TECHZONE™

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. "The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructure

Why Secrets in JavaScript Bundles are Still Being Missed https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by scanning 5 million applications revealed over

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormant

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More https://thehackernews.com/2026/01/weekly-recap-fortinet-exploits-redline.html In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT. This new escalation of ClickFix has

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we were able to collect system fingerprints, monitor active sessions, and – in a twist that will

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists, authorities

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself https://www.welivesecurity.com/en/social-media/linkedin-hunting-ground-threat-actors-how-protect-yourself/ The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally. "You need to know that your data and conversations are protected and never sold to advertisers," OpenAI said. "And we need to keep a high bar and give

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account

Your Digital Footprint Can Lead Right to Your Front Door https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on