Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-07 07:00 PST
- ownCloud urges users to enable MFA after credential theft reports
BleepingComputer • 2026-01-07 06:34 • www.bleepingcomputer.com
File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data. […]
https://www.bleepingcomputer.com/news/security/owncloud-urges-users-to-enable-mfa-after-credential-theft-reports/ - New Veeam vulnerabilities expose backup servers to RCE attacks
BleepingComputer • 2026-01-07 05:06 • www.bleepingcomputer.com
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. […]
https://www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/ - Google Search AI hallucinations push Google to hire "AI Answers Quality" engineers
BleepingComputer • 2026-01-07 04:50 • www.bleepingcomputer.com
AI, including AI Overviews on Google Search, can hallucinate and often make up stuff or offer contradicting answers when asked in two different ways. […]
https://www.bleepingcomputer.com/news/google/google-search-ai-hallucinations-push-google-to-hire-ai-answers-quality-engineers/ - UK announces plan to strengthen public sector cyber defenses
BleepingComputer • 2026-01-07 04:15 • www.bleepingcomputer.com
The United Kingdom has announced a new cybersecurity strategy, backed by more than £210 million ($283 million), to boost cyber defenses across government departments and the wider public sector. […]
https://www.bleepingcomputer.com/news/security/uk-announces-plan-to-strengthen-public-sector-cyber-defenses/ - The Wegman’s Supermarket Chain Is Probably Using Facial Recognition
Schneier on Security • 2026-01-07 04:03 • www.schneier.comThe New York City Wegman’s is collecting biometric information about customers.
- Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators
The Hacker News • 2026-01-07 03:55 • thehackernews.com
Security teams are still catching malware. The problem is what they’re not catching.
More attacks today don’t arrive as files. They don’t drop binaries. They don’t trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows.
That shift is creating a blind spot.
Join us for a deep-dive
https://thehackernews.com/2026/01/webinar-learn-how-ai-powered-zero-trust.html - n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
The Hacker News • 2026-01-07 03:26 • thehackernews.com
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).
The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.
“Under certain conditions, an authenticated user may be able to cause untrusted code to be
https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html - The Future of Cybersecurity Includes Non-Human Employees
The Hacker News • 2026-01-07 03:00 • thehackernews.com
Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report
https://thehackernews.com/2026/01/the-future-of-cybersecurity-includes.html - Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
The Hacker News • 2026-01-07 02:41 • thehackernews.com
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).
The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.
“This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious
https://thehackernews.com/2026/01/veeam-patches-critical-rce.html - Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
The Hacker News • 2026-01-07 01:42 • thehackernews.com
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally.
“Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the
https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html - A phishing campaign with QR codes rendered using an HTML table, (Wed, Jan 7th)
SANS ISC Diary (full) • 2026-01-07 01:32 • isc.sans.eduMalicious use of QR codes has long been ubiquitous, both in the real world as well as in electronic communication. This is hardly surprising given that a scan of a QR code can lead one to a phishing page as easily as clicking a link in an e-mail.
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
