Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-27 07:00 PST
- ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
The Hacker News • 2026-01-27 06:38 • thehackernews.com
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.
“Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”
https://thehackernews.com/2026/01/clickfix-attacks-expand-using-fake.html - Over 6,000 SmarterMail servers exposed to automated hijacking attacks
BleepingComputer • 2026-01-27 06:09 • www.bleepingcomputer.com
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. […]
https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/ - Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
BleepingComputer • 2026-01-27 04:25 • www.bleepingcomputer.com
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems. […]
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/ - The Constitutionality of Geofence Warrants
Schneier on Security • 2026-01-27 04:01 • www.schneier.comThe US Supreme Court is considering the constitutionality of geofence warrants.
The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint.
Police probing the crime found security camera footage showing a man on a cell phone near the credit union that was robbed and asked Google to produce anonymized location data near the robbery site so they …
https://www.schneier.com/blog/archives/2026/01/the-constitutionality-of-geofence-warrants.html - CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
The Hacker News • 2026-01-27 03:50 • thehackernews.com
Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.
Which exposures truly matter? Can attackers exploit them? Are our defenses effective?
Continuous Threat Exposure
https://thehackernews.com/2026/01/ctem-in-practice-prioritization.html - Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation
The Hacker News • 2026-01-27 02:37 • thehackernews.com
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.
“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized
https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html - Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
The Hacker News • 2026-01-27 02:36 • thehackernews.com
A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.
“One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,”
https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html - Weekly Update 488
Troy Hunt • 2026-01-27 01:50 • www.troyhunt.comIt's the discussion about the reaction of some people in the UK regarding their impending social media ban for under 16s that bugged me most. Most noteably was the hand-waving around "the gov is just trying to siphon up all our IDs" and "this means
- China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
The Hacker News • 2026-01-27 01:01 • thehackernews.com
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments.
The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro
https://thehackernews.com/2026/01/china-linked-hackers-have-used.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
