Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-14 12:00 PST
- France fines Free Mobile €42 million over 2024 data breach incident
BleepingComputer • 2026-01-14 11:50 • www.bleepingcomputer.com
The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. […]
https://www.bleepingcomputer.com/news/security/france-fines-free-mobile-42-million-over-2024-data-breach-incident/ - Hacking Wheelchairs over Bluetooth
Schneier on Security • 2026-01-14 11:22 • www.schneier.comResearchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory.
CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth connections, allowing an attacker who is in Bluetooth range of the targeted device to pair with it. The attacker could then control the wheelchair’s movements, override speed restrictio…
https://www.schneier.com/blog/archives/2026/01/hacking-wheelchairs-over-bluetooth.html - Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Hacker News • 2026-01-14 11:03 • thehackernews.com
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025.
AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)
https://thehackernews.com/2026/01/kimwolf-botnet-infected-over-2-million.html - Exploit code public for critical FortiSIEM command injection flaw
BleepingComputer • 2026-01-14 10:51 • www.bleepingcomputer.com
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet’s Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. […]
https://www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/ - Verizon Wireless outage puts phones in SOS mode without cell service
BleepingComputer • 2026-01-14 10:27 • www.bleepingcomputer.com
Verizon Wireless is suffering a massive outage in the US, with customers reporting their phones stuck in SOS mode with no cellular service. […]
https://www.bleepingcomputer.com/news/mobile/verizon-wireless-outage-puts-phones-in-sos-mode-without-cell-service/ - Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain, (Wed, Jan 14th)
SANS ISC Diary (full) • 2026-01-14 10:17 • isc.sans.eduIntroduction
- Upcoming Speaking Engagements
Schneier on Security • 2026-01-14 09:00 • www.schneier.comThis is a current list of where and when I am scheduled to speak:
- I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January 27, 2026, at 1:30 PM ET.
- I’m speaking at the Université de Montréal in Montreal, Quebec, Canada on January 29, 2026, at 4:00 PM ET.
- I’m speaking and signing books at the https://www.schneier.com/blog/archives/2026/01/upcoming-speaking-engagements-52.html
- Microsoft updates Windows DLL that triggered security alerts
BleepingComputer • 2026-01-14 08:44 • www.bleepingcomputer.com
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dll-that-triggered-security-alerts/ - AI Agents Are Becoming Privilege Escalation Paths
The Hacker News • 2026-01-14 07:07 • thehackernews.com
AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants, chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example:
https://thehackernews.com/2026/01/ai-agents-are-becoming-privilege.html - ConsentFix debrief: Insights from the new OAuth phishing attack
BleepingComputer • 2026-01-14 07:01 • www.bleepingcomputer.com
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. […]
https://www.bleepingcomputer.com/news/security/consentfix-debrief-insights-from-the-new-oauth-phishing-attack/ - Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
The Hacker News • 2026-01-14 06:18 • thehackernews.com
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.
“Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (
https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
