Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-14 07:00 PST
- Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
The Hacker News • 2026-01-14 06:18 • thehackernews.com
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.
“Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (
https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html - Reprompt attack let hackers hijack Microsoft Copilot sessions
BleepingComputer • 2026-01-14 06:00 • www.bleepingcomputer.com
Researchers identified an attack method dubbed “Reprompt” that could allow attackers to infiltrate a user’s Microsoft Copilot session and issue commands to exfiltrate sensitive data. […]
https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/ - Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
BleepingComputer • 2026-01-14 04:01 • www.bleepingcomputer.com
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. […]
https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/ - Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
The Hacker News • 2026-01-14 03:53 • thehackernews.com
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.
The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.
“An improper neutralization of special elements used in an OS command (‘OS command
https://thehackernews.com/2026/01/fortinet-fixes-critical-fortisiem-flaw.html - Victorian Department of Education says hackers stole students’ data
BleepingComputer • 2026-01-14 03:44 • www.bleepingcomputer.com
The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing the personal information of current and former students. […]
https://www.bleepingcomputer.com/news/security/victorian-department-of-education-notifies-parents-of-data-breach/ - New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
The Hacker News • 2026-01-14 03:00 • thehackernews.com
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.
Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).Download the
https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html - Microsoft: Windows 365 update blocks access to Cloud PC sessions
BleepingComputer • 2026-01-14 01:55 • www.bleepingcomputer.com
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/ - Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
The Hacker News • 2026-01-14 01:38 • thehackernews.com
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.
Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by 22 information disclosure, 21 remote code
https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
