New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
Ravie LakshmananJan 24, 2026Malware / Critical Infrastructure The Russian nation-state hacking group known as Sandworm has been attributed to what...
Ravie
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
Ravie LakshmananJan 24, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical...
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
Ravie LakshmananJan 23, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security...
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Ravie LakshmananJan 23, 2026Network Security / Vulnerability Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO...
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order
Ravie LakshmananJan 23, 2026Regulatory Compliance / National Security TikTok on Friday officially announced that it formed a joint venture that...
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Ravie LakshmananJan 23, 2026Email Security / Endpoint Security Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages...
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
Ravie LakshmananJan 22, 2026Vulnerability / Linux A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd)...
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Ravie LakshmananJan 22, 2026Cybersecurity / Hacking News Most of this week's threats didn't rely on new tricks. They relied on...
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
Ravie LakshmananJan 22, 2026Cryptojacking / Malware A new malicious package discovered in the Python Package Index (PyPI) has been found...
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
Ravie LakshmananJan 22, 2026Vulnerability / Email Security A new security flaw in SmarterTools SmarterMail email software has come under active...
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Ravie LakshmananJan 22, 2026Network Security / Vulnerability Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious...
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Ravie LakshmananJan 22, 2026Vulnerability / Zero-Day Cisco has released fresh patches to address what it described as a "critical" security...
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security...
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Ravie LakshmananJan 21, 2026Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit...
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
Ravie LakshmananJan 21, 2026Email Security / Malware LastPass is alerting users to a new active phishing campaign that's impersonating the...
