en
Feedback
TECHZONE™

TECHZONE™

Open in Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Show more
595
Subscribers
No data24 hours
-17 days
-1030 days
Posts Archive
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. "These documents and

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly,

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/ The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper

Children and chatbots: What parents should know https://www.welivesecurity.com/en/kids-online/children-chatbots-what-parents-should-know/ As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a

Common Apple Pay scams, and how to stay safe https://www.welivesecurity.com/en/scams/common-apple-pay-scams-how-stay-safe/ Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok's Chinese

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust," KnowBe4 Threat

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms https://thehackernews.com/2026/01/microsoft-flags-multi-stage-aitm.html Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said.

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis

Filling the Most Common Gaps in Google Workspace Security https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all about

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from