3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
The Hacker NewsJan 29, 2026Threat Intelligence / Incident Response Beyond the direct impact of cyberattacks, enterprises suffer from a secondary...
Hacking
Category Added in a WPeMatico Campaign
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Ravie LakshmananJan 29, 2026Vulnerability / Software Security SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web...
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of...
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the...
Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
Ravie LakshmananJan 28, 2026Critical Infrastructure / Threat Intelligence The "coordinated" cyber attack targeting multiple sites across the Polish power grid...
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
From Triage to Threat Hunts: How AI Accelerates SecOps
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total...
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js...
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack...
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Ravie LakshmananJan 28, 2026Vulnerability / Threat Intelligence Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially...
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Ravie LakshmananJan 28, 2026Network Security / Zero-Day Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS...
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Ravie LakshmananJan 27, 2026Mobile Security / Spyware Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Ravie LakshmananJan 27, 2026Threat Intelligence / Cyber Espionage Indian government entities have been targeted in two campaigns undertaken by a...
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
