The Cybersecurity and Infrastructure Security Agency (CISA) announced a significant milestone on January 8, 2026, by retiring ten Emergency Directives issued between 2019 and 2024.…
A newly discovered malware campaign is using fake WinRAR download sites to deliver the dangerous Winzipper malware directly to unsuspecting users. The attack emerged from…
North Korean state‑sponsored group Kimsuky is running new spearphishing campaigns that abuse QR codes to compromise U.S. organizations. The FBI warns that think tanks, NGOs,…
In a classic “Microsoft moment,” Windows Defender has started blocking the popular open-source Microsoft Activation Scripts (MAS) tool while targeting fake impostors, without verifying whether…
A critical vulnerability in the OWASP Core Rule Set (CRS) has been discovered that allows attackers to bypass important security protections designed to prevent charset-based…
Critical security patches to address three severe vulnerabilities affecting Apex Central (on-premise) that could allow remote attackers to execute malicious code or launch denial-of-service attacks…
A critical security flaw has been discovered in the Undertow HTTP server core, a widely used component in Java applications such as WildFly and JBoss…
Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped,…
A critical pre-authentication remote code execution vulnerability, identified as CVE-2025-52691, has been discovered in SmarterTools’ SmarterMail solution. The flaw received a maximum CVSS score of…
Security researchers have identified over 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026, exposing systematic campaigns against large language model deployments.…
Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service. Devices…
The security landscape faced a significant challenge just before the year’s end with the emergence of ConsentFix, an ingenious OAuth-based attack that exploits legitimate authentication…
