🚨 CISA KEV 1[−]
27 Jan KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-24858 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability This type of vulnerability is a f…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
27 JanCVE-2026-20805 Desktop Window Manager Information Disclosure VulnerabilityUpdated the build numbers. This is an informational update only.MSRC.MICROSOFT.COM
27 JanDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patche…CLOUD.GOOGLE.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
27 JanA Vulnerability in Microsoft Office Could Allow for Security Feature BypassA vulnerability has been discovered in Microsoft Office which could allow for a security feature bypass. Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer. You can create and edit documents containing text and…CISECURITY.ORG
27 JanThe AI Fix #85: ChatGPT gets ads, pets get AI therapists, and everyone’s wrong about LLMsIn episode 85 of The AI Fix, Graham discovers that Silicon Valley has the solution to your pet's mental health crisis, and Mark explains why AI godfather Yann LeCun thinks the entire AI industry is wrong about LLMs. Also in this episode, OpenAI decides to ruin ChatGPT with ads; S…GRAHAMCLULEY.COM
📢 SECURITY ADVISORIES 1[−]
27 JanCelebrating Data Privacy Week with NIST’s Privacy Engineering ProgramGrab your party hats – it’s Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration …NIST.GOV
🔥 INCIDENT REPORTING 2[−]
27 JanWeekly Update 488Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugg…TROYHUNT.COM
27 JanSoundCloud - 29,815,722 breached accountsIn December 2025, SoundCloud announced it had discovered unauthorised activity on its platform . The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email a…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 1[−]
27 JanNew Android Theft Protection Feature Updates: Smarter, StrongerPosted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That’s why we're c…SECURITY.GOOGLEBLOG.COM
📡 INFOSEC NEWS 2[−]
27 JanDrowning in spam or scam emails? Here’s probably whyHas your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.WELIVESECURITY.COM
27 JanBuilding a serverless, post-quantum Matrix homeserverAs a proof of concept, we built a Matrix homeserver to Cloudflare Workers — delivering encrypted messaging at the edge with automatic post-quantum cryptography.CLOUDFLARE.COM