TECHZONE™

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely. "Only a single click on a legitimate Microsoft link is required to compromise victims," Varonis security

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Unauthenticated RCE risk Security Flaw in Redis

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers

4 Outdated Habits Destroying Your SOC's MTTR in 2026 https://thehackernews.com/2026/01/4-outdated-habits-destroying-your-socs.html It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response. Below are four limiting habits that may be preventing your SOC from evolving at

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud https://thehackernews.com/2026/01/microsoft-legal-action-disrupts-redvds.html Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses. The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for

Is it time for internet services to adopt identity verification? https://www.welivesecurity.com/en/social-media/time-internet-services-adopt-identity-verification/ Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers https://thehackernews.com/2026/01/kimwolf-botnet-infected-over-2-million.html The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)

AI Agents Are Becoming Privilege Escalation Paths https://thehackernews.com/2026/01/ai-agents-are-becoming-privilege.html AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants, chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example:

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution https://thehackernews.com/2026/01/fortinet-fixes-critical-fortisiem-flaw.html Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. "An improper neutralization of special elements used in an OS command ('OS command

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.  Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download the

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by 22 information disclosure, 21 remote code

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service (DoS) condition. "Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability," Node.js's

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces https://thehackernews.com/2026/01/pluggyape-malware-uses-signal-and.html The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at least

Your personal information is on the dark web. What happens next? https://www.welivesecurity.com/en/privacy/information-dark-web-what-happens-next/ If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today.

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl https://thehackernews.com/2026/01/webinar-t-from-mcps-and-tool-access-to.html AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks. Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control