Switch View
© Sector News
30.01.2026
Chinese APTs Hacking Asian Orgs With High-End Malware
News Preview
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.
© Dark Reading 2026
© Sector News
30.01.2026
Microsoft links Windows 11 boot failures to failed December 2025 update
News Preview
Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state." [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Trump Administration Rescinds Biden-Era Software Guidance
News Preview
Federal agencies will no longer be required to solicit software attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.
© Dark Reading 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Leerverkaufsstatistiken, Hedge-Fund Aktivitäten und viele weitere nutzerwertige Informationen benutzerfreundlich aufbereitet
© Sector News
29.01.2026
Hugging Face abused to spread thousands of Android malware variants
News Preview
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. [...]
© BleepingComputer 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
29.01.2026
Ivanti warns of two EPMM flaws exploited in zero-day attacks
News Preview
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk
News Preview
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeover.
© Dark Reading 2026
© Sector News
© Sector News
29.01.2026
CVE-2025-14174
News Preview
Currently trending CVE - Hype Score: 8 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
29.01.2026
CVE-2026-23760
News Preview
Currently trending CVE - Hype Score: 1 - SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system ...
© CVE Monitor 2026
© Sector News
29.01.2026
CVE-2025-59718
News Preview
Currently trending CVE - Hype Score: 7 - A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 ...
© CVE Monitor 2026
© Sector News
29.01.2026
Google disrupts IPIDEA residential proxy networks fueled by malware
News Preview
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
News Preview
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries.
These systems, which span both cloud and residential networks ...
© HackerNews 2026
Advertisment
20.10.2025
© Sector News
29.01.2026
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
News Preview
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Marquis blames ransomware breach on SonicWall cloud backup hack
News Preview
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4
News Preview
If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent.
© Dark Reading 2026
© Sector News
29.01.2026
From Quantum to AI Risks: Preparing for Cybersecurity's Future
News Preview
In the latest edition of "Reporters' Notebook," a trio of journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications,
© Dark Reading 2026
© Sector News
29.01.2026
Not a Kids Game: From Roblox Mod to Compromising Your Company
News Preview
Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
News Preview
The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
New Microsoft Teams feature will let you report suspicious calls
News Preview
Microsoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
France fines unemployment agency €5 million over data breach
News Preview
The French data protection authority fined the national employment agency €5 million (nearly €6 million) for failing to secure job seekers' data, which allowed hackers to steal the personal information of 43 million people. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance
News Preview
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
© National Cyber Security Centre 2026
© Sector News
29.01.2026
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
News Preview
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.
Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms...
© HackerNews 2026
© Sector News
29.01.2026
CVE-2025-27237
News Preview
Currently trending CVE - Hype Score: 12 - In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
© CVE Monitor 2026
© Sector News
29.01.2026
Google rolls out Android theft protection feature updates
News Preview
Google has introduced stronger Android authentication safeguards and enhanced recovery tools to make smartphones more challenging targets for thieves. [...]
© BleepingComputer 2026
© Sector News
29.01.2026
Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps
News Preview
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerab...
© HackerNews 2026
© Sector News
29.01.2026
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
News Preview
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk.
Three strategic steps you can take t...
© HackerNews 2026
© Sector News
29.01.2026
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
News Preview
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).
The list of vulnerabilities is as follows -
CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulner...
© HackerNews 2026
© Sector News
29.01.2026
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks
News Preview
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world.
To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www...
© HackerNews 2026
© Sector News
29.01.2026
Initial access hackers switch to Tsundere Bot for ransomware attacks
News Preview
A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
How Can CISOs Respond to Ransomware Getting More Violent?
News Preview
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.
© Dark Reading 2026
© Sector News
28.01.2026
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest
News Preview
Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.
© Dark Reading 2026
© Sector News
28.01.2026
Cyberattack on Polish energy grid impacted around 30 facilities
News Preview
The coordinated attack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
News Preview
To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.
© Dark Reading 2026
© Sector News
28.01.2026
eScan confirms update server breached to push malicious update
News Preview
MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Viral Moltbot AI assistant raises concerns over data security
News Preview
Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Consumers Reluctant to Shop at Stores That Don't Take Security Seriously
News Preview
The retail sector must adapt as consumers become more cybersecurity-conscious. Increased attack transparency is a good place to start.
© Dark Reading 2026
© Sector News
28.01.2026
New sandbox escape flaw exposes n8n instances to RCE attacks
News Preview
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
News Preview
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts.
The extension, named "ClawdBot Agent - AI...
© HackerNews 2026
© Sector News
28.01.2026
FBI seizes RAMP cybercrime forum used by ransomware gangs
News Preview
The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Empire cybercrime market owner pleads guilty to drug conspiracy
News Preview
A Virginia man who co-created Empire Market, one of the largest dark web marketplaces at the time, pleaded guilty to federal drug conspiracy charges for facilitating $430 million in illegal transactions from 2018 to 2020. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks
News Preview
In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors.
© Dark Reading 2026
© Sector News
28.01.2026
CVE-2024-37079
News Preview
Currently trending CVE - Hype Score: 3 - vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
© CVE Monitor 2026
© Sector News
28.01.2026
CVE-2025-25257
News Preview
Currently trending CVE - Hype Score: 18 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an ...
© CVE Monitor 2026
© Sector News
28.01.2026
Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
News Preview
The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM.
Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first m...
© HackerNews 2026
© Sector News
28.01.2026
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
News Preview
AI agents are now executing regulated actions, reshaping how compliance controls actually work. Token Security explains why CISOs must rethink identity, access, and auditability as AI becomes a digital employee. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
News Preview
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Surging Cyberattacks Boost Latin America to Riskiest Region
News Preview
The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI.
© Dark Reading 2026
© Sector News
28.01.2026
Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation
News Preview
A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Slovakian man pleads guilty to operating darknet marketplace
News Preview
A Slovakian national admitted on Tuesday to helping operate a darknet marketplace that sold narcotics, cybercrime tools and services, fake government IDs, and stolen personal information for more than two years. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
News Preview
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.
The weaknesses, discovered by the JFrog Security Research team, are listed below -
CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow ...
© HackerNews 2026
© Sector News
28.01.2026
From Triage to Threat Hunts: How AI Accelerates SecOps
News Preview
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts.
That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have inste...
© HackerNews 2026
© Sector News
28.01.2026
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
News Preview
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system.
The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system.
"In vm2 for version 3.10.0, P...
© HackerNews 2026
© Sector News
28.01.2026
New WhatsApp lockdown feature protects high-risk users from hackers
News Preview
Meta has started rolling out a new WhatsApp lockdown-style security feature designed to protect journalists, public figures, and other high-risk individuals from sophisticated threats, including spyware attacks. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
News Preview
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints.
The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primar...
© HackerNews 2026
© Sector News
28.01.2026
Password Reuse in Disguise: An Often-Missed Risky Workaround
News Preview
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary.
Near-identical password reuse co...
© HackerNews 2026
© Sector News
28.01.2026
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
News Preview
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads.
"Discovered and patched in July 2025, government-backed threat actors linked to Russia a...
© HackerNews 2026
© Sector News
28.01.2026
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
News Preview
Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT).
The packages, named spellcheckerpy and spellcheckpy, are no longer available on PyPI, but not before they were collectively downloaded a li...
© HackerNews 2026
© Sector News
28.01.2026
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
News Preview
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager an...
© HackerNews 2026
© Sector News
28.01.2026
OpenAI's ChatGPT ad costs are on par with live NFL broadcasts
News Preview
OpenAI plans to begin rolling out ads on ChatGPT in the United States if you have a free or $8 Go subscription, but the catch is that the ads could be very expensive for advertisers. [...]
© BleepingComputer 2026
© Sector News
28.01.2026
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
News Preview
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. [...]
© BleepingComputer 2026
