12Articles
6Categories
2026-01-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
28 Jan KEVFortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [ Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel ] allows malicious actors with a FortiCloud account and a registered device to log in to separate …CISA.GOV
28 JanCVE-2026-21509 Microsoft Office Security Feature Bypass VulnerabilityAcknowledgement added. This is an informational change only.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
28 JanMultiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in SolarWinds Web Help Desk, the most severe of which could allow for arbitrary code execution. SolarWinds Web Help Desk (WHD) is a web-based software that provides IT help desk and asset management functionality, allowing IT teams to…CISECURITY.ORG
28 JanNo Place Like Home Network: Disrupting the World's Largest Residential Proxy NetworkIntroduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array …CLOUD.GOOGLE.COM
📢 SECURITY ADVISORIES 2[−]
28 JanRisky Business #822 -- France will ditch American tech over security risksIn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China’s Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polis…RISKY.BIZ
🔥 INCIDENT REPORTING 1[−]
28 JanWhat's App Privacy LawsuitCybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against WhatsApp for allegedly misleading users about message privacy, …CYBERSECURITYTODAY.LIBSYN.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
28 JanLove? Actually: Fake dating app used as lure in targeted spyware campaign in PakistanESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operationWELIVESECURITY.COM
📡 INFOSEC NEWS 4[−]
28 JanWeekly Threat Bulletin – January 28th, 2026These are the top threats you should know about this week.F5.COM
28 JanFour arrested in crackdown on Discord-based SWATting and doxingHow badly do you want to win an online argument? I certainly hope it's not enough to put the life of the other person at risk. Police in Hungary and Romania have arrested four young men suspected of making hoax bomb threats and terrorising internet users through SWATting and doxi…BITDEFENDER.COM
28 JanBeware! Fake ChatGPT browser extensions are stealing your login credentialsIf you've installed a browser extension to enhance your ChatGPT experience, you might want to think again. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 JanAgentic AI: the Confused Deputy problemAgentic AI gives LLMs the power to act: query databases, call APIs or access files. But when your tools blindly trust the LLM, you've created a confused deputy. Here's a practical and comprehensive approach to understanding and identifying this critical authorization flaw.QUARKSLAB.COM