Latest Internet & Cybersecurity News
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
A key figure in the Black Basta ransomware group has been added to the EU's Most Wanted list and INTERPOL Red Notice. This action targets ongoing ransomware operations disrupting global organizations. Law enforcement intensifies crackdowns on ransomware affiliates amid surging attacks.
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco released patches for CVE-2025-20393, a zero-day RCE flaw in AsyncOS Software exploited by China-nexus APT UAT-9686. The vulnerability affected Spam Quarantine in Secure Email Gateway and Web Manager. Exploitation began nearly a month before patching, highlighting rapid threat actor response.
Researchers Reveal Reprompt Attack on Microsoft Copilot for Single-Click Data Exfiltration
Varonis disclosed 'Reprompt' attack enabling attackers to exfiltrate data from Microsoft Copilot via a single legitimate link click. It bypasses enterprise security controls completely. This AI-specific vulnerability poses risks to sensitive data in chatbots.
Microsoft Fixes 114 Windows Flaws, One Actively Exploited, in January 2026 Patch
Microsoft addressed 114 vulnerabilities, including eight Critical and one actively exploited flaw. Patches cover privilege escalation, information disclosure, and RCE issues across Windows products. This marks the first major update of 2026 amid rising exploit trends.
Grubhub Confirms Breach Linked to ShinyHunters' Salesforce Attacks
Grubhub acknowledged unauthorized access to internal systems tied to stolen OAuth tokens from Salesloft Drift breaches. ShinyHunters demands ransom, threatening to leak Salesforce and Zendesk data. Customer financial data remained unaffected, but highlights delayed supply-chain exploits.
Jordanian Access Broker Pleads Guilty to Selling Hacked Networks
A 40-year-old Jordanian national pleaded guilty to acting as an access broker, selling entry to 50+ networks via exploited firewalls in 2023. U.S. Justice Department prosecuted the case. This underscores risks from initial access brokers in cybercrime ecosystems.
Fortinet FortiSIEM Critical RCE Vulnerability CVE-2025-64155 Exploited in Wild
Fortinet's FortiSIEM flaw (CVSS 9.4) enables unauthenticated RCE via crafted TCP requests and was exploited shortly after disclosure. Much activity traced to Chinese IPs. Defused honeypots detected immediate targeted attacks post-January 13 patch.
Microsoft Disrupts RedVDS Cybercrime Platform in Global Operation
Microsoft seized RedVDS infrastructure, linked to $40M+ U.S. losses since March 2025, with Europol and German authorities. Civil suits filed in U.S. and UK took down marketplace. Operation highlights international efforts against cybercrime-as-a-service.
China-Linked Hackers Exploit VMware ESXi Zero-Days for VM Escape
Chinese actors used compromised SonicWall VPN to deploy VMware ESXi exploits possibly dating to 2024, aiming for ransomware. Huntress stopped activity in December 2025. This reveals persistent targeting of virtualization for lateral movement.
China Introduces National Cyber ID Amid Privacy Concerns
China launched a national cyber ID system sparking privacy debates among experts and citizens. Initiative aims to bolster cybersecurity but raises surveillance fears. Deployment aligns with broader state control over digital identities.
Ledger Addresses Global-e Third-Party Breach Exposing Customer Data
Ledger disclosed a data incident via e-commerce provider Global-e, with unauthorized access to customer order records in January 2026. No financial impact reported yet. Underscores third-party risks in supply chains for crypto firms.
Salt Typhoon Hacks US National Guard Networks for Nearly a Year
China-backed Salt Typhoon group infiltrated US National Guard systems undetected for almost a year. Breach exposes critical infrastructure vulnerabilities. Ongoing investigations reveal extensive persistence by state-sponsored actors.