Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the…
Month: January 2026
Research Finds 64% of Third-Party Apps Access Sensitive Data
Boston, MA, USA, January 21st, 2026, CyberNewsWire Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in…
Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems.…
Backup request is actually a phishing campaign, LastPass warns
LastPass on Tuesday warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults…
Black Basta’s alleged ringleader identified as authorities raid homes of other members
Law enforcement agencies from multiple European countries are still pursuing leads on people involved in the Black Basta ransomware group, nearly a year after the…
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. Tracked as CVE-2026-0723, this vulnerability stems from…
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations…
ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix”
ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text,…
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in…
ACME Flaw in Cloudflare allowed attackers to reach origin servers
ACME flaw in Cloudflare allowed attackers to reach origin servers Pierluigi Paganini January 21, 2026 Cloudflare fixed a flaw in its ACME validation logic that…
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel
Dive Brief: CFOs and chief information security officers are significantly misaligned when it comes to cybersecurity investment goals and priorities, a survey by cybersecurity firm…
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access…