Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Ravie LakshmananJan 22, 2026Vulnerability / Zero-Day Cisco has released fresh patches to address what it described as a "critical" security...
Hacking
Category Added in a WPeMatico Campaign
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with...
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security...
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff
The Hacker NewsJan 21, 2026Artificial Intelligence / Automation Every managed security provider is chasing the same problem in 2026 —...
Exposure Assessment Platforms Signal a Shift in Focus
Gartner® doesn't create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has...
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Ravie LakshmananJan 21, 2026Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit...
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person...
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
Ravie LakshmananJan 21, 2026Email Security / Malware LastPass is alerting users to a new active phishing campaign that's impersonating the...
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that,...
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio...
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official...
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Ravie LakshmananJan 20, 2026Malware / Threat Intelligence Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private...
The Hidden Risk of Orphan Accounts
The Hacker NewsJan 20, 2026Enterprise Security / AI Security The Problem: The Identities Left Behind As organizations grow and evolve,...
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Ravie LakshmananJan 20, 2026Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that's targeting software...
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Ravie LakshmananJan 20, 2026Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME)...
