matlock.ca // THREAT INTELLIGENCE

119Articles

7Categories

2026-01-08Date

🐛

Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files

CSOONLINE.COM — 08 Jan 2026

🐛

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

KEVTHEHACKERNEWS.COM — 08 Jan 2026

🐛

CVE-2025-38480 comedi: Fix use of uninitialized data in insn_rw_emulate_bits()

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38483 comedi: das16m1: Fix bit shift out of bounds

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38495 HID: core: ensure the allocated report buffer can contain the reserved report ID

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38487 soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38485 iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38482 comedi: das6402: Fix bit shift out of bounds

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38497 usb: gadget: configfs: Fix OOB read on empty string write

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38491 mptcp: make fallback action and fallback decision atomic

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38488 smb: client: fix use-after-free in crypt_message when using async crypto

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-68766 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-68303 platform/x86: intel: punit_ipc: fix memory corruption

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-68301 net: atlantic: fix fragment overflow handling in RX path

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-68311 tty: serial: ip22zilog: Use platform device for probing

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38644 wifi: mac80211: reject TDLS operations when station is not associated

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38630 fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38639 netfilter: xt_nfacct: don't assume acct name is null-terminated

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38499 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38635 clk: davinci: Add NULL check in davinci_lpsc_clk_register()

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38624 PCI: pnv_php: Clean up allocated IRQs on unplug

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38634 power: supply: cpcap-charger: Fix null check for power_supply_get_by_name

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-38502 bpf: Fix oob access in cgroup local storage

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

THEHACKERNEWS.COM — 08 Jan 2026

🐛

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

THEHACKERNEWS.COM — 08 Jan 2026

🐛

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

CSOONLINE.COM — 08 Jan 2026

🐛

Critical Vulnerability Exposes n8n Instances to Takeover Attacks

SECURITYWEEK.COM — 08 Jan 2026

🐛

Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs

INFOSEC.PUB — 8 Jan 2026

🐛

Cisco ISE Vulnerability Enables Access to Sensitive Data

GBHACKERS.COM — 08 Jan 2026

🐛

Cisco Snort 3 Vulnerability Leading to Sensitive Data Disclosure

GBHACKERS.COM — 08 Jan 2026

🐛

React2Shell Vulnerability Hit by 8.1 Million Attack Attempts

GBHACKERS.COM — 08 Jan 2026

🐛

CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching

MSRC.MICROSOFT.COM — 08 Jan 2026

🐛

CVE-2025-1220 Null byte termination in hostnames

MSRC.MICROSOFT.COM — 08 Jan 2026

⚠️

Analysis using Gephi with DShield Sensor Data, (Wed, Jan 7th)

ISC.SANS.EDU — 08 Jan 2026

⚠️

Die wichtigsten CISO-Trends für 2026

CSOONLINE.COM — 08 Jan 2026

⚠️

Top cyber threats to your AI systems and infrastructure

CSOONLINE.COM — 08 Jan 2026

⚠️

CISA tags max severity HPE OneView flaw as actively exploited

KEVBLEEPINGCOMPUTER.COM — 08 Jan 2026

⚠️

Three Malicious NPM Packages Target Developers’ Login Credentials

GBHACKERS.COM — 08 Jan 2026

⚠️

Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering

GBHACKERS.COM — 08 Jan 2026

⚠️

ownCloud Warns Users to Enable MFA After Credential Theft Incident

GBHACKERS.COM — 08 Jan 2026

⚠️

Global GoBruteforcer Botnet Campaign Threatens 50,000 Linux Servers

GBHACKERS.COM — 08 Jan 2026

⚠️

Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset

GBHACKERS.COM — 08 Jan 2026

⚠️

Cisco warns of Identity Service Engine flaw with exploit code

BLEEPINGCOMPUTER.COM — 08 Jan 2026

⚠️

Critical HPE OneView Vulnerability Exploited in Attacks

SECURITYWEEK.COM — 08 Jan 2026

⚠️

NIS2-Umsetzung: Neues BSI-Portal geht an den Start

CSOONLINE.COM — 08 Jan 2026

⚠️

The State of Trusted Open Source

THEHACKERNEWS.COM — 08 Jan 2026

⚠️

AI & Humans: Making the Relationship Work

SCHNEIER.COM — 2026-01-08

⚠️

Microsoft to enforce MFA for Microsoft 365 admin center sign-ins

BLEEPINGCOMPUTER.COM — 08 Jan 2026

⚠️

Microsoft warns of a surge in phishing attacks exploiting email routing gaps | CSO Online

SH.ITJUST.WORKS — 8 Jan 2026

⚠️

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

THEHACKERNEWS.COM — 08 Jan 2026

⚠️

Critical Vulnerability Patched in jsPDF

SECURITYWEEK.COM — 08 Jan 2026

⚠️

Rethinking Security for Agentic AI

SECURITYWEEK.COM — 08 Jan 2026

⚠️

Phishing-Angreifer setzen vermehrt auf E-Mail-Routing-Lücken

CSOONLINE.COM — 08 Jan 2026

⚠️

Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

CSOONLINE.COM — 08 Jan 2026

⚠️

Phishing Campaign Targets WhatsApp Accounts

KNOWBE4.COM — 08 Jan 2026

⚠️

Cisco warns of Identity Service Engine flaw with exploit code

SH.ITJUST.WORKS — 8 Jan 2026

⚠️

Report: China Breached Email Systems Used by U.S. Congressional Staff

GBHACKERS.COM — 08 Jan 2026

⚠️

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

THEHACKERNEWS.COM — 08 Jan 2026

⚠️

Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns - Check Point Research

SH.ITJUST.WORKS — 8 Jan 2026

⚠️

The 2 faces of AI: How emerging models empower and endanger cybersecurity

CSOONLINE.COM — 08 Jan 2026

⚠️

VMware ESXi zero-days likely exploited a year before disclosure

BLEEPINGCOMPUTER.COM — 08 Jan 2026

⚠️

New China-linked hackers breach telcos using edge device exploits

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📢

GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution

GBHACKERS.COM — 08 Jan 2026

📢

Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking

SECURITYWEEK.COM — 08 Jan 2026

📢

GitLab security advisory (AV26-009)

CYBER.GC.CA — 2026-01-08

📢

Tenable security advisory (AV26-010)

CYBER.GC.CA — 2026-01-08

📢

[Control systems] ABB security advisory (AV26-011)

CYBER.GC.CA — 2026-01-08

📢

Trend Micro security advisory (AV26-012)

CYBER.GC.CA — 2026-01-08

📢

No FlipperZeros Allowed - PSW #908

YOUTUBE.COM — 2026-01-08

📢

CISA retires 10 emergency cyber orders in rare bulk closure

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📢

CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity

CISA.GOV — Thu, 08 Jan 26 1

🔥

Smashing Security podcast #449: How to scam someone in seven days

GRAHAMCLULEY.COM — 08 Jan 2026

🔥

China hacked email systems of US congressional committee staff

INFOSEC.PUB — 8 Jan 2026

🔥

Researchers Poison Stolen Data to Sabotage AI Model Accuracy

GBHACKERS.COM — 08 Jan 2026

🔥

Dozens of Global Companies Hacked via Cloud Credentials from Infostealer Infections & More at Risk

INFOSEC.PUB — 8 Jan 2026

🔥

Spanish airline Iberia attributes recent data breach claims to November incident | The Record from Recorded Future News

SH.ITJUST.WORKS — 8 Jan 2026

🔥

European Space Agency initiates criminal probe into breach • The Register

SH.ITJUST.WORKS — 8 Jan 2026

🔥

UK Government Launches Cyber Action Plan to Bolster Public Sector Security

GBHACKERS.COM — 08 Jan 2026

🔥

Credential stuffing: What it is and how to protect yourself

WELIVESECURITY.COM — 08 Jan 2026

🕵️

ISC Stormcast For Thursday, January 8th, 2026 https://isc.sans.edu/podcastdetail/9758, (Thu, Jan 8th)

ISC.SANS.EDU — 08 Jan 2026

🕵️

BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials

GBHACKERS.COM — 08 Jan 2026

🕵️

The AI Security Shakedown

PROGRAMMING.DEV — 8 Jan 2026

🕵️

Prisma AIRS Secures the Power of Factory’s Software Development Agents

PALOALTONETWORKS.COM — 08 Jan 2026

🕵️

Gen AI data violations more than double - Help Net Security

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

Defending Against Modern Email Threats With Layered, AI-Driven Security

KNOWBE4.COM — 08 Jan 2026

🕵️

Cyera Raises $400 Million at $9 Billion Valuation

SECURITYWEEK.COM — 08 Jan 2026

🕵️

Blackbird.AI Raises $28 Million for Narrative Intelligence Platform

SECURITYWEEK.COM — 08 Jan 2026

🕵️

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

THEHACKERNEWS.COM — 08 Jan 2026

🕵️

Clang Hardening Cheat Sheet - Ten Years Later

QUARKSLAB.COM — 2026-01-08

🕵️

CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash

SECURITYWEEK.COM — 08 Jan 2026

🕵️

Automated data poisoning proposed as a solution for AI theft threat

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

UK Government Unveils New Cyber Action Plan

SECURITYWEEK.COM — 08 Jan 2026

🕵️

Researches Detailed AuraStealer Obfuscation, Anti-Analysis and Data Theft Capabilities

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys

GBHACKERS.COM — 08 Jan 2026

🕵️

New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices

GBHACKERS.COM — 08 Jan 2026

🕵️

Trump Signals Possible Cyber Involvement in Caracas Power Loss During Maduro Extraction

GBHACKERS.COM — 08 Jan 2026

🕵️

ChatGPT Health: A New Secure Space for Trusted Health and Medical Conversations

GBHACKERS.COM — 08 Jan 2026

🕵️

How Attackers Hide Processes by Abusing Kernel Patch Protection

GBHACKERS.COM — 08 Jan 2026

🕵️

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

Malicious NPM Packages Deliver NodeCordRAT

SH.ITJUST.WORKS — 8 Jan 2026

🕵️

Happy 23rd Birthday TaoSecurity Blog

TAOSECURITY.BLOGSPOT.COM — 2026-01-08

🕵️

FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs

BLEEPINGCOMPUTER.COM — 08 Jan 2026

🕵️

Caught by Keystroke Lag

YOUTUBE.COM — 2026-01-08

🌐

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

THEHACKERNEWS.COM — 08 Jan 2026

🌐

Six for 2026: The cyber threats you can’t ignore

BLEEPINGCOMPUTER.COM — 08 Jan 2026

🌐

Critics pan spyware maker NSO’s transparency claims amid its push to enter US market

TECHCRUNCH.COM — 08 Jan 2026

🌐

Who Benefited from the Aisuru and Kimwolf Botnets?

KREBSONSECURITY.COM — 08 Jan 2026

📡

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

THEHACKERNEWS.COM — 08 Jan 2026

📡

Microsoft Exchange Online outage blocks access to mailboxes via IMAP4

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📡

Texas court blocks Samsung from collecting smart TV viewing data

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📡

Illinois health department exposed over 700,000 residents’ personal data for years

TECHCRUNCH.COM — 08 Jan 2026

📡

Internet collapses in Iran amid protests over economic crisis

TECHCRUNCH.COM — 08 Jan 2026

📡

Cisco switches hit by reboot loops due to DNS client bug

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📡

Texas court blocks Samsung from tracking TV viewing, then vacates order

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📡

xAI teases major Grok upgrade, hints at Grok Code CLI

BLEEPINGCOMPUTER.COM — 08 Jan 2026

📡

Gmail's new AI Inbox uses Gemini, but Google says it won’t train AI on user emails

BLEEPINGCOMPUTER.COM — 08 Jan 2026