Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification…
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026,…
Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities…
Day Two of Pwn2Own Automotive 2026 kicked off with high intensity, as security researchers targeted automotive infotainment systems, EV chargers, and gateways. Building on Day…
Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully…
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20,…
Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across…
CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV)…
JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with…
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically,…
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent…
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that…
