Cyber Security News

Wiz Research has exposed that CodeBreach originated from unanchored regular expression patterns in CodeBuild webhook filters for the ACTOR_ID parameter, which should restrict builds to trusted GitHub user IDs. Without ^ and $ anchors, the filter matched any user ID containing an approved substring, allowing bypass via “eclipse” events where new, longer GitHub IDs incorporate […]

The post New AWS Console Supply Chain Attack Allows Hijack of AWS GitHub Repositories appeared first on Cyber Security News.

Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from providers like Google, Microsoft Azure, and AWS CloudFront. This approach allows hackers to bypass many […]

The post Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits appeared first on Cyber Security News.

Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that attacks targeting these systems are not simple prompt injections as commonly believed, but rather sophisticated, […]

The post Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats appeared first on Cyber Security News.

Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execution, posing severe risks to enterprise security monitoring systems. CVE-2025-64155 stems from improper neutralization of special elements in OS commands within the FortiSIEM phMonitor service, which handles internal data […]

The post Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks appeared first on Cyber Security News.

New York, United States, January 15th, 2026, CyberNewsWire BreachLock, a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced in early 2025.  BreachLock AEV’s generative AI-powered autonomous red teaming engine can now emulate real-world […]

The post BreachLock Expands Adversarial Exposure Validation (AEV) to Web Applications appeared first on Cyber Security News.

McLean, Virginia, United States, January 15th, 2026, CyberNewsWire A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and move faster than any cyber stack can keep up. The report advocates for […]

The post AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform appeared first on Cyber Security News.

A high-severity vulnerability in Windows Admin Center’s Azure Single Sign-On implementation has exposed Azure virtual machines and Arc-connected systems to unauthorized access across entire tenants. Cymulate Research Labs discovered the flaw, now tracked as CVE-2026-20965, which demonstrates how improper token validation can collapse security boundaries between individual machines and complete Azure environments. Microsoft patched the […]

The post Azure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center appeared first on Cyber Security News.

Cloudflare, the San Francisco-based cybersecurity and internet infrastructure giant, has acquired Human Native, a UK-based AI data marketplace. The deal aims to empower content creators with control over their data in the generative AI era, addressing rising tensions around web scraping and bot traffic. Human Native specializes in converting unstructured multimedia videos, articles, and more […]

The post Cloudflare Acquires Human Native to Strengthen AI Data Security appeared first on Cyber Security News.

Silver Spring, Maryland, January 15th, 2026, CyberNewsWire Aembit today announced the agenda and speaker lineup for NHIcon 2026: The Rise of Agentic AI Security, a virtual conference scheduled for Jan. 27. The second-annual event will examine the technical, operational, and security challenges emerging as agentic artificial intelligence systems enter enterprise environments. NHIcon 2026 will feature […]

The post Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security appeared first on Cyber Security News.

Critical security updates addressing CVE-2026-20824, a protection mechanism failure in Windows Remote Assistance that permits attackers to circumvent the Mark of the Web (MOTW) defense system. The vulnerability was disclosed on January 13, 2026, and affects multiple Windows platforms spanning from Windows 10 through Windows Server 2025. CVE-2026-20824 represents a security feature bypass vulnerability with […]

The post Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features appeared first on Cyber Security News.

A new information-stealing malware named MonetaStealer has been discovered actively targeting macOS users through deceptive file disguises and social engineering tactics. Security researchers at Iru first identified this threat on January 6, 2026, when they found a suspicious Mach-O binary masquerading as a Windows executable file named Portfolio_Review.exe. The malware represents a growing concern for […]

The post MonetaStealer Malware Powered with AI Code Attacking macOS Users in the Wild appeared first on Cyber Security News.

A joint operation led by Microsoft and international law enforcement has dismantled a business email compromise (BEC) attack chain powered by the RedVDS fraud engine. RedVDS operated as a low‑cost “cybercrime subscription” platform, giving criminals disposable virtual machines that looked like normal Windows systems on the internet. Using these rented hosts, threat actors sent huge […]

The post Microsoft and Authorities Dismatles BEC Attack Chain Powered by RedVDS Fraud Engine appeared first on Cyber Security News.

A critical authentication bypass vulnerability in Cal.com’s scheduling platform enables attackers to hijack any user account by exploiting a flaw in the NextAuth JWT callback mechanism. Tracked as CVE-2026-23478, this vulnerability affects versions from 3.1.6 up to but not including 6.0.7, with patches available in version 6.0.7 and later. The vulnerability resides in a custom […]

The post Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack any User Account appeared first on Cyber Security News.

Mozilla released Firefox 147 on January 13, 2026, addressing 16 security vulnerabilities detailed in the Mozilla Foundation Security Advisory. The update patches critical issues across components such as graphics, JavaScript, and networking, addressing six high-impact flaws, including multiple sandbox escapes, that could enable arbitrary code execution if exploited. These fixes also apply to Firefox ESR […]

The post Firefox 147 Released With Fixes for 16 Vulnerabilities that Enable Arbitrary Code Execution appeared first on Cyber Security News.

A critical unauthenticated privilege escalation vulnerability in the Modular DS WordPress plugin allows attackers to gain instant admin access, with exploitation confirmed in the wild. Affecting over 40,000 sites, the flaw in versions up to 2.5.1 has prompted urgent patches and mitigations from Patchstack and the vendor. Modular DS, developed by modulards.com, enables remote management […]

The post Critical WordPress Plugin Vulnerability Exploited in the Wild to Gain Instant Admin Access appeared first on Cyber Security News.

Hewlett Packard Enterprise (HPE) has disclosed four high-severity vulnerabilities in its Aruba Networking Instant On devices that could allow attackers to access sensitive network information and disrupt operations. The security flaws, identified as CVE-2025-37165, CVE-2025-37166, CVE-2023-52340, and CVE-2022-48839, affect devices running software version 3.3.1.0 and earlier. Vulnerability Details and Risk Assessment The most critical vulnerability, […]

The post HPE Aruba Vulnerabilities Enables Unauthorized Access to Sensitive Information appeared first on Cyber Security News.

Threat actors linked to Chinese hosting infrastructure have established a massive network of over 18,000 active command-and-control servers across 48 different hosting providers in recent months. This widespread abuse highlights a serious issue in how malicious infrastructure can hide within trusted networks and cloud services. Traditional threat hunting methods that focus on individual IP addresses […]

The post Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers appeared first on Cyber Security News.

Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts. […]

The post Palo Alto Networks Firewall Vulnerability Allows Attacker to Trigger DoS Attacks appeared first on Cyber Security News.

Microsoft released security updates on January 13, 2026, addressing a critical elevation of privilege vulnerability in SQL Server that enables authorized attackers to bypass authentication controls and gain elevated system privileges remotely. Tracked as CVE-2026-20803, the vulnerability stems from missing authentication mechanisms for critical functions within the database engine. The flaw affects multiple SQL Server […]

The post Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network appeared first on Cyber Security News.

A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks targeting multiple sectors including federal agencies, IT firms, logistics companies, and essential infrastructure providers across […]

The post Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure appeared first on Cyber Security News.