Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-26 12:00 PST
- Microsoft patches actively exploited Office zero-day vulnerability
BleepingComputer • 2026-01-26 10:20 • www.bleepingcomputer.com
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/ - Cloudflare misconfiguration behind recent BGP route leak
BleepingComputer • 2026-01-26 09:50 • www.bleepingcomputer.com
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. […]
https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/ - EU launches investigation into X over Grok-generated sexual images
BleepingComputer • 2026-01-26 09:14 • www.bleepingcomputer.com
The European Commission is now investigating whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images. […]
https://www.bleepingcomputer.com/news/artificial-intelligence/eu-launches-investigation-into-x-over-grok-generated-sexual-images/ - Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
The Hacker News • 2026-01-26 09:01 • thehackernews.com
Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.
The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat
https://thehackernews.com/2026/01/indian-users-targeted-in-tax-phishing.html - Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
The Hacker News • 2026-01-26 07:43 • thehackernews.com
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.
The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio
https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html - Nearly 800,000 Telnet servers exposed to remote attacks
BleepingComputer • 2026-01-26 07:19 • www.bleepingcomputer.com
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. […]
https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/ - 6 Okta security settings you might have overlooked
BleepingComputer • 2026-01-26 07:01 • www.bleepingcomputer.com
Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. […]
https://www.bleepingcomputer.com/news/security/6-okta-security-settings-you-might-have-overlooked/ - Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
BleepingComputer • 2026-01-26 06:02 • www.bleepingcomputer.com
The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. […]
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
