Security News

Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th)

IDNs or “International Domain Names” have been with us for a while now (see RFC3490[1]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference between:

ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th)

ChatGPT Health Raises Big Security, Safety Concerns

ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.

"How many states are there in the United States?", (Sun, Jan 18th)

I&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;ve seen many API requests for different LLMs in the honeypot logs.

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists, authorities

Wireshark 4.6.3 Released, (Sat, Jan 17th)

Wireshark release 4.6.3 fixes 4 vulnerabilities and 9 bugs.

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally. "You need to know that your data and conversations are protected and never sold to advertisers," OpenAI said. "And we need to keep a high bar and give

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools

CISOs Rise to Prominence: Security Leaders Join the Executive Suite

Security professionals are moving up the executive ranks as enterprises face rising regulatory and compliance standards.

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account

AI System Reduces Attack Reconstruction Time From Weeks to Hours

Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense.

Your Digital Footprint Can Lead Right to Your Front Door

You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")

China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusions

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

ISC Stormcast For Friday, January 16th, 2026 https://isc.sans.edu/podcastdetail/9770, (Fri, Jan 16th)

Predator Spyware Sample Indicates 'Vendor-Controlled' C2

Researchers detailed how Intellexa, Predator's owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks.

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on

Winter Olympics Could Share Podium With Cyberattackers

The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.