Switch View
© Sector News
27.01.2026
AI & the Death of Accuracy: What It Means for Zero-Trust
News Preview
AI "model collapse," where LLMs over time train on more and more AI-generated data and become degraded as a result, can introduce inaccuracies, promulgate malicious activity, and impact PII protections.
© Dark Reading 2026
© Sector News
27.01.2026
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
News Preview
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
News Preview
A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.
© Dark Reading 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Leerverkaufsstatistiken, Hedge-Fund Aktivitäten und viele weitere nutzerwertige Informationen benutzerfreundlich aufbereitet
© Sector News
27.01.2026
Critical Telnet Server Flaw Exposes Forgotten Attack Surface
News Preview
While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.
© Dark Reading 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
27.01.2026
CVE-2025-56005
News Preview
Currently trending CVE - Hype Score: 4 - An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-67968
News Preview
Currently trending CVE - Hype Score: 7 - Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-58360
News Preview
Currently trending CVE - Hype Score: 7 - GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms ...
© CVE Monitor 2026
© Sector News
27.01.2026
Microsoft Rushes Emergency Patch for Office Zero-Day
News Preview
To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file.
© Dark Reading 2026
© Sector News
27.01.2026
WinRAR path traversal flaw still exploited by numerous hackers
News Preview
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector
News Preview
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.
© Dark Reading 2026
© Sector News
27.01.2026
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
News Preview
Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do.
The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticate...
© HackerNews 2026
© Sector News
27.01.2026
Nike investigates data breach after extortion gang leaks files
News Preview
Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. [...]
© BleepingComputer 2026
Advertisment
20.10.2025
© Sector News
27.01.2026
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
News Preview
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft.
The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025.
"While these campaigns share some similarities with the Pakis...
© HackerNews 2026
© Sector News
27.01.2026
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
News Preview
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
© Dark Reading 2026
© Sector News
27.01.2026
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
News Preview
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
© Dark Reading 2026
© Sector News
27.01.2026
Critical sandbox escape flaw found in popular vm2 NodeJS library
News Preview
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
US charges 31 more suspects linked to ATM malware attacks
News Preview
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
CVE-2025-38352
News Preview
Currently trending CVE - Hype Score: 6 - In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-61882
News Preview
Currently trending CVE - Hype Score: 5 - Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to ...
© CVE Monitor 2026
© Sector News
27.01.2026
From Cipher to Fear: The psychology behind modern ransomware extortion
News Preview
Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today's ransomware groups weaponize stolen data and pressure tactics to force payment. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
News Preview
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.
"Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid mor...
© HackerNews 2026
© Sector News
27.01.2026
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
News Preview
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
Hand CVE Over to the Private Sector
News Preview
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
© Dark Reading 2026
© Sector News
27.01.2026
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
News Preview
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
CVE-2025-13223
News Preview
Currently trending CVE - Hype Score: 4 - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-51683
News Preview
Currently trending CVE - Hype Score: 12 - A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
© CVE Monitor 2026
© Sector News
27.01.2026
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
News Preview
Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.
Which exposures truly matter? Can attackers exploit them? Are our...
© HackerNews 2026
© Sector News
27.01.2026
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
News Preview
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.
"Reliance on untrusted inputs in a security decision ...
© HackerNews 2026
© Sector News
27.01.2026
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
News Preview
A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.
"One malicious formula can turn a spreadsheet in...
© HackerNews 2026
© Sector News
27.01.2026
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
News Preview
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments.
The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and...
© HackerNews 2026
© Sector News
27.01.2026
New malware service guarantees phishing extensions on Chrome web store
News Preview
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. [...]
© BleepingComputer 2026
© Sector News
27.01.2026
Beauty in Destruction: Exploring Malware's Impact Through Art
News Preview
Artistic initiatives turn cybersecurity into immersive exhibits at the Museum of Malware Art, transforming digital threats into thought-provoking experiences.
© Dark Reading 2026
© Sector News
26.01.2026
New ClickFix attacks abuse Windows App-V scripts to push malware
News Preview
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
Sandworm Blamed for Wiper Attack on Polish Power Grid
News Preview
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
© Dark Reading 2026
© Sector News
26.01.2026
Microsoft patches actively exploited Office zero-day vulnerability
News Preview
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
Cloudflare misconfiguration behind recent BGP route leak
News Preview
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
EU launches investigation into X over Grok-generated sexual images
News Preview
The European Commission is now investigating whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
News Preview
Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.
The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malici...
© HackerNews 2026
© Sector News
26.01.2026
Who Operates the Badbox 2.0 Botnet?
News Preview
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say...
© Krebs on Security 2026
© Sector News
26.01.2026
DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor
News Preview
The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.
© Dark Reading 2026
© Sector News
26.01.2026
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
News Preview
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.
The extensions, which have 1.5 million combined installs and are still availabl...
© HackerNews 2026
© Sector News
26.01.2026
Nearly 800,000 Telnet servers exposed to remote attacks
News Preview
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
6 Okta security settings you might have overlooked
News Preview
Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
News Preview
The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
CVE-2025-68645
News Preview
Currently trending CVE - Hype Score: 1 - A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the ...
© CVE Monitor 2026
© Sector News
26.01.2026
CVE-2025-34026
News Preview
Currently trending CVE - Hype Score: 1 - The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace ...
© CVE Monitor 2026
© Sector News
26.01.2026
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
News Preview
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly.
Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point.
What f...
© HackerNews 2026
© Sector News
26.01.2026
CISA says critical VMware RCE flaw now actively exploited
News Preview
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. [...]
© BleepingComputer 2026
© Sector News
26.01.2026
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
News Preview
If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, lett...
© HackerNews 2026
© Sector News
26.01.2026
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers
News Preview
The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.
The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Kor...
© HackerNews 2026
© Sector News
26.01.2026
ChatGPT Temporary chat feature is getting a much-needed upgrade
News Preview
OpenAI is testing a big upgrade for ChatGPT's temporary chat feature. The update will allow you to retain personalization in temporary chat, and still block temporary chat from influencing your account. [...]
© BleepingComputer 2026
© Sector News
25.01.2026
CVE-2025-13878
News Preview
Currently trending CVE - Hype Score: 1 - Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
© CVE Monitor 2026
© Sector News
25.01.2026
CVE-2025-59719
News Preview
Currently trending CVE - Hype Score: 1 - An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
© CVE Monitor 2026
© Sector News
25.01.2026
1Password adds pop-pup warnings for suspected phishing sites
News Preview
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
© BleepingComputer 2026
© Sector News
25.01.2026
1Password adds pop-up warnings for suspected phishing sites
News Preview
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
© BleepingComputer 2026
© Sector News
25.01.2026
CVE-2025-2294
News Preview
Currently trending CVE - Hype Score: 12 - The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the ...
© CVE Monitor 2026
© Sector News
25.01.2026
Microsoft investigates Windows 11 boot failures after January updates
News Preview
Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates. [...]
© BleepingComputer 2026
© Sector News
25.01.2026
Microsoft releases emergency OOB update to fix Outlook freezes
News Preview
Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage. [...]
© BleepingComputer 2026
© Sector News
24.01.2026
Sandworm hackers linked to failed wiper attack on Poland’s energy systems
News Preview
A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. [...]
© BleepingComputer 2026
© Sector News
24.01.2026
CVE-2025-11460
News Preview
Currently trending CVE - Hype Score: 10 - Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
© CVE Monitor 2026
