SecurityWeek Briefing
- Get link
- X
- Other Apps
"In other news, 8,000 ransomeware attacks, China hacked US Government Emails, IDHAS breach impacts 700k."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 10 January 2026, 0037 UTC.
Content and Source provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
45
Today
by SecurityWeek News / 8h
Other noteworthy stories that might have slipped under the radar: Jaguar Land Rover sales crash, hundreds of gen-AI data policy violations, and Chinese cyberattacks against Taiwan intensified. The post appeared first on SecurityWeek .
by Mike Lennon / 9h
Kosiba, a veteran of the Intelligence Community with over 30 years of federal service, returns to the agency as its most senior civilian leader. The post appeared first on SecurityWeek .
by Ionut Arghire / 9h
The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions. The post appeared first on SecurityWeek .
by Eduard Kovacs / 10h
Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities. The post appeared first on SecurityWeek .
The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog. The post appeared first on SecurityWeek .
by Ionut Arghire / 11h
Radware bypassed ChatGPT’s protections to exfiltrate user data and implant a persistent logic into the agent’s long-term memory. The post appeared first on SecurityWeek .
Gulshan Management Services has informed authorities about a recent data breach resulting from a ransomware attack. The post appeared first on SecurityWeek .
Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. The post appeared first on SecurityWeek .
Yesterday
by Kevin Townsend / 1d
The UK government’s cyber action plan is by the government for the government, and has no advice for the private sector nor CNI. The post appeared first on SecurityWeek .
by Mike Lennon / 1d
The deal aims to bolster CrowdStrike's Falcon platform with "continuous identity" protection to secure human and AI-driven access in real-time. The post appeared first on SecurityWeek .
The company will use the funds to enhance its AI-based narrative intelligence technology platform and accelerate go-to-market efforts. The post appeared first on SecurityWeek .
by Eduard Kovacs / 1d
The New York-based data security company has tripled its valuation in just one year. The post appeared first on SecurityWeek .
by Etay Maor / 1d
When software can think and act on its own, security strategies must shift from static policy enforcement to real-time behavioral governance. The post appeared first on SecurityWeek .
by Ionut Arghire / 1d
The bug can allow attackers to read arbitrary files from the system, potentially exposing configurations and credentials. The post appeared first on SecurityWeek .
2 TTPs
by Ionut Arghire / 1d
Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. The post appeared first on SecurityWeek .
by Eduard Kovacs / 1d
CISA advisory warns that unauthenticated Bluetooth access in WHILL devices allows for unauthorized movement. The post appeared first on SecurityWeek .
The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post appeared first on SecurityWeek .
Jan 7, 2026
by Joshua Goldfarb / 2d
Security advice fails when it comes from those who don’t bear the consequences and won’t be responsible for making it work. The post appeared first on SecurityWeek .
by Ionut Arghire / 2d
Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity. The post appeared first on SecurityWeek .
by Ionut Arghire / 2d
An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service. The post appeared first on SecurityWeek .
by Eduard Kovacs / 2d
Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication. The post appeared first on SecurityWeek .
2025 was the strongest year for cybersecurity funding since the 2021 peak, according to Pinpoint Search Group. The post appeared first on SecurityWeek .
2 TTPs
by Ionut Arghire / 2d
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands. The post appeared first on SecurityWeek .
by Ionut Arghire / 2d
Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally. The post appeared first on SecurityWeek .
Jan 6, 2026
by Kevin Townsend / 3d
From dismantling online games as a child to uncovering real-world vulnerabilities, Katie Paxton-Fear explains how autism, curiosity, and a rejection of ambiguity shaped her path into ethical hacking. The post appeared first on SecurityWeek .
by Steve Durbin / 3d
We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound. The post appeared first on SecurityWeek .
by Ionut Arghire / 3d
Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers. The post appeared first on SecurityWeek .
by Eduard Kovacs / 3d
The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers. The post appeared first on SecurityWeek .
by Ionut Arghire / 3d
Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections. The post appeared first on SecurityWeek .
by Ionut Arghire / 3d
The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations. The post appeared first on SecurityWeek .
The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems. The post appeared first on SecurityWeek .
Jan 5, 2026
by Eduard Kovacs / 3d
Significant cybersecurity M&A deals announced by Akamai, Red Hat, Checkmarx, Silent Push, and ServiceNow. The post appeared first on SecurityWeek .
Flights across Greece were impacted for several hours after noise was reported on multiple air traffic communication channels. The post appeared first on SecurityWeek .
The hacking group Crimson Collective has claimed the theft of personal information pertaining to over 1 million Brightspeed customers. The post appeared first on SecurityWeek .
Hackers have compromised a file transfer system at Sedgwick’s subsidiary that serves government agencies. The post appeared first on SecurityWeek .
by Ionut Arghire / 4d
With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post appeared first on SecurityWeek .
The 2-million-device-strong botnet allows monetization through DDoS attacks, app installs, and the selling of proxy bandwidth. The post appeared first on SecurityWeek .
by Eduard Kovacs / 4d
WhatsApp device fingerprinting can be useful in the delivery of sophisticated spyware, but impact is very limited without a zero-day. The post appeared first on SecurityWeek .
Jan 3, 2026
The deal involved aerospace and defense specialist Emcore Corp. selling its computer chips and wafer fabrication operation. The post appeared first on SecurityWeek .
Jan 2, 2026
Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post appeared first on SecurityWeek .
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post appeared first on SecurityWeek .
2 TTPs
by Eduard Kovacs / 7d
The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post appeared first on SecurityWeek .
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post appeared first on SecurityWeek .
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.