Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-15 07:00 PST
- Smashing Security podcast #450: From Instagram panic to Grok gone wild
Graham Cluley • 2026-01-15 06:22 • grahamcluley.com
Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale – sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for.And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children – raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.
All this, and much more, in episode 450 of the “Smashing Security” podcast with Graham Cluley, and special guest Monica Verma.
https://grahamcluley.com/smashing-security-podcast-450/ - ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The Hacker News • 2026-01-15 05:56 • thehackernews.com
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.Unauthenticated RCE risk
Security Flaw in Redis
https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html - New Vulnerability in n8n
Schneier on Security • 2026-01-15 04:05 • www.schneier.comThis isn’t good:
We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability.
…
https://www.schneier.com/blog/archives/2026/01/new-vulnerability-in-n8n.html - Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
The Hacker News • 2026-01-15 03:55 • thehackernews.com
As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models.
Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers
https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html - 4 Outdated Habits Destroying Your SOC's MTTR in 2026
The Hacker News • 2026-01-15 03:00 • thehackernews.com
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response.
Below are four limiting habits that may be preventing your SOC from evolving at
https://thehackernews.com/2026/01/4-outdated-habits-destroying-your-socs.html - Battling Cryptojacking, Botnets, and IABs [Guest Diary], (Thu, Jan 15th)
SANS ISC Diary (full) • 2026-01-15 02:49 • isc.sans.edu[This is a Guest Diary by Matthew Presnal, an ISC intern as part of the SANS.edu BACS program]
- FTC bans GM from selling drivers' location data for five years
BleepingComputer • 2026-01-15 01:59 • www.bleepingcomputer.com
The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. […]
https://www.bleepingcomputer.com/news/security/ftc-bans-general-motors-from-selling-drivers-location-data-for-five-years/ - Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
The Hacker News • 2026-01-15 01:37 • thehackernews.com
Microsoft on Wednesday announced that it has taken a “coordinated legal action” in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses.
The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious
https://thehackernews.com/2026/01/microsoft-legal-action-disrupts-redvds.html - Palo Alto Networks warns of DoS bug letting hackers disable firewalls
BleepingComputer • 2026-01-15 01:02 • www.bleepingcomputer.com
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. […]
https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
