ACME Flaw in Cloudflare allowed attackers to reach origin servers
ACME flaw in Cloudflare allowed attackers to reach origin servers Pierluigi Paganini January 21, 2026 Cloudflare fixed a flaw in its ACME validation logic that…
Author: Cybernoz
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel
Dive Brief: CFOs and chief information security officers are significantly misaligned when it comes to cybersecurity investment goals and priorities, a survey by cybersecurity firm…
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access…
New Magecart Attack Inject Malicious JavaScript to Skim Payment Data
A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works…
First Fully AI-Driven Malware Signals a New Era of Cyber Threats
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware…
Microsoft shares workaround for Outlook freezes after Windows update
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates. As explained one week ago, when Microsoft acknowledged…
ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through…
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers…
EU tightens cybersecurity rules for tech supply chains
The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure…
Critical ACF Add-on Plugin Flaw Exposes WordPress Sites
A critical security flaw has been discovered in a widely used ACF add-on plugin for WordPress, placing up to 100,000 websites at risk of a…
You Got Phished? Of Course! You’re Human…
Phishing succeeds not because users are careless, but because attackers exploit human timing, context, and emotion. Flare shows how modern phishing has become industrialized, scalable,…
NVIDIA NSIGHT Graphics for Linux Vulnerability Allows Code Execution Attacks
An urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux that could allow attackers to execute arbitrary code on affected systems. The…