TECHZONE™

DynoWiper update: Technical analysis and attribution https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/ ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis.html Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently

Badges, Bytes and Blackmail https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score https://thehackernews.com/2026/01/smartermail-fixes-critical.html SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score:

Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www.ipidea.io") is no longer accessible. It

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/ ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent")

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. "In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression

From Triage to Threat Hunts: How AI Accelerates SecOps https://thehackernews.com/2026/01/from-triage-to-threat-hunts-how-ai.html If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality.

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks https://thehackernews.com/2026/01/mustang-panda-deploys-updated.html Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government entities located

Password Reuse in Disguise: An Often-Missed Risky Workaround https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary. Near-identical password reuse continues to slip past security controls, often

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the

Drowning in spam or scam emails? Here’s probably why https://www.welivesecurity.com/en/cybersecurity/drowning-spam-scam-emails-why/ Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's