Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited…
Category: TheHackerNews
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Jan 14, 2026Ravie LakshmananVulnerability / Patch Management Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker…
64% of 3rd-Party Applications Access Sensitive Data Without Justification
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector…
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Jan 14, 2026Ravie LakshmananApplication Security / Vulnerability Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production…
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
Jan 14, 2026Ravie LakshmananCyber Espionage / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its…
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Jan 13, 2026Ravie Lakshmanan Web Security / Data Theft Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022,…
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Jan 13, 2026Ravie LakshmananWeb Security / Online Fraud Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys…
From MCPs and Tool Access to Shadow API Key Sprawl
Jan 13, 2026The Hacker NewsArtificial Intelligence / Automation Security AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude…
New Advanced Linux VoidLink Malware Targets Cloud and container Environments
Jan 13, 2026Ravie LakshmananThreat Intelligence / Cyber Espionage Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that’s specifically…
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
Jan 13, 2026Ravie LakshmananVulnerability / SaaS Security ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable…
What Should We Learn From How Attackers Leveraged AI in 2025?
Jan 13, 2026The Hacker NewsThreat Intelligence / Identity Security Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security…
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Jan 13, 2026Ravie LakshmananMalware / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain…