Cyber Security News

LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations continue moving forward, displaying fresh variants that target different computer systems and platforms. Recently, leaked materials and screenshots have provided security experts with a detailed look at how this criminal […]

The post Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants appeared first on Cyber Security News.

Boston, MA, USA, January 21st, 2026, CyberNewsWire Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client‑side risk across global websites, driven primarily by third‑party applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of third‑party applications now […]

The post New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization appeared first on Cyber Security News.

A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works by injecting hidden scripts into compromised shopping sites, allowing attackers to intercept sensitive data when customers enter their credit card details during checkout. Magecart attacks represent a significant threat to […]

The post New Magecart Attack Inject Malicious JavaScript to Skim Payment Data appeared first on Cyber Security News.

A ransomware attack has reportedly exposed confidential internal documents at a major electronics manufacturer. The breach compromises the company’s critical role in Apple’s global supply chain, including AirPods manufacturing, iPhone production, and Vision Pro assembly. Threat actors have published internal documents revealing sensitive operational intelligence, including production workflows, security procedures, and supply chain protocols. Luxshare […]

The post Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare – Confidential Data Exposed appeared first on Cyber Security News.

A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete solution for running deceptive campaigns across multiple operating systems. ErrTraffic extends the traditional ClickFix approach […]

The post ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix appeared first on Cyber Security News.

Critical security patches addressing five vulnerabilities across versions 18.8.2, 18.7.2, and 18.6.4 for both Community Edition (CE) and Enterprise Edition (EE). The patches resolve issues ranging from high-severity authentication flaws to denial-of-service conditions affecting core platform functionality. Critical 2FA Bypass Vulnerability The most severe vulnerability is CVE-2026-0723, an unchecked return value issue in authentication services […]

The post Multiple GitLab Vulnerabilities Enables 2FA Bypass and DoS Attacks appeared first on Cyber Security News.

A critical security alert regarding an active phishing campaign that commenced on January 19, 2026. The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users. The phishing emails employ social engineering tactics by creating artificial urgency, falsely claiming that LastPass maintenance […]

The post LastPass Warns of Fake Maintenance Message Tracking Users to Steal Master Passwords appeared first on Cyber Security News.

Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components. The vulnerability stems from a defect in how […]

The post Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server appeared first on Cyber Security News.

A critical architectural flaw in Microsoft Azure’s Private Endpoint implementation that enables denial-of-service (DoS) attacks against production Azure resources. The vulnerability affects over 5% of Azure storage accounts, exposing organizations to service disruptions across Key Vault, CosmosDB, Azure Container Registry, Function Apps, and OpenAI accounts. How the Vulnerability Works Palo Alto Networks uncovers that the […]

The post Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack appeared first on Cyber Security News.

Atlanta, GA, United States, January 20th, 2026, CyberNewsWire Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 […]

The post Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency has issued a malware analysis report on BRICKSTORM, a sophisticated backdoor linked to Chinese state-sponsored cyber operations. Released in December 2025 and updated through January 2026, the report identifies this threat targeting VMware vSphere platforms, specifically vCenter servers and ESXi environments. Organizations in government services and information technology sectors […]

The post CISA Releases BRICKSTORM Malware Analysis with New YARA Rules for VMware vSphere appeared first on Cyber Security News.

Madison, United States, January 20th, 2026, CyberNewsWire Veteran cybersecurity leader brings decades of experience and patented innovation to advance the next generation of proactive security solutions. Sprocket Security today announced the appointment of Eric Sheridan as Chief Technology Officer (CTO). In this role, Sheridan will lead the company’s technology vision and execution, accelerating innovation and advancing Sprocket Security’s mission to […]

The post Sprocket Security Appoints Eric Sheridan as Chief Technology Officer appeared first on Cyber Security News.

Alisa Viejo, United States, January 20th, 2026, CyberNewsWire One Identity, a trusted leader in identity security, today announces a major upgrade to One Identity Manager, a top-rated IGA solution, strengthening identity governance as a critical security control for modern enterprise environments.  One Identity Manager 10.0 introduces security-driven capabilities for risk-based governance, identity threat detection and […]

The post One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security appeared first on Cyber Security News.

Gootloader has reemerged as a serious threat after going dormant, returning in November 2025 with renewed capabilities designed to slip past modern security systems. This malware serves as an initial access broker, meaning its developers create the entry point for ransomware attacks and then hand over control to other threat actors who deploy the actual […]

The post Gootloader with Low Detection Rate Bypasses Most Security Tools appeared first on Cyber Security News.

As cyber risk increasingly translates into financial loss, speed is everything. Yet most Security Operations Centers (SOCs) are detecting attacks only after significant damage has already occurred. The average data breach costs organizations $4.4 million, with costs escalating the longer attackers remain undetected inside networks. Delayed detection, often measured in days or weeks of dwell […]

The post Most SOCs Are Seeing Attacks Too Late. Here’s How to Fix It  appeared first on Cyber Security News.

The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data. The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening to publicly release the stolen information if the company fails to respond within a specified […]

The post Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India appeared first on Cyber Security News.

Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach. Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in federal digital infrastructure. Between August and October 2023, Moore executed a coordinated series of intrusions […]

The post Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram appeared first on Cyber Security News.

WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred to as WhisperPair.​ CVE-2025-36911 represents a systemic failure in Fast Pair implementations across multiple manufacturers […]

The post WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading malware. Security experts have classified this attack as highly targeted, employing multi-stage infection techniques to […]

The post New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access appeared first on Cyber Security News.

A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for a zero-day flaw in the QuickJS Javascript interpreter. The results point to a significant shift […]

The post New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale appeared first on Cyber Security News.