🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
30 JanChromium: CVE-2026-1504 Inappropriate implementation in Background Fetch APIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
30 JanBreaking the Sound Barrier, Part II: Exploiting CVE-2024-54529In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-…PROJECTZERO.GOOGLE
⚠️ VULNERABILITY DISCLOSURE 5[−]
30 JanThe Rise of Actionable AI Agents: Navigating the Security LandscapeIn this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of MoltBot, an open-source AI agent tool that has taken the dev…CYBERSECURITYTODAY.LIBSYN.COM
30 JanMultiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile which could allow for remote code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. Success…CISECURITY.ORG
30 JanVishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data TheftIntroduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded…CLOUD.GOOGLE.COM
30 JanGuidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaSIntroduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' …CLOUD.GOOGLE.COM
30 JanCelebrating our 2025 open-source contributionsLast year, our engineers submitted over 375 pull requests that were merged into non–Trail of Bits repositories, touching more than 90 projects from cryptography libraries to the Rust compiler. This work reflects one of our driving values: “share what others can use.” …TRAILOFBITS.COM
🔥 INCIDENT REPORTING 1[−]
30 JanDynoWiper update: Technical analysis and attributionESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sectorWELIVESECURITY.COM
📡 INFOSEC NEWS 1[−]
30 JanThis month in security with Tony Anscombe – January 2026 editionThe trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the yearWELIVESECURITY.COM