Collecting Cyber-News from over 60 sources

Tag: hacker

CrowdStrike Acquires SGNL for $740 Million to Thwart AI-Powered Cyber Threats

Jan 8, 2026 10:02 PM

Tags: ai, credentials, crowdstrike, cyber, cybersecurity, defense, exploit, hacker, identity, intelligence, startup, technology, threat

CrowdStrike Inc. said Thursday it will acquire identity security startup SGNL in a deal valued at $740 million the latest move by the cybersecurity giant to fortify its defenses against increasingly sophisticated artificial intelligence (AI)-powered cyberattacks. The acquisition centers on SGNL’s continuous identity technology, designed to prevent hackers from exploiting user credentials as entry.. First…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
Cryptohack Roundup: Alleged Fraud Kingpin Deported to China

Jan 8, 2026 7:02 PM

Tags: attack, breach, china, crypto, data, fraud, hacker, theft

Also: Unleash Protocol Hack, LastPass Breach Linked to Crypto Thefts. This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol’s $3.9M hack, TRM tied crypto thefts to the LastPass breach, Trust Wallet’s link to the Sha1-Hulud attack, Flow’s NFT loan fallout, Ledger’s data exposure and Kontigo reimbursements. First seen…
New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys

Jan 8, 2026 7:02 PM

Tags: access, attack, authentication, cyber, cybersecurity, hacker, microsoft, social-engineering, threat

In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access tokens. The technique, dubbed >>ConsentFix<< by PushSecurity, represents an evolution of the ClickFix social engineering paradigm, enabling threat actors to…
Report: China Breached Email Systems Used by U.S. Congressional Staff

Jan 8, 2026 7:02 PM

Tags: china, cyber, cyberattack, email, finance, hacker, infrastructure

Beijing dismissed accusations of Chinese involvement in a significant cyberattack against United States congressional staff email systems on Thursday, characterizing the allegations as >>politically motivated disinformation.<< The denial comes after the Financial Times reported that Chinese hackers successfully compromised email infrastructure used by members of powerful House of Representatives committees, according to sources familiar with…
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Jan 8, 2026 3:01 PM

Tags: cloud, flaw, hacker, Internet, iran, leak, rce, remote-code-execution, risk, scam, tool

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.Read on to catch up before the next wave hits. Honeypot…
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers

Jan 8, 2026 12:01 PM

Tags: authentication, control, hacker, threat, vulnerability

A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/maximum-severity-ni8mare-bug/
BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials

Jan 8, 2026 10:01 AM

Tags: credentials, cyber, google, group, hacker, infrastructure, microsoft, russia, sophos, theft, threat, vpn

A sophisticated credential-harvesting operation conducted by BlueDelta, a Russian state-sponsored threat group linked to the GRU’s Main Directorate, targeted critical infrastructure organizations and research institutions throughout 2025, according to a comprehensive investigation by Recorded Future’s Insikt Group. The campaign, spanning February through September 2025, represents a significant evolution in the group’s persistent credential-theft operations, with…
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
Critical jsPDF flaw lets hackers steal secrets via generated PDFs

Jan 8, 2026 12:01 AM

Tags: data, flaw, hacker, vulnerability

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/
Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Jan 8, 2026 12:01 AM

Tags: exploit, flaw, hacker, router, zero-day

Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-exploit-zero-day-end-of-life-d-link-routers
Deception Tech Snares Shiny Hunter Attacker’s IP Address

Jan 7, 2026 10:02 PM

Tags: hacker, technology, threat

Targeted Threat Intel Firm Shares Details With Police After Honeypot Hit Getting owned by deception technology isn’t good news for one’s criminal brand or ability to remain at large. Just ask the band of young hackers behind Scattered Lapsus$ Shiny Hunters, when one of their ilk fell into a security firm’s honeytrap, revealing his actual…
Hackers Using Malicious QR Codes for Phishing via HTML Table

Jan 7, 2026 10:02 PM

Tags: cyber, email, hacker, malicious, phishing, qr, threat, tool

Threat actors are continuing to refine “quishing” phishing delivered through QR codes by shifting from traditional image-based payloads to “imageless” QR codes rendered directly in email HTML, a tactic designed to sidestep security tools that focus on decoding QR images. QR code abuse is not new, but it remains effective because the user experience is…
Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information

Jan 7, 2026 10:02 PM

Tags: android, china, cyber, data, group, hacker, malicious, malware, nfc, social-engineering, tactics, threat

Chinese threat actors are conducting an aggressive campaign that distributes NFC-enabled Android malware capable of intercepting and remotely relaying payment card data via Telegram. Identified as >>Ghost Tap<< and linked to threat groups including TX-NFC and NFU Pay, the malicious applications employ social engineering tactics to deceive users into installing APKs and unknowingly facilitating fraudulent…
Chinese Hackers Launch Ongoing Attacks on Taiwan’s Critical Infrastructure

Jan 7, 2026 10:02 PM

Tags: attack, china, cyber, hacker, infrastructure, threat, warfare

China’s state-sponsored cyber operations against Taiwan have intensified dramatically, with threat actors launching an average of 2.63 million intrusion attempts daily targeting critical infrastructure across nine primary sectors, according to a newly released report from Taiwan’s National Security Bureau (NSB). The NSB report documents a concerning pattern of synchronized cyber warfare operations that correlate directly…
Max severity Ni8mare flaw lets hackers hijack n8n servers

Jan 7, 2026 7:01 PM

Tags: automation, control, flaw, hacker, vulnerability

A maximum severity vulnerability dubbed “Ni8mare” allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT

Jan 7, 2026 6:01 PM

Tags: ai, attack, cybercrime, fraud, hacker, hacking, service, threat, tool

Cybercriminals are increasingly using AI to lower the barrier to entry for fraud and hacking, shifting from skill-based to AI-assisted attacks known as “vibe hacking.” Flare examines how underground forums promote AI tools, jailbreak techniques, and so-called “Hacking-GPT” services that promise ease rather than technical mastery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/in-2026-hackers-want-ai-threat-intel-on-vibe-hacking-and-hackgpt/
Lone Hacker Used Infostealers to Access Data at 50 Global Companies

Jan 7, 2026 5:01 PM

Tags: access, breach, data, hacker, iran, password

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett Associates, by using stolen passwords and a lack of MFA. First seen on hackread.com Jump to article: hackread.com/lone-hacker-infostealers-global-companies-data/
Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Jan 7, 2026 12:01 PM

Tags: cve, exploit, flaw, hacker, rce, remote-code-execution, router, threat, vulnerability

Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’),…
Hackers Claim to Disconnect Brightspeed Customers After Breach

Jan 7, 2026 12:01 PM

Tags: breach, hacker, hacking

A hacking collective claims it has disconnected customers of US ISP Brightspeed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hackers-disconnect-brightspeed/
Hackers Exploit Routing Misconfigurations to Successfully Spoof Organizations

Jan 7, 2026 9:52 AM

Tags: attack, authentication, cyber, cybercrime, email, exploit, hacker, phishing

Cybercriminals are exploiting complex routing scenarios and misconfigured email authentication protections to successfully spoof organizational domains, enabling them to deliver phishing emails that appear to originate from within targeted companies. The attack vector, which has seen increased activity since May 2025, leverages weaknesses in Domain-based Message Authentication, Reporting, and Conformance (DMARC) configurations and third-party email…
Black Cat Hacker Group Uses Fake Notepad++ Websites to Distribute Malware and Steal Data

Jan 7, 2026 9:52 AM

Tags: backdoor, cyber, cyberattack, data, exploit, group, hacker, Internet, malware, software

A sophisticated cyberattack campaign orchestrated by the notorious >>Black Cat
Hackers Create Fake DocuSign Login Page to Steal User Credentials

Jan 7, 2026 9:52 AM

Tags: attack, credentials, crime, cyber, cybercrime, detection, hacker, Internet, login, phishing, social-engineering, tactics, threat

Phishing attacks continue to dominate the cybercrime landscape as threat actors refine their social engineering tactics to evade detection systems. The FBI’s Internet Crime Complaint Center (IC3) recorded 193,407 phishing and spoofing complaints in 2024, making it the year’s top cybercrime category and contributing to a staggering $16.6 billion in rep. Phishing attacks continue to…
Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Jan 6, 2026 11:52 PM

Tags: android, attack, botnet, ddos, hacker

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network. First seen on hackread.com Jump to article: hackread.com/android-tv-streaming-devices-infected-kimwolf-botnet/
Missing MFA Strikes Again: Hacker Hits Collaboration Tools

Jan 6, 2026 9:52 PM

Tags: access, breach, cloud, credentials, data, hacker, malware, mfa, tool

Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers Warn. Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data. First seen on…
Gratis-Versprechen, teurer Fehler: Hacker kapert über Windows-Aktivierungstool tausende Krypto-Transfers

Jan 6, 2026 4:52 PM

Tags: crypto, hacker, windows

First seen on t3n.de Jump to article: t3n.de/news/windows-aktivierungstool-infiziert-pc-1724021/
Resecurity Went on the Cyber Offensive When ‘Shiny Objects’ trick ‘Shiny Hunters’

Jan 6, 2026 3:52 PM

Tags: cyber, hacker

Resecurity released 105 pages with 1,000+ messages tied to hacker John Erin Binns, detailing contacts with an unnamed woman in Turkey and an associate called “S.M.” Resecurity released 105 pages containing over 1,000 messages related to John Erin Binns, a hacker who is currently not in U.S. custody, and sent a “warm hello” to an…
Fujitsu Post Office IT support team were ‘legalised hackers’

Jan 6, 2026 12:52 PM

Tags: backdoor, hacker, office

Backdoors meant it was possible for Fujitsu staff to steal money from Post Office branches, says former Fujitsu tech worker First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636770/Former-Fujitsu-IT-support-team-were-legalised-hackers
Malware im Anmarsch: Hacker tricksen Windows-Nutzer mit Fake-Bluescreens aus

Jan 6, 2026 11:52 AM

Tags: hacker, malware, windows

Ein Bluescreen, der gleich die Problemlösung mitliefert? Zu schön, um wahr zu sein. Es droht eine gefährliche Malware-Infektion. First seen on golem.de Jump to article: www.golem.de/news/malware-im-anmarsch-hacker-tricksen-windows-nutzer-mit-fake-bluescreens-aus-2601-203847.html