Aligning cybersecurity purchases with what your SOC team needs
Security teams are expected to detect and respond to attacks in real time—but often with tools they didn’t choose and workflows that weren’t built for…
Author: Cybernoz
NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services
A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting…
Apache Airflow Flaws Expose Sensitive Workflow Data to Potential Attackers
Apache Airflow has patched two separate credential-exposure vulnerabilities in versions before 3.1.6. The flaws could allow attackers to extract sensitive authentication data embedded in proxy…
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP)…
WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks
A critical security flaw in the popular Advanced Custom Fields: Extended WordPress plugin has put more than 100,000 websites at risk of full takeover. The…
Gootloader Malware With Low Detection Rate Evades Most Security Tools
Gootloader malware has resurfaced, employing sophisticated evasion techniques to exploit malformed ZIP archives and obfuscation mechanisms to bypass security detection systems. The Gootloader malware campaign,…
Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info – Hackread – Cybersecurity News, Data Breaches, AI, and More
The 2023 Cerebral breach exposed 3.1 million users’ sensitive mental health information, not through sophisticated attacks, but through marketing pixels that inadvertently transmitted emotional and…
Mastercard CEO Michael Miebach On Cybersecurity at World Economic Forum
“Cybersecurity is the foundation for our digital world. It is at the heart of trust and will allow society to fully benefit from the transformations…
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Ravie LakshmananJan 20, 2026Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information…
Google Gemini Calendar Exploit Via Prompt Injection
Security teams have spent decades hardening software against malicious input, yet a recent vulnerability involving Google Gemini demonstrates how those assumptions begin to fracture when…
Cloudflare Zero-Day Allowed WAF Bypass Via ACME Path
A critical zero-day vulnerability in Cloudflare exposed a fundamental weakness in how security exceptions are handled at scale. The flaw allowed attackers to bypass Cloudflare’s…
Why execs don’t buy SOC teams the tools they need
Security teams are expected to detect and respond to attacks in real time—but often with tools they didn’t choose and workflows that weren’t built for…