This article has been indexed…
Flare Research: Phishing Kits Now Operate Like SaaS Platforms
Flare’s research shows phishing kits now run like SaaS, built to bypass MFA. The post Flare Research: Phishing Kits Now Operate Like SaaS Platforms appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Remcos RAT Masquerade as VeraCrypt Installers Steals Users Login Credentials
A sophisticated malware campaign targeting South Korean users has emerged, distributing the Remcos remote access trojan (RAT) through deceptive installers disguised as legitimate VeraCrypt encryption software. This ongoing attack campaign primarily focuses on individuals connected to illegal online gambling platforms,…
AI-Powered Phishing Makes Human Risk Management Critical
AI-driven phishing is accelerating, making Human Risk Management critical. The post AI-Powered Phishing Makes Human Risk Management Critical appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: AI-Powered Phishing Makes Human Risk…
IT Security News Hourly Summary 2026-01-20 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-01-19
IT Security News Daily Summary 2026-01-19
139 posts were published in the last hour 21:32 : 100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin 21:32 : Inside the Leaks that Exposed the Hidden Infrastructure Behind a Ransomware Operation 21:32…
100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative…
Inside the Leaks that Exposed the Hidden Infrastructure Behind a Ransomware Operation
The cybercrime world operates in shadows, but when insiders turn against each other, those shadows shrink. In February 2025, an individual using the alias ExploitWhispers surfaced on Telegram and released internal communications from the BlackBasta ransomware group. The leak contained…