Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-08 07:00 PST
- ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The Hacker News • 2026-01-08 04:49 • thehackernews.com
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.Honeypot Traps Hackers
Hackers Fall for
https://thehackernews.com/2026/01/threatsday-bulletin-rustfs-flaw-iranian.html - Microsoft Exchange Online outage blocks access to mailboxes via IMAP4
BleepingComputer • 2026-01-08 04:45 • www.bleepingcomputer.com
Microsoft is working to fix an Exchange Online service outage that intermittently prevents users from accessing their mailboxes via the Internet Mailbox Access Protocol 4 (IMAP4). […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-blocks-access-to-mailboxes-via-imap4/ - Microsoft to enforce MFA for Microsoft 365 admin center sign-ins
BleepingComputer • 2026-01-08 04:10 • www.bleepingcomputer.com
Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enforce-mfa-for-microsoft-365-admin-center-sign-ins/ - AI & Humans: Making the Relationship Work
Schneier on Security • 2026-01-08 04:05 • www.schneier.comLeaders of many organizations are urging their teams to adopt agentic AI to improve efficiency, but are finding it hard to achieve any benefit. Managers attempting to add AI agents to existing human teams may find that bots fail to faithfully follow their instructions, return pointless or obvious results or burn precious time and resources spinning on tasks that older, simpler systems could have accomplished just as well.
The technical innovators getting the most out of AI are finding that the technology can be remarkably human in its behavior. And the more groups of AI agents are…
https://www.schneier.com/blog/archives/2026/01/ai-humans-making-the-relationship-work.html - The State of Trusted Open Source
The Hacker News • 2026-01-08 03:50 • thehackernews.com
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see
https://thehackernews.com/2026/01/the-state-of-trusted-open-source.html - Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
The Hacker News • 2026-01-08 02:44 • thehackernews.com
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to
https://thehackernews.com/2026/01/cisco-patches-ise-security.html - Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
The Hacker News • 2026-01-08 02:31 • thehackernews.com
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (193 Downloads)
bip40 (970 Downloads)“The
https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html - Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
The Hacker News • 2026-01-08 01:53 • thehackernews.com
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows –CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated
https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html - Cisco warns of Identity Service Engine flaw with exploit code
BleepingComputer • 2026-01-08 01:13 • www.bleepingcomputer.com
Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. […]
https://www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
