TECHZONE™

Your personal information is on the dark web. What happens next? https://www.welivesecurity.com/en/privacy/information-dark-web-what-happens-next/ If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today.

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl https://thehackernews.com/2026/01/webinar-t-from-mcps-and-tool-access-to.html AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks. Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control

New Advanced Linux VoidLink Malware Targets Cloud and container Environments https://thehackernews.com/2026/01/new-advanced-linux-voidlink-malware.html Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular

What Should We Learn From How Attackers Leveraged AI in 2025? https://thehackernews.com/2026/01/what-should-we-learn-from-how-attackers.html Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry points that

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 "This issue [...] could enable an unauthenticated user to impersonate another user and

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack https://thehackernews.com/2026/01/new-malware-campaign-delivers-remcos.html Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution https://thehackernews.com/2026/01/cisa-warns-of-active-exploitation-of.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution. "Gogs Path

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and then

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More https://thehackernews.com/2026/01/weekly-recap-ai-automation-exploits.html This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again and

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials https://thehackernews.com/2026/01/gobruteforcer-botnet-targets-crypto.html A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. "The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples that propagate common

Anthropic Launches Claude AI for Healthcare with Secure Health Record Access https://thehackernews.com/2026/01/anthropic-launches-claude-ai-for.html Anthropic has become the latest Artificial intelligence (AI) company to announce a new suite of features that allows users of its Claude platform to better understand their health information. Under an initiative called Claude for Healthcare, the company said U.S. subscribers of Claude Pro and Max plans can opt to give Claude secure access to their lab results and health records by connecting to

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud https://thehackernews.com/2026/01/researchers-uncover-service-providers.html Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam centers across Southeast Asia, creating special economic zones that are devoted to fraudulent investment

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors https://thehackernews.com/2026/01/muddywater-launches-rustywater-rat-via.html The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime https://thehackernews.com/2026/01/europol-arrests-34-black-axe-members-in.html Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three others in Madrid, two in Málaga, and one in Barcelona

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines https://thehackernews.com/2026/01/chinese-linked-hackers-exploit-vmware.html Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"

Credential stuffing: What it is and how to protect yourself https://www.welivesecurity.com/en/cybersecurity/credential-stuffing-what-it-is-how-protect-yourself/ Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't) https://thehackernews.com/2026/01/cybersecurity-predictions-2026-hype-we.html As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven