3+ hour, 4+ min ago   (300+ words) Critical security updates addressing CVE-2026-20824, a protection mechanism failure in Windows Remote Assistance that permits attackers to circumvent the Mark of the Web (MOTW) defense system. The vulnerability was disclosed on January 13, 2026, and affects multiple Windows platforms spanning from Windows…...

3+ hour, 38+ min ago   (463+ words) Security researchers at Iru first identified this threat on January 6, 2026, when they found a suspicious Mach-O binary masquerading as a Windows executable file named Portfolio_Review.exe. The malware represents a growing concern for Mac users, especially those in professional industries who…...

4+ hour, 11+ min ago   (297+ words) The operation stands apart from typical financially motivated ransomware due to its explicit use of Hebrew language, Israeli symbols, and references to historical Jewish groups in its branding. Unlike established ransomware operations that maintain operational secrecy, Sicarii openly incorporates the…...

4+ hour, 47+ min ago   (594+ words) Turla, a sophisticated threat actor known for targeted cyber attacks, has deployed an upgraded version of its Kazuar v3 loader that introduces advanced evasion techniques designed to bypass modern security defenses. This latest iteration, discovered in January 2026, showcases a remarkable evolution…...

5+ hour, 42+ min ago   (221+ words) A critical authentication bypass vulnerability in Cal.com's scheduling platform enables attackers to hijack any user account by exploiting a flaw in the NextAuth JWT callback mechanism. Tracked as CVE-2026-23478, this vulnerability affects versions from 3.1.6 up to but not including…...

6+ hour, 2+ min ago   (233+ words) Mozilla released Firefox 147 on January 13, 2026, addressing 16 security vulnerabilities detailed in the Mozilla Foundation Security Advisory. The update patches critical issues across components such as graphics, JavaScript, and networking, addressing six high-impact flaws, including multiple sandbox escapes, that could enable arbitrary…...

6+ hour, 35+ min ago   (162+ words) A critical unauthenticated privilege escalation vulnerability in the Modular DS WordPress plugin allows attackers to gain instant admin access, with exploitation confirmed in the wild. Affecting over 40,000 sites, the flaw in versions up to 2.5.1 has prompted urgent patches and mitigations…...

13+ hour, 9+ min ago   (196+ words) The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts. Published on January 14, 2026, the issue affects multiple PAN-OS versions but spares Cloud NGFW…...

14+ hour, 10+ min ago   (182+ words) Microsoft released security updates on January 13, 2026, addressing a critical elevation of privilege vulnerability in SQL Server that enables authorized attackers to bypass authentication controls and gain elevated system privileges remotely. The flaw affects multiple SQL Server versions, including SQL Server…...

20+ hour, 39+ min ago   (546+ words) A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks targeting…...