Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-21 07:00 PST
- You Got Phished? Of Course! You're Human…
BleepingComputer • 2026-01-21 06:30 • www.bleepingcomputer.com
Phishing succeeds not because users are careless, but because attackers exploit human timing, context, and emotion. Flare shows how modern phishing has become industrialized, scalable, and increasingly hard to spot. […]
https://www.bleepingcomputer.com/news/security/you-got-phished-of-course-youre-human/ - Hackers exploit security testing apps to breach Fortune 500 firms
BleepingComputer • 2026-01-21 06:00 • www.bleepingcomputer.com
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/ - GitLab warns of high-severity 2FA bypass, denial-of-service flaws
BleepingComputer • 2026-01-21 05:57 • www.bleepingcomputer.com
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. […]
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/ - Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
BleepingComputer • 2026-01-21 04:16 • www.bleepingcomputer.com
Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. […]
https://www.bleepingcomputer.com/news/security/tesla-hacked-37-zero-days-demoed-at-pwn2own-automotive-2026/ - Internet Voting is Too Insecure for Use in Elections
Schneier on Security • 2026-01-21 04:05 • www.schneier.comNo matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer.
Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure. Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn…
https://www.schneier.com/blog/archives/2026/01/internet-voting-is-too-insecure-for-use-in-elections.html - Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff
The Hacker News • 2026-01-21 03:58 • thehackernews.com
Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets.
The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are
https://thehackernews.com/2026/01/webinar-how-smart-mssps-using-ai-to.html - Pro-Russian denial-of-service attacks target UK, NCSC warns
Graham Cluley • 2026-01-21 02:48 • www.bitdefender.com
The UK’s National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations.Are you prepared?
Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/pro-russian-denial-of-service-attacks-target-uk-ncsc-warns - Exposure Assessment Platforms Signal a Shift in Focus
The Hacker News • 2026-01-21 02:30 • thehackernews.com
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern
https://thehackernews.com/2026/01/exposure-assessment-platforms-signal.html - Automatic Script Execution In Visual Studio Code, (Wed, Jan 21st)
SANS ISC Diary (full) • 2026-01-21 01:50 • isc.sans.eduVisual Studio Code is a popular open-source code editor[1]. But it's much more than a simple editor, it's a complete development platform that supports many languages and it is available on multiple platforms. Used by developers worldwide, it's a juicy target for threat actors because it can be extended with extensions.
- Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
The Hacker News • 2026-01-21 01:10 • thehackernews.com
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization.
Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or
https://thehackernews.com/2026/01/chainlit-ai-framework-flaws-enable-data.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
