Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-15 12:00 PST
- Microsoft Copilot Studio extension for VS Code now publicly available
BleepingComputer • 2026-01-15 11:08 • www.bleepingcomputer.com
Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-studio-extension-for-vs-code-now-publicly-available/ - WEF: AI overtakes ransomware as fastest-growing cyber risk
Graham Cluley • 2026-01-15 09:05 • www.fortra.com
We can no longer say that artificial intelligence is a “future risk”, lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today.That’s not just my opinion, that’s also the message that comes loud and clear from the World Economic Forum’s newly-published “Global Cybersecurity Outlook 2026.”
Read more in my article on the Fortra blog.
https://www.fortra.com/blog/wef-ai-overtakes-ransomware-fastest-growing-cyber-risk - Critical flaw lets hackers track, eavesdrop via Bluetooth audio devices
BleepingComputer • 2026-01-15 08:13 • www.bleepingcomputer.com
A critical vulnerability in Google’s Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations. […]
https://www.bleepingcomputer.com/news/security/critical-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices/ - Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
The Hacker News • 2026-01-15 07:31 • thehackernews.com
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.
The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin
https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html - Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
The Hacker News • 2026-01-15 07:09 • thehackernews.com
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely.
“Only a single click on a legitimate Microsoft link is required to compromise victims,” Varonis security
https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html - How to automate just-in-time access to applications with Tines
BleepingComputer • 2026-01-15 07:01 • www.bleepingcomputer.com
Managing just-in-time access at scale is a growing IAM challenge as speed and auditability collide daily. Tines shows how automated workflows can grant, track, and revoke temporary app access without manual effort. […]
https://www.bleepingcomputer.com/news/security/how-to-automate-just-in-time-access-to-applications-with-tines/ - Smashing Security podcast #450: From Instagram panic to Grok gone wild
Graham Cluley • 2026-01-15 06:22 • grahamcluley.com
Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale – sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for.And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children – raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.
All this, and much more, in episode 450 of the “Smashing Security” podcast with Graham Cluley, and special guest Monica Verma.
https://grahamcluley.com/smashing-security-podcast-450/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
