Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-27 12:00 PST
- WinRAR path traversal flaw still exploited by numerous hackers
BleepingComputer • 2026-01-27 11:38 • www.bleepingcomputer.com
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. […]
https://www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/ - WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
The Hacker News • 2026-01-27 08:54 • thehackernews.com
Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do.
The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for
https://thehackernews.com/2026/01/whatsapp-rolls-out-lockdown-style.html - Nike investigates data breach after extortion gang leaks files
BleepingComputer • 2026-01-27 08:45 • www.bleepingcomputer.com
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. […]
https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/ - Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
The Hacker News • 2026-01-27 08:45 • thehackernews.com
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft.
The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025.
“While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)
https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html - Critical sandbox escape flaw found in popular vm2 NodeJS library
BleepingComputer • 2026-01-27 08:35 • www.bleepingcomputer.com
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. […]
https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2-nodejs-library/ - US charges 31 more suspects linked to ATM malware attacks
BleepingComputer • 2026-01-27 08:27 • www.bleepingcomputer.com
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. […]
https://www.bleepingcomputer.com/news/security/us-charges-31-more-suspects-linked-to-atm-malware-attacks/ - The AI Fix #85: ChatGPT gets ads, pets get AI therapists, and everyone’s wrong about LLMs
Graham Cluley • 2026-01-27 07:12 • grahamcluley.com
In episode 85 of The AI Fix, Graham discovers that Silicon Valley has the solution to your pet’s mental health crisis, and Mark explains why AI godfather Yann LeCun thinks the entire AI industry is wrong about LLMs.Also in this episode, OpenAI decides to ruin ChatGPT with ads; Sam Altman and Elon Musk and have a public spat over whose AI is more murderous; humanoid robots turn up at CES 2026 and answer of whether robots can fight—with a resounding “no”; and AI slop forces the beloved cURL project to shut down its bug bounty program.
All this and much more is discussed in the latest editi…
https://grahamcluley.com/the-ai-fix-85/ - From Cipher to Fear: The psychology behind modern ransomware extortion
BleepingComputer • 2026-01-27 07:02 • www.bleepingcomputer.com
Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. […]
https://www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/ - ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
The Hacker News • 2026-01-27 06:38 • thehackernews.com
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.
“Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”
https://thehackernews.com/2026/01/clickfix-attacks-expand-using-fake.html - Over 6,000 SmarterMail servers exposed to automated hijacking attacks
BleepingComputer • 2026-01-27 06:09 • www.bleepingcomputer.com
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. […]
https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
