Switch View
© Sector News
02.02.2026
Malicious MoltBot skills used to push password-stealing malware
News Preview
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
Mozilla announces switch to disable all Firefox AI features
News Preview
In response to user feedback on AI integration, Mozilla announced today that the next Firefox release will let users disable AI features entirely or manage them individually. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
News Preview
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.
ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-ho...
© HackerNews 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Short sale statistics, hedge fund activities and much more user-friendly information
© Sector News
02.02.2026
Microsoft: January update shutdown bug affects more Windows PCs
News Preview
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. [...]
© BleepingComputer 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
02.02.2026
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
News Preview
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.
The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a t...
© HackerNews 2026
© Sector News
02.02.2026
Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?
News Preview
CSPM tools are big business. Could they be the answer to your cloud configuration problems?
© National Cyber Security Centre 2026
© Sector News
02.02.2026
CVE-2025-13881
News Preview
Currently trending CVE - Hype Score: 1 - A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
© CVE Monitor 2026
© Sector News
02.02.2026
Please Don’t Feed the Scattered Lapsus ShinyHunters
News Preview
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
© Krebs on Security 2026
© Sector News
02.02.2026
ShinyHunters Expands Scope of SaaS Extortion Attacks
News Preview
Following their attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.
© Dark Reading 2026
© Sector News
02.02.2026
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
News Preview
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.
The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that...
© HackerNews 2026
© Sector News
02.02.2026
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
News Preview
Fake high-yield investment platforms are surging worldwide, promising "guaranteed" returns that mask classic Ponzi schemes.CTM360 explains how HYIP scams scale through social media, recycled templates, and referral abuse. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
Notepad++ update feature hijacked by Chinese state hackers for months
News Preview
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. [...]
© BleepingComputer 2026
Advertisment
20.10.2025
© Sector News
02.02.2026
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
News Preview
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
CVE-2024-12084
News Preview
Currently trending CVE - Hype Score: 1 - A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 ...
© CVE Monitor 2026
© Sector News
02.02.2026
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
News Preview
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.
Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to...
© HackerNews 2026
© Sector News
02.02.2026
Securing the Mid-Market Across the Complete Threat Lifecycle
News Preview
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done.
The challenge is that many security tools add compl...
© HackerNews 2026
© Sector News
02.02.2026
Microsoft fixes bug causing password sign-in option to disappear
News Preview
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
NationStates confirms data breach, shuts down game site
News Preview
NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
News Preview
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead.
"The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don H...
© HackerNews 2026
© Sector News
02.02.2026
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
News Preview
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems.
"Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the ...
© HackerNews 2026
© Sector News
02.02.2026
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
News Preview
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users.
"On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions pu...
© HackerNews 2026
© Sector News
01.02.2026
Exposed MongoDB instances still targeted in data extortion attacks
News Preview
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. [...]
© BleepingComputer 2026
© Sector News
01.02.2026
CVE-2024-30088
News Preview
Currently trending CVE - Hype Score: 6 - Windows Kernel Elevation of Privilege Vulnerability
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-9680
News Preview
Currently trending CVE - Hype Score: 6 - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < ...
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-51567
News Preview
Currently trending CVE - Hype Score: 6 - upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell ...
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40553
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-49039
News Preview
Currently trending CVE - Hype Score: 6 - Windows Task Scheduler Elevation of Privilege Vulnerability
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40552
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40554
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
© CVE Monitor 2026
© Sector News
01.02.2026
New Apple privacy feature limits location tracking on iPhones, iPads
News Preview
Apple is introducing a new privacy feature that lets users limit the precision of location data shared with cellular networks on some iPhone and iPad models. [...]
© BleepingComputer 2026
© Sector News
01.02.2026
OpenAI says you can trust ChatGPT answers, as it kicks off ads rollout preparation
News Preview
OpenAI previously confirmed that it's testing ads in ChatGPT for free and $8 Go accounts, and now we're seeing early signs of that rollout, at least on Android. [...]
© BleepingComputer 2026
© Sector News
01.02.2026
OpenAI is retiring famous GPT-4o model, says GPT 5.2 is good enough
News Preview
OpenAI has confirmed that it's retiring ChatGPT's most popular model called GPT-4o and several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, GPT-4.1 mini, and o4-mini. [...]
© BleepingComputer 2026
© Sector News
31.01.2026
CVE-2025-5419
News Preview
Currently trending CVE - Hype Score: 11 - Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
31.01.2026
U.S. convicts ex-Google engineer for sending AI tech data to China
News Preview
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. [...]
© BleepingComputer 2026
© Sector News
31.01.2026
Cloud storage payment scam floods inboxes with fake renewals
News Preview
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. [...]
© BleepingComputer 2026
© Sector News
31.01.2026
CVE-2025-15467
News Preview
Currently trending CVE - Hype Score: 3 - Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS ...
© CVE Monitor 2026
© Sector News
31.01.2026
CVE-2025-52691
News Preview
Currently trending CVE - Hype Score: 1 - Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
© CVE Monitor 2026
© Sector News
31.01.2026
Mandiant details how ShinyHunters abuse SSO to steal cloud data
News Preview
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. [...]
© BleepingComputer 2026
© Sector News
31.01.2026
Researcher reveals evidence of private Instagram profiles leaking photos
News Preview
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. [...]
© BleepingComputer 2026
© Sector News
31.01.2026
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
News Preview
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.
The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest ...
© HackerNews 2026
© Sector News
31.01.2026
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
News Preview
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.
The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies ...
© HackerNews 2026
© Sector News
31.01.2026
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
News Preview
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country.
The incident took place on December 29...
© HackerNews 2026
© Sector News
30.01.2026
Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation
News Preview
Investors poured $140 million into Torq's Series D Round, raising the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.
© Dark Reading 2026
© Sector News
30.01.2026
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child
News Preview
Dark Reading asked readers whether agentic AI attacks, advanced deepfake threats, board recognition of cyber as a top priority, or password-less technology adoption would be most likely to become a trending reality for 2026.
© Dark Reading 2026
© Sector News
30.01.2026
Out-of-the-Box Expectations for 2026 Reveal a Grab Bag of Risk
News Preview
Security teams need to be thinking about this list of emerging cybersecurity realities to avoid rolling the dice on enterprise security risks (and opportunities).
© Dark Reading 2026
© Sector News
30.01.2026
Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure
News Preview
The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.
© Dark Reading 2026
© Sector News
30.01.2026
Crypto wallets received a record $158 billion in illicit funds last year
News Preview
Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. [...]
© BleepingComputer 2026
© Sector News
30.01.2026
Microsoft to disable NTLM by default in future Windows releases
News Preview
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. [...]
© BleepingComputer 2026
© Sector News
30.01.2026
OpenClaw AI Runs Wild in Business Environments
News Preview
The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users' computers.
© Dark Reading 2026
© Sector News
30.01.2026
Operation Switch Off dismantles major pirate TV streaming services
News Preview
The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. [...]
© BleepingComputer 2026
© Sector News
30.01.2026
CVE-2024-9932
News Preview
Currently trending CVE - Hype Score: 1 - The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary ...
© CVE Monitor 2026
© Sector News
30.01.2026
Microsoft fixes Outlook bug blocking access to encrypted emails
News Preview
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. [...]
© BleepingComputer 2026
© Sector News
30.01.2026
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
News Preview
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.
One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any spons...
© HackerNews 2026
© Sector News
30.01.2026
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
News Preview
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and ...
© HackerNews 2026
© Sector News
30.01.2026
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues
News Preview
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. [...]
© BleepingComputer 2026
© Sector News
30.01.2026
Badges, Bytes and Blackmail
News Preview
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape?
Introduction: One view on the scattered fight against cybercrime
The growing sophistication and diversification of cybercrime have compelled law enforcement agencie...
© HackerNews 2026
© Sector News
30.01.2026
CVE-2025-36911
News Preview
Currently trending CVE - Hype Score: 1 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...
© CVE Monitor 2026
© Sector News
30.01.2026
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
News Preview
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.
Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secre...
© HackerNews 2026
© Sector News
30.01.2026
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
News Preview
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.
"SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code exe...
© HackerNews 2026
© Sector News
30.01.2026
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
News Preview
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.
The critical-severity vulnerabilities...
© HackerNews 2026
