Sysdig researchers detail how attackers used an exposed AWS credential and AI tools to access full admin control in about eight minutes – and warn about cloud misconfigurations.
Read MoreThe Kimwolf botnet has taken over more than 2 million mostly unofficial Android TV devices by abusing residential proxy networks.
Read MoreWhisperPair vulnerabilities in Google’s Fast Pair protocol let attackers silently hijack some Bluetooth audio devices – listening through microphones, controling audio, and in certain cases tracking a user’s location via Find Hub. Fixes are dependent on vendor firmware updates.
Read MoreA January 2026 Windows 11 update (KB5073455) is causing some Secure Launch enabled Enterprise and IoT devices to restart instead of shutting down or hibernating. A similar update causes Outlook to freeze as well.
Read MoreTrend Micro has patched a critical RCE vulnerability in Apex Central – plus two Denial-of-Service bugs. Update to Build 7190 as soon as possible.
Read MoreUbisoft shut down Rainbow Six Siege after attackers abused internal systems to grant billions of in game credits and rare skins, then later restored services with a rollback. Claims of a much larger Ubisoft data breach remain unverified.
Read MoreHashJack is a new indirect prompt injection technique that hides malicious instructions in URL fragments, so AI browser assistants – not the website – execute the attacker’s commands.
Read MoreAn unpatched Gogs zero-day (CVE-2025-8110) that bypasses a previous fix is being used to compromise more than 700 internet-exposed servers.
Read MoreA 10.0 CVSS flaw in React and Next.js which allows remote code execution is actively exploited. Update as soon as possible.
Read MoreRecent Windows 11 updates hide the password icon on the lock screen, but Microsoft says users can still log in by clicking the invisible button where the icon should be.
Read More