Latest Internet & Cybersecurity News
Massive Data Breach Exposes 149 Million Passwords from Gmail, Netflix, Facebook
Cybersecurity researchers uncovered a publicly accessible database with 149 million login credentials, including plaintext passwords for Gmail, Facebook, and Netflix. This exposes users to credential stuffing and identity theft risks. The breach was reported on January 25, 2026.
Osiris Ransomware Emerges Using BYOVD to Kill Security Tools
New Osiris ransomware leverages Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools. It targets enterprises with advanced evasion methods. Security experts warn of its potential for widespread disruption.
CISA Adds VMware vCenter Server Flaw to Known Exploited Vulnerabilities
U.S. CISA cataloged a critical Broadcom VMware vCenter Server vulnerability actively exploited in the wild. Organizations must patch immediately to prevent compromise. The flaw allows unauthorized access and control.
Fully Patched FortiGate Firewalls Compromised via SSO Bypass
Attackers are bypassing FortiCloud SSO on updated Fortinet FortiGate firewalls, adding users and stealing configs. Arctic Wolf detected a surge in automated attacks since January 15. Even latest patches fail to block exploits.
CISA Adds Cisco Unified Communications Zero-Day to KEV Catalog
Cisco fixed an actively exploited zero-day in Unified Communications products, now added to CISA's Known Exploited Vulnerabilities list as CVE-2026-20045. Immediate patching is required. Attacks confirmed in the wild.
Critical SmarterMail Vulnerability Under Active Attack
A SmarterMail flaw (WT-2026-0001) is exploited days after its January 15 patch, with no CVE assigned yet. Attackers target unpatched servers for remote code execution. Urgent updates advised.
Jordanian Access Broker Pleads Guilty to Hacking 50 Companies
Feras Khalil Ahmad Albashiti admitted selling unauthorized access to 50 corporate networks via online forums. He faces charges for fraud using cryptocurrency payments. Arrest followed undercover sting in 2023.
TP-Link Patches Critical VIGI Camera Flaw Allowing Remote Takeover
CVE-2026-0629 (CVSS 8.7) in over 32 TP-Link VIGI camera models enables local network attackers to hijack devices. Over 2,500 exposed cameras identified online. Patch released immediately.
72M Under Armour Records Surface in Data Breach Investigation
Investigation launched after 72 million Under Armour user records appeared online, potentially exposing personal data. Breach impacts customer privacy significantly. Details under active probe.
RansomHub Claims Breach of Apple Partner Luxshare
RansomHub ransomware affiliates allege stealing and encrypting data from Luxshare Precision, Apple's Chinese supplier. Sensitive files posted on leak site. Incident escalates supply chain risks.
ESET Links Sandworm to Cyberattack on Poland’s Power Grid
Russia-linked Sandworm used wiper malware in late 2025 attack on Poland's energy grid, aiming for outages. ESET analyzed the destructive payload. Highlights state-sponsored threats.
UK NCSC Warns of Russia-Linked Hacktivists DDoS Attacks
NCSC alerts on Russian hacktivists targeting UK organizations with DDoS disruptions. Increased activity noted recently. Defensive measures recommended.