TECHZONE™

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories https://thehackernews.com/2026/01/threatsday-bulletin-rustfs-flaw-iranian.html The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for

The State of Trusted Open Source https://thehackernews.com/2026/01/the-state-of-trusted-open-source.html Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release https://thehackernews.com/2026/01/cisco-patches-ise-security.html Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx." bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) "The

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls https://thehackernews.com/2026/01/openai-launches-chatgpt-health-with.html Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails,

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2009-0556 (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators https://thehackernews.com/2026/01/webinar-learn-how-ai-powered-zero-trust.html Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. "Under certain conditions, an authenticated user may be able to cause untrusted code to be

The Future of Cybersecurity Includes Non-Human Employees https://thehackernews.com/2026/01/the-future-of-cybersecurity-includes.html Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication https://thehackernews.com/2026/01/veeam-patches-critical-rce.html Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. "This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA," the

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. "An unauthenticated remote attacker can inject

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to inadvertently start

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.

What is Identity Dark Matter? https://thehackernews.com/2026/01/what-is-identity-dark-matter.html The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and IGA tools govern only the nearly

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX https://thehackernews.com/2026/01/vs-code-forks-recommend-missing.html Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names. The problem, according to Koi, is that these

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. It affects n8n versions from

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipart