Leader of ransomware crew pleads guilty to four-year crime spree
A Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022. Ianis…
Month: January 2026
Beware of PNB MetLife Payment Gateway that Steals Your Details and Direct to UPI Payments
A sophisticated phishing campaign targeting PNB MetLife insurance customers has surfaced, deceiving victims through fake payment gateway pages that steal personal information and redirect them…
Node.js binary-parser Library Flaw Enables Malicious Code Injection
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20,…
Comms Department queries Telstra over outback LEOsat outages
The federal government has started examining the performance of around 200 Telstra-supplied small cell mobile base stations providing service to remote communities using LEOsat services…
Watchdog group sues for TSA data sharing agreement with ICE
A nonprofit is suing the federal government for records surrounding a data sharing agreement between the Transportation Security Administration and Immigrations and Customs Enforcement that…
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time
Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully…
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments
Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across…
Fintech Airwallex to be audited by AUSTRAC
Australia’s financial crime watchdog has ordered an audit of payment platform Airwallex for suspected anti-money laundering and counter-terrorism financing compliance failures. The Australian Transaction Reports…
Machine learning–powered Android Trojans bypass script-based Ad Click detection
Machine learning–powered Android Trojans bypass script-based Ad Click detection Pierluigi Paganini January 22, 2026 A new Android click-fraud trojan family uses TensorFlow ML to visually…
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass vulnerability in…
New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks
A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified…
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV)…