Switch View
Source: The Hacker News
Filter zurücksetzen
© Sector News
20.01.2026
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
News Preview
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic.
The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. T...
© HackerNews 2026
© Sector News
19.01.2026
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
News Preview
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.
The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calen...
© HackerNews 2026
© Sector News
19.01.2026
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
News Preview
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mist...
© HackerNews 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Short sale statistics, hedge fund activities and much more user-friendly information
© Sector News
19.01.2026
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
News Preview
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services.
In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS dow...
© HackerNews 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
19.01.2026
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
News Preview
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors.
The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermi...
© HackerNews 2026
© Sector News
19.01.2026
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
News Preview
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed M...
© HackerNews 2026
© Sector News
19.01.2026
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
News Preview
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations.
"By exploiting it, we were able to collect system fingerprints, monitor ac...
© HackerNews 2026
© Sector News
17.01.2026
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
News Preview
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.
In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wan...
© HackerNews 2026
© Sector News
17.01.2026
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
News Preview
OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally.
"You need to know that your data and conversations are protected and never sold to advertisers," OpenA...
© HackerNews 2026
© Sector News
16.01.2026
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
News Preview
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives.
"The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with T...
© HackerNews 2026
© Sector News
16.01.2026
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
News Preview
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts.
"The extensions work in concert to steal authentication tokens, block incident respo...
© HackerNews 2026
© Sector News
16.01.2026
Your Digital Footprint Can Lead Right to Your Front Door
News Preview
You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media.
But what about the information about you that’s already out there—without your permission?
Your name. Home address. Phone number. Past jobs. Family members. Old usernames.
It’s all still online, and it’s a lot easier to find than you thi...
© HackerNews 2026
Advertisment
20.10.2025
© Sector News
16.01.2026
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
News Preview
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.
The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now de...
© HackerNews 2026
© Sector News
16.01.2026
China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion
News Preview
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campa...
© HackerNews 2026
© Sector News
16.01.2026
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
News Preview
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.
The v...
© HackerNews 2026
© Sector News
15.01.2026
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
News Preview
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk.
The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in Septemb...
© HackerNews 2026
© Sector News
15.01.2026
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
News Preview
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.
The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It ...
© HackerNews 2026
© Sector News
15.01.2026
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
News Preview
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely.
"Only a single click on a legitimate Microsoft link is required t...
© HackerNews 2026
© Sector News
15.01.2026
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
News Preview
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
Unauthenticate...
© HackerNews 2026
© Sector News
15.01.2026
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
News Preview
As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models.
Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over...
© HackerNews 2026
© Sector News
15.01.2026
4 Outdated Habits Destroying Your SOC's MTTR in 2026
News Preview
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response.
Below are four limiting habits th...
© HackerNews 2026
© Sector News
15.01.2026
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
News Preview
Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses.
The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has...
© HackerNews 2026
© Sector News
15.01.2026
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
News Preview
Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS softwa...
© HackerNews 2026
© Sector News
14.01.2026
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
News Preview
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025.
AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate...
© HackerNews 2026
© Sector News
14.01.2026
AI Agents Are Becoming Authorization Bypass Paths
News Preview
Not long ago, AI agents were harmless. They wrote snippets of code. They answered questions. They helped individuals move a little faster.
Then organizations got ambitious.
Instead of personal copilots, companies started deploying shared organizational AI agents - agents embedded into HR, IT, engineering, customer support, and operations. Agents th...
© HackerNews 2026
© Sector News
14.01.2026
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
News Preview
Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.
"Attackers achieve evasion by pairing a malicious libcares-2.dll with a...
© HackerNews 2026
© Sector News
14.01.2026
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
News Preview
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.
The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.
"An improper neutralization of special e...
© HackerNews 2026
© Sector News
14.01.2026
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
News Preview
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.
Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
Specific offenders: Google Tag Manager (8% of violations), Shop...
© HackerNews 2026
© Sector News
14.01.2026
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
News Preview
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.
Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed...
© HackerNews 2026
© Sector News
14.01.2026
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
News Preview
Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service (DoS) condition.
"Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to...
© HackerNews 2026
© Sector News
14.01.2026
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
News Preview
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025.
The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat ac...
© HackerNews 2026
© Sector News
13.01.2026
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
News Preview
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay.
"Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Si...
© HackerNews 2026
© Sector News
13.01.2026
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
News Preview
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.
The extension, named MEXC API Automator (ID: pppdfgkfdemgfknf...
© HackerNews 2026
© Sector News
13.01.2026
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
News Preview
AI agents are no longer just writing code. They are executing it.
Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks.
Behind every agentic workflow sits a layer few organizatio...
© HackerNews 2026
© Sector News
13.01.2026
New Advanced Linux VoidLink Malware Targets Cloud and container Environments
News Preview
Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to Linux-based cloud environments
According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom l...
© HackerNews 2026
© Sector News
13.01.2026
What Should We Learn From How Attackers Leveraged AI in 2025?
News Preview
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics
The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Atta...
© HackerNews 2026
© Sector News
13.01.2026
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
News Preview
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.
The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. It has been c...
© HackerNews 2026
© Sector News
13.01.2026
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
News Preview
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access.
"The infection chain follows a tightly orchestrated execution path: an obfuscated V...
© HackerNews 2026
© Sector News
13.01.2026
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
News Preview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that co...
© HackerNews 2026
© Sector News
12.01.2026
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens
News Preview
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials.
One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads integration, and prompts users to link their advertising a...
© HackerNews 2026
© Sector News
12.01.2026
⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
News Preview
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.
Scale amplified the damage. A single weak configuration rippled out t...
© HackerNews 2026
© Sector News
12.01.2026
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
News Preview
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.
"The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server ...
© HackerNews 2026
© Sector News
12.01.2026
Anthropic Launches Claude AI for Healthcare with Secure Health Record Access
News Preview
Anthropic has become the latest Artificial intelligence (AI) company to announce a new suite of features that allows users of its Claude platform to better understand their health information.
Under an initiative called Claude for Healthcare, the company said U.S. subscribers of Claude Pro and Max plans can opt to give Claude secure access to their...
© HackerNews 2026
© Sector News
12.01.2026
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
News Preview
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy.
At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam centers across Southeast Asia, creating special economic...
© HackerNews 2026
© Sector News
10.01.2026
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
News Preview
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.
"The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti...
© HackerNews 2026
© Sector News
10.01.2026
Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime
News Preview
Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe.
As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three other...
© HackerNews 2026
© Sector News
09.01.2026
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines
News Preview
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024.
Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final sta...
© HackerNews 2026
© Sector News
09.01.2026
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations
News Preview
Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan.
The activity has been attributed to APT28 (aka BlueDelt...
© HackerNews 2026
© Sector News
09.01.2026
Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)
News Preview
As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored.
An upcoming webinar hosted by Bitdefender aims...
© HackerNews 2026
© Sector News
09.01.2026
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
News Preview
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been descr...
© HackerNews 2026
© Sector News
09.01.2026
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
News Preview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.
The list of the directives now considered closed is as follows -
ED 19-01: Mitigate DNS Infrastructure Tampering
ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tue...
© HackerNews 2026
© Sector News
09.01.2026
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
News Preview
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.
"As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities...
© HackerNews 2026
© Sector News
08.01.2026
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
News Preview
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.
The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.
"The malware retrieves the victim's WhatsApp contact list and automatically sends m...
© HackerNews 2026
© Sector News
08.01.2026
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
News Preview
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.
The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the...
© HackerNews 2026
© Sector News
08.01.2026
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
News Preview
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
Honeypot Traps ...
© HackerNews 2026
© Sector News
08.01.2026
The State of Trusted Open Source
News Preview
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, a...
© HackerNews 2026
© Sector News
08.01.2026
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
News Preview
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with adm...
© HackerNews 2026
© Sector News
08.01.2026
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
News Preview
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx."
bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (19...
© HackerNews 2026
© Sector News
08.01.2026
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
News Preview
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows -
CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the databa...
© HackerNews 2026
© Sector News
08.01.2026
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
News Preview
Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health.
To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Functio...
© HackerNews 2026
