Security News

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks

When cybersecurity leadership turns over too fast, risk does not reset. It compounds.

'Most Severe AI Vulnerability to Date' Hits ServiceNow

The ITSM giant tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

January 2026 Microsoft Patch Tuesday Summary, (Tue, Jan 13th)

Today, Microsoft released patches for 113 vulnerabilities. One of these vulnerabilities affected the Edge browser and was patched upstream by Chromium.

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target's own utilities.

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

ISC Stormcast For Tuesday, January 13th, 2026 https://isc.sans.edu/podcastdetail/9764, (Tue, Jan 13th)

BreachForums Breached, Exposing 324K Cybercriminals

A massive data dump reveals real identities and details of administrators and members of the notorious hacker forum.

Multipurpose GoBruteforcer Botnet Targets 50K+ Linux Servers

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

ISC Stormcast For Monday, January 12th, 2026 https://isc.sans.edu/podcastdetail/9762, (Mon, Jan 12th)

YARA-X 1.11.0 Release: Hash Function Warnings, (Sun, Jan 11th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.11.0 release brings a new feature: hash function warnings.

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three others in Madrid, two in Málaga, and one in Barcelona

Deepfake Fraud Tools Are Lagging Behind Expectations

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware

Illicit Crypto Economy Surges as Nation-States Join in the Fray

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump.

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate Windows DNS Server