12Articles
6Categories
2026-01-14Date
🚨 CISA KEV 1[−]
14 Jan KEVHPE Open View Vulnerability Hits CISA Known Exploited ListCybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active si…CYBERSECURITYTODAY.LIBSYN.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
14 JanCVE-2026-20958 Microsoft SharePoint Information Disclosure VulnerabilityUpdated acknowledgment. This is an informational change only.MSRC.MICROSOFT.COM
14 JanA 0-click exploit chain for the Pixel 9 Part 1: Decoding DolbyOver the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded b…PROJECTZERO.GOOGLE
⚠️ VULNERABILITY DISCLOSURE 6[−]
14 JanMultiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Bridge is a creative asset manager that lets you preview, organize, edit, and publish multiple creative assets quickly and easily. Adobe Dream…CISECURITY.ORG
14 JanPatch Tuesday, January 2026 EditionMicrosoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the …KREBSONSECURITY.COM
14 JanA 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem.…PROJECTZERO.GOOGLE
14 JanA 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big WaveWith the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended …PROJECTZERO.GOOGLE
14 JanCommunity-powered security with AI: an open source framework for security researchAnnouncing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI. The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog .GITHUB.BLOG
14 JanRisky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!)Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including: Santa brings hackers MongoDB memory leaks for Christmas Vercel pays out a million bucks to improve its React2Shell WAF defences 39C3 delivers; the pink Power Rang…RISKY.BIZ
📢 SECURITY ADVISORIES 1[−]
🌐 CYBER THREAT LANDSCAPE 1[−]
14 JanLABScon25 Replay | Hacktivism and War: A Clarifying DiscussionJim Walter unpacks the hacktivist landscape and reveals how to distinguish different levels of threat based on persona characteristics.SENTINELONE.COM
📡 INFOSEC NEWS 1[−]
14 JanIs it time for internet services to adopt identity verification?Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.WELIVESECURITY.COM