10+ hour ago   (365+ words) Project Zero, has disclosed a sophisticated zero-click exploit chain targeting the Pixel 9 smartphone, demonstrating that highly advanced attacks remain viable even against modern Android security defenses. The research, published in January 2026, showcases how threat actors could compromise devices through audio…...

11+ hour, 53+ min ago   (486+ words) UAT-8837 Hackers Target Organizations Using Open-Source Tools to Steal Sensitive Data'Cyber Press UAT-8837 Hackers Target Organizations Using Open-Source Tools to Steal Sensitive Data Active since at least 2025, the threat actor demonstrates sophisticated tradecraft and likely possesses zero-day exploitation capabilities. Exploitation…...

13+ hour, 58+ min ago   (410+ words) Researcher has uncovered CodeBreach, a critical vulnerability that threatens the AWS Console supply chain by enabling the complete takeover of key AWS GitHub repositories. The flaw allowed attackers to compromise the AWS JavaScript SDK, a foundational library powering the AWS…...

1+ day, 8+ hour ago   (218+ words) Cybersecurity researchers have identified a troubling trend in which sophisticated threat actors are leveraging legitimate cloud and content delivery network (CDN) infrastructure from major technology providers, including Microsoft Azure, Google Cloud, and AWS CloudFront, to host phishing kits while evading…...

1+ day, 9+ hour ago   (300+ words) Microsoft has disclosed a new security vulnerability in Windows Remote Assistance that could allow local attackers to bypass critical security features on affected systems. The vulnerability, tracked as CVE-2026-20824, was publicly disclosed on January 13, 2026, and has been assigned an "Important…...

1+ day, 10+ hour ago   (229+ words) A newly disclosed flaw in Cal.com, the popular open-source scheduling platform, could have allowed attackers to hijack any user account simply by knowing the victim's email address, bypassing all authentication and even multi-factor protections. Subsequent requests authenticated with this…...

1+ day, 12+ hour ago   (355+ words) The vulnerability carries a CVSS v4.0 base score of 7.7, classified as HIGH severity, with an elevated base score of 8.7 when environmental factors are considered. Disclosed on January 14, 2026, the security issue stems from improper validation of unusual or exceptional conditions within the…...

1+ day, 12+ hour ago   (372+ words) Threat actors linked to Chinese hosting infrastructure have established a large network of more than 18,000 active command-and-control servers across 48 hosting providers in recent months. This widespread abuse highlights a serious issue: malicious infrastructure can hide within trusted networks and cloud…...

2+ day, 6+ hour ago   (401+ words) Microsoft has disclosed a critical elevation-of-privilege vulnerability in SQL Server that allows attackers with high privileges to escalate their access over a network without requiring user interaction. The vulnerability, tracked as CVE-2026-20803, was released on January 13, 2026, and stems from missing…...

2+ day, 8+ hour ago   (333+ words) The tool focuses on finding exposed data paths that could allow unauthorized users to access sensitive records, such as financial, identity, or health information, from an external perspective. Salesforce Aura is the framework behind Salesforce's Lightning Experience UI and Experience…...