Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious …
Microsoft on Tuesday rolled out its first security update for 2026 , addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.
Of the 114 flaws, …
**
Jan 14, 2026 **
Ravie Lakshmanan
Vulnerability / Patch Management
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to …
**
Jan 14, 2026 **
Ravie Lakshmanan
Application Security / Vulnerability
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production …
**
Jan 14, 2026 **
Ravie Lakshmanan
Cyber Espionage / Threat Intelligence
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense …
January 2026 Microsoft Patch Tuesday Summary Published 2026-01-13. Last Updated 2026-01-13 19:05:41 UTC by Johannes Ullrich (Version: 1)
0 comment(s)
Today, Microsoft released patches for 113 …
**
Jan 13, 2026 **
Ravie Lakshmanan
Web Security / Data Theft
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major …
**
Jan 13, 2026 **
Ravie Lakshmanan
Web Security / Online Fraud
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys …
**
Jan 13, 2026 **
The Hacker News
Artificial Intelligence / Automation Security
AI agents are no longer just writing code. They are executing it.
Tools like Copilot, Claude Code, and Codex can now …
**
Jan 13, 2026 **
Ravie Lakshmanan
Malware / Endpoint Security
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack …
1980s Hacker Manifesto Forty years ago, The Mentor— Loyd Blankenship —published “ The Conscience of a Hacker ” in Phrack .
You bet your ass we’re all alike… we’ve been spoon-fed baby food at school …
**
Jan 13, 2026 **
The Hacker News
Threat Intelligence / Identity Security
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics
The security industry loves …
**
Jan 13, 2026 **
Ravie Lakshmanan
Vulnerability / SaaS Security
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an …
**
Jan 13, 2026 **
Ravie Lakshmanan
Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw …
**
Jan 12, 2026 **
Ravie Lakshmanan
Vulnerability / Workflow Automation
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations …
**
Jan 12, 2026 **
Ravie Lakshmanan
Hacking News / Cybersecurity
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry …
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such …
Corrupting LLMs Through Weird Generalizations Fascinating research:
Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs .
Abstract LLMs are useful because they generalize so well. …
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) …
**
Jan 12, 2026 **
Ravie Lakshmanan
Artificial Intelligence / Healthcare
Anthropic has become the latest Artificial intelligence (AI) company to announce a new suite of features that allows users of …
YARA-X’s 1.11.0 release brings a new feature: hash function warnings.
When you write a YARA rule to match a cryptographic hash (either the full file content or a part of it), what’s …