Tag: exploit
-
Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum
Tags: ai, attack, automation, business, ceo, ciso, control, country, cryptography, cyber, cybercrime, cybersecurity, data, detection, exploit, finance, framework, fraud, governance, healthcare, incident, infrastructure, international, middle-east, phishing, ransomware, resilience, risk, service, skills, software, strategy, supply-chain, technology, threat, tool, vulnerabilityAI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents;87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities;confidence in national cyber…
-
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft’s January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-january-2026-patch-tuesday-fixes-3-zero-days-114-flaws/
-
Threat Actors Exploit RMM Tools Through Weaponized PDF Files
Threat actors are exploiting legitimate Remote Monitoring and Management (RMM) tools as part of a sophisticated campaign distributing weaponized PDF files to unsuspecting users. AhnLab Security Intelligence Center (ASEC) recently uncovered multiple attack chains utilizing Syncro, SuperOps, NinjaOne, and ScreenConnect tools commonly used by managed service providers and IT teams for legitimate system administration. The…
-
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-flags-exploited-gogs-flaw-no/
-
Can You Afford the Total Cost of Free Java?
Before running Java on a free JVM, assess the likelihood of a vulnerability being exploited and the consequences of an exploit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/can-you-afford-the-total-cost-of-free-java/
-
ServiceNow patches critical AI platform flaw that could allow user impersonation
The company says it has no evidence the bug was exploited before October’s patch, but researchers say AI agent configuration can still enable prompt-injection style abuse. First seen on cyberscoop.com Jump to article: cyberscoop.com/servicenow-fixes-critical-ai-vulnerability-cve-2025-12420/
-
Dutch court convicts hacker who exploited port networks for drug trafficking
Dutch appeals court jails a 44-year-old hacker for 7 years for hacking port systems to help smuggle cocaine through European logistics hubs. A Dutch appeals court sentenced a 44-year-old hacker to seven years in prison for hacking port systems to help smuggle cocaine through European logistics hubs into the Netherlands. The appeals court reduced the…
-
Phishing Scams Exploit Browserthe-Browser Attacks to Steal Facebook Passwords
Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-scams-exploit-browser/
-
High-severity bug in Broadcom software enables easy WiFi denial-of-service
Tags: access, attack, business, encryption, exploit, firmware, flaw, monitoring, network, remote-code-execution, risk, service, software, vulnerability, wifiChipset-level bugs linger: Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack…
-
Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops First seen on theregister.com Jump to article: www.theregister.com/2026/01/13/cisa_gogs_exploit/
-
For application security: SCA, SAST, DAST and MAST. What next?
Tags: advisory, ai, application-security, automation, best-practice, business, cisa, cisco, cloud, compliance, container, control, cve, data, exploit, flaw, framework, gartner, government, guide, ibm, incident response, infrastructure, injection, kubernetes, least-privilege, ml, mobile, network, nist, resilience, risk, sbom, service, software, sql, supply-chain, threat, tool, training, update, vulnerability, waf<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all&w=1024" alt="Chart: Posture, provenance and proof." class="wp-image-4115680" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all 1430w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=768%2C431&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1024%2C575&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”575″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> Sunil GentyalaOver the past year the community has admitted the obvious: the battleground is the software supply chain and…
-
What Should We Learn From How Attackers Leveraged AI in 2025?
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basicsThe security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry…
-
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.”Gogs…
-
CISA Alerts on Actively Exploited Gogs Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Gogs, a self-hosted Git service, to its Known Exploited Vulnerabilities catalog, warning that the flaw is being actively exploited in the wild. Critical Vulnerability Details Tracked as CVE-2025-8110, the vulnerability is a path-traversal flaw in Gogs’ improper symbolic link handling in the PutContents…
-
NIST Calls for Public to Help Better Secure AI Agents
NIST Seeks Input to Protect AI Systems Used in Government, Critical Infrastructure. The National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks. First seen…
-
‘Violence-as-a-service’ suspect arrested in Iraq, extradition underway
Gang members ‘systematically exploited children and young people,’ cops say First seen on theregister.com Jump to article: www.theregister.com/2026/01/12/violence_as_a_service_arrest/
-
U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, open-source, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Gogs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)addeda Gogspath traversal vulnerability, tracked as CVE-2025-8110 (CVSS Score of 8.7), to itsKnown Exploited Vulnerabilities (KEV) catalog. Gogs (Go Git Service) is a lightweight, open-source, self-hosted Git service written…
-
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Tags: attack, cisa, exploit, flaw, government, rce, remote-code-execution, update, vulnerability, zero-dayCISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
-
Attackers Probing Popular LLMs Looking for Access to APIs: Report
Security researchers with GreyNoise say they’ve detected a campaign in which the threat actors are targeting more than 70 popular AI LLM models in a likely reconnaissance mission that will feed into what they call a “larger exploitation pipeline.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/attackers-probing-popular-llms-looking-for-access-to-apis-report/
-
Corrupting LLMs Through Weird Generalizations
Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. AbstractLLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts. In one experiment, we finetune a model…
-
Instagram Confirms No System Breach After External Password Reset Problem
Instagram has dismissed security breach concerns, clarifying that recent unexpected password reset emails were caused by an external party exploiting a now-patched vulnerability rather than a complete system compromise. The social media giant confirmed that a flaw in its systems allowed unknown threat actors to request password reset emails on behalf of users without actually…
-
Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years
The Amsterdam Court of Appeal ruled Friday that the man played a central technical role in a criminal network that exploited port computer systems in 2020 and 2021, allowing traffickers to move drugs through Europe’s logistics hubs without detection. First seen on therecord.media Jump to article: therecord.media/dutch-court-sentences-hacker-who-smuggled-cocaine-ports
-
âš¡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.Scale amplified the damage. A single weak configuration rippled out to…
-
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.”The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples…
-
EDRStartupHinder: Blocks Antivirus EDR at Windows 11 25H2 Startup (Defender Included)
A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys driver to interfere with security software initialization. The tool builds on previous research into Bindlink…
-
CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. First seen on hackread.com Jump to article: hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/
-
MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities
Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network. First seen on hackread.com Jump to article: hackread.com/maestro-toolkit-vmware-vm-escape-vulnerabilities/