Latest Internet & Cybersecurity News
Microsoft Patches Actively Exploited Windows DWM Vulnerability CVE-2026-20805
Microsoft confirmed active exploitation of CVE-2026-20805 in Windows Desktop Window Manager, allowing locally authenticated attackers to access sensitive memory via internal communications. Organizations are urged to patch immediately. This was part of January's Patch Tuesday addressing 114 flaws.
HPE OneView RCE Flaw CVE-2025-37164 Exploited in the Wild
CISA confirmed active exploitation of CVE-2025-37164, an unauthenticated RCE in HPE OneView infrastructure management via unsecured REST API. Exploitation surged after public details and Metasploit module release. Patch and secure endpoints urgently.
UK NCSC Warns of Russian-Aligned Hacktivist DDoS Attacks
NCSC issued warnings on disruption-focused DoS attacks by Russian-aligned groups targeting UK online services, local government, and critical infrastructure. Even simple attacks cause major disruptions; enhance resilience and defenses.
CISA Adds Multiple Vulnerabilities to Known Exploited List
CISA updated its KEV catalog with newly exploited flaws, confirming real-world attacker value beyond CVSS scores. Prioritize patching these for production environments. KEV provides key prioritization signals.
January 2026 Insider Threat Incidents Surge with Major Cases
Report details disgruntled employees causing breaches: US Treasury cancels Booz Allen contracts over tax data leak; TD Bank employee aids $26M laundering; Google engineer steals AI secrets for China. Financial motives drive costly damages across sectors.
KONNI North Korean Group Uses AI PowerShell Malware on Blockchain Devs
Check Point revealed KONNI phishing via Discord targeting blockchain devs with ZIP-laced LNK and decoy PDF downloading AI-generated PowerShell malware. Focuses on crypto engineering teams.
SLSH Alliance Exploits Okta SSO in Attacks on 100+ Companies
Silent Push warns of SLSH (Scattered Spider, LAPSUS$, ShinyHunters) campaign hitting Okta SSO at firms like Atlassian, Moderna, Blackstone. Targets tech, healthcare, finance, and energy sectors.
Mustang Panda Updates CoolClient Backdoor with Credential Theft
Kaspersky reports Mustang Panda enhanced CoolClient for browser creds, clipboard monitoring, and more via plugins. Persists via registry, services, tasks, and DLL sideloading.
Nike Investigates Ransomware Claim of 1.4TB Data Theft
Nike probes alleged cyber incident after ransomware gang claims 1.4TB data steal; tops January breaches list. Also includes Global Shop Solutions and SNP Transformations incidents.
FBI Seizes RAMP Cybercrime Forum Hosting Ransomware Services
FBI took down RAMP forum on Tor and clearnet, displaying seizure notice; hosted ransomware ads, malware, hacking. Disrupts centralized threat actor coordination after 5 years.
175,000 Unsecured AI Systems Exposed Globally
SentinelLABS/Censys found 175,000 open-source AI systems in 130 countries lacking authentication, ripe for spam/phishing abuse. Some have safety guardrails removed; attackers exploit free.
ServiceNow Patches Critical AI Vulnerability CVE-2025-12420
ServiceNow fixed severe AI-driven flaw allowing unauthenticated admin impersonation on its platform. Most critical AI security vuln to date; patch immediately.