Hacking

Category Added in a WPeMatico Campaign

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

AndyC 17 January 2026

Jan 16, 2026Ravie LakshmananMalvertising / Threat Intelligence The JavaScript (aka JScript) malware loader called GootLoader has been observed using a...

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

AndyC 17 January 2026

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise...

Your Digital Footprint Can Lead Right to Your Front Door

AndyC 17 January 2026

Jan 16, 2026The Hacker NewsPrivacy / Data Protection You lock your doors at night. You avoid sketchy phone calls. You're...

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

AndyC 17 January 2026

Jan 16, 2026Ravie LakshmananMalware / Cyber Espionage Security experts have disclosed details of a new campaign that has targeted U.S....

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

AndyC 17 January 2026

Jan 16, 2026Ravie LakshmananZero-Day / Cyber Espionage A threat actor likely aligned with China has been observed targeting critical infrastructure...

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

AndyC 16 January 2026

Jan 16, 2026Ravie LakshmananVulnerability / Web Security Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco...

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

AndyC 16 January 2026

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own...

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

AndyC 16 January 2026

Jan 15, 2026Ravie LakshmananWeb Security /Vulnerability A maximum-severity security flaw in a WordPress plugin called Modular DS has come under...

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

AndyC 16 January 2026

Jan 15, 2026Ravie LakshmananPrompt Injection / Enterprise Security Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt...

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

AndyC 16 January 2026

Jan 15, 2026Ravie LakshmananCybersecurity / Hacking News The internet never stays quiet. Every week, new hacks, scams, and security problems...

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

AndyC 16 January 2026

Jan 15, 2026The Hacker NewsData Security / Artificial Intelligence As AI copilots and assistants become embedded in daily work, security...

4 Outdated Habits Destroying Your SOC’s MTTR in 2026

AndyC 16 January 2026

It's 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for...

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud

AndyC 16 January 2026

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt...

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

AndyC 16 January 2026

Jan 15, 2026Ravie LakshmananNetwork Security / Vulnerability Palo Alto Networks has released security updates for a high-severity security flaw impacting...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

AndyC 15 January 2026

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated...

Hacking

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Your Digital Footprint Can Lead Right to Your Front Door

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

4 Outdated Habits Destroying Your SOC’s MTTR in 2026

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

Is it time for internet services to adopt identity verification?

Your personal information is on the dark web. What happens next?

Credential stuffing: What it is and how to protect yourself

This month in security with Tony Anscombe – December 2025 edition

A brush with online fraud: What are brushing scams and how do I stay safe?

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

Donate Bitcoin to this address

Donate Ethereum to this address

Sonatype Named DevOps Dozen Winner for Best DevSecOps Solution

Access Token vs Refresh Token: Key Differences & When to Use Each

JWT Claims Explained: Complete Guide to Standard & Custom JWT Token Claims

Passwordless Authentication vs MFA: Security, UX & Implementation Compared

Authentication Flow Explained: Step-by-Step Login & Token Exchange Process

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed