Alerts
A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers at FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origin servers even when WAF rules explicitly blocked all
Alerts
A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options
Alerts
Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-
Alerts
ConnectWise has released a security update for its Professional Services Automation (PSA) platform, addressing two vulnerabilities that could allow stored script execution and session cookie theft. The company recommends upgrading to version 2026.1 as soon as possible. Vulnerabilities CVE IDTypeCVSS ScoreImpactCVE-2026-0695Cross-Site Scripting (XSS)8.7 (High)
Threats
A 40-year-old Jordanian man has pleaded guilty in U.S. federal court to operating as an "access broker," selling unauthorized network access to at least 50 victim companies. Feras Khalil Ahmad Albashiti, who operated under the alias "r1z," entered his plea before U.S.
Threats
Ukrainian and German law enforcement have identified members of a Russian-affiliated ransomware group responsible for hundreds of millions of euros in damages, with searches conducted in Ukraine and the alleged organizer placed on INTERPOL's international wanted list. The Operation Cyber police officers from Ukraine's National
Breaches
The Canadian Investment Regulatory Organization (CIRO) has confirmed that approximately 750,000 investors were impacted by a data breach following a phishing attack detected in August 2025. CIRO, which oversees all investment and mutual fund dealers in Canada alongside trading activity on the country's debt and equity markets,
Alerts
Security researchers at Trail of Bits have discovered a critical vulnerability in Electron-based applications that allows attackers to inject persistent backdoors into Signal, 1Password, Slack, and Chrome by tampering with V8 heap snapshot files. Tracked as CVE-2025-55305, the flaw bypasses code integrity checks in nearly all applications
Threats
Dutch authorities have arrested a 33-year-old man believed to be behind AVCheck, one of the world's largest counter-antivirus services used by cybercriminals to test malware against security products. The suspect was detained at Amsterdam's Schiphol Airport on Sunday evening after being under international
Breaches
Security researchers at Sansec have discovered an active keylogger on the employee store of one of America's largest banks, potentially exposing credentials and payment data for over 200,000 staff members. The attack was detected on January 14, 2026, and remained active until January 15 when the malware
Alerts
Cisco has confirmed active exploitation of a critical zero-day vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw carries a maximum CVSS score of 10.0 and allows unauthenticated attackers to execute arbitrary commands with root privileges via
Alerts
Critical AWS CodeBuild Flaw Exposed AWS Console to Supply Chain Attack A critical misconfiguration in AWS CodeBuild could have allowed attackers to compromise key AWS-owned GitHub repositories, including the JavaScript SDK that powers the AWS Console itself. Security researchers at Wiz Research discovered the vulnerability, dubbed "CodeBreach,"