Cyber Security News

A critical architectural flaw in Microsoft Azure’s Private Endpoint implementation that enables denial-of-service (DoS) attacks against production Azure resources. The vulnerability affects over 5% of Azure storage accounts, exposing organizations to service disruptions across Key Vault, CosmosDB, Azure Container Registry, Function Apps, and OpenAI accounts. How the Vulnerability Works Palo Alto Networks uncovers that the […]

The post Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack appeared first on Cyber Security News.

Atlanta, GA, United States, January 20th, 2026, CyberNewsWire Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 […]

The post Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency has issued a malware analysis report on BRICKSTORM, a sophisticated backdoor linked to Chinese state-sponsored cyber operations. Released in December 2025 and updated through January 2026, the report identifies this threat targeting VMware vSphere platforms, specifically vCenter servers and ESXi environments. Organizations in government services and information technology sectors […]

The post CISA Releases BRICKSTORM Malware Analysis with New YARA Rules for VMware vSphere appeared first on Cyber Security News.

Madison, United States, January 20th, 2026, CyberNewsWire Veteran cybersecurity leader brings decades of experience and patented innovation to advance the next generation of proactive security solutions. Sprocket Security today announced the appointment of Eric Sheridan as Chief Technology Officer (CTO). In this role, Sheridan will lead the company’s technology vision and execution, accelerating innovation and advancing Sprocket Security’s mission to […]

The post Sprocket Security Appoints Eric Sheridan as Chief Technology Officer appeared first on Cyber Security News.

Alisa Viejo, United States, January 20th, 2026, CyberNewsWire One Identity, a trusted leader in identity security, today announces a major upgrade to One Identity Manager, a top-rated IGA solution, strengthening identity governance as a critical security control for modern enterprise environments.  One Identity Manager 10.0 introduces security-driven capabilities for risk-based governance, identity threat detection and […]

The post One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security appeared first on Cyber Security News.

Gootloader has reemerged as a serious threat after going dormant, returning in November 2025 with renewed capabilities designed to slip past modern security systems. This malware serves as an initial access broker, meaning its developers create the entry point for ransomware attacks and then hand over control to other threat actors who deploy the actual […]

The post Gootloader with Low Detection Rate Bypasses Most Security Tools appeared first on Cyber Security News.

As cyber risk increasingly translates into financial loss, speed is everything. Yet most Security Operations Centers (SOCs) are detecting attacks only after significant damage has already occurred. The average data breach costs organizations $4.4 million, with costs escalating the longer attackers remain undetected inside networks. Delayed detection, often measured in days or weeks of dwell […]

The post Most SOCs Are Seeing Attacks Too Late. Here’s How to Fix It  appeared first on Cyber Security News.

The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data. The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening to publicly release the stolen information if the company fails to respond within a specified […]

The post Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India appeared first on Cyber Security News.

Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach. Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in federal digital infrastructure. Between August and October 2023, Moore executed a coordinated series of intrusions […]

The post Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram appeared first on Cyber Security News.

WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred to as WhisperPair.​ CVE-2025-36911 represents a systemic failure in Fast Pair implementations across multiple manufacturers […]

The post WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading malware. Security experts have classified this attack as highly targeted, employing multi-stage infection techniques to […]

The post New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access appeared first on Cyber Security News.

A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for a zero-day flaw in the QuickJS Javascript interpreter. The results point to a significant shift […]

The post New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale appeared first on Cyber Security News.

A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting disruptive denial-of-service (DoS) operations against local government authorities. Critical national infrastructure operators are aiming to cripple essential services and turn off public-facing websites. The NCSC emphasizes that while DoS attacks […]

The post NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services appeared first on Cyber Security News.

SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting credentials, documents, keystrokes, and screenshots while sending stolen information directly to attackers through Discord webhooks. […]

The post Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data appeared first on Cyber Security News.

Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate risk to industrial process control environments worldwide.​ The primary threat stems […]

The post Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges appeared first on Cyber Security News.

A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent.​ Security researchers from KU Leuven have uncovered a vulnerability, tracked as CVE-2025-36911 and dubbed WhisperPair, that affects hundreds of millions of wireless earbuds, headphones, and speakers from major manufacturers. Including Sony, […]

The post WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected appeared first on Cyber Security News.

A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users searching for appliance manuals and PDF editing tools online, exploiting common search behaviors to deliver […]

The post Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef appeared first on Cyber Security News.

Pulsar RAT has emerged as a sophisticated derivative of the open-source Quasar RAT, introducing dangerous enhancements that enable attackers to maintain invisible remote access through advanced evasion techniques. This modular Windows-focused remote administration tool represents a significant evolution in threat sophistication. Combining memory-only execution with hidden virtual network computing (HVNC) capabilities that circumvent traditional detection […]

The post Pulsar RAT Using Memory-Only Execution & HVNC to Gain Invisible Remote Access appeared first on Cyber Security News.

OpenAI’s global rollout of its budget-friendly ChatGPT Go subscription at $8 USD monthly introduces significant data privacy and security considerations for cybersecurity professionals monitoring AI platform access controls. The tiered pricing structure, which includes an ad-supported model for free and Go users, fundamentally alters the threat landscape for organizational data exposure. The introduction of advertising […]

The post ChatGPT Go Launched for $8 USD/month With Support for Ads and Privacy Risks appeared first on Cyber Security News.

A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms. The heap profiler service endpoint (/pprof/heap) fails to properly sanitize the extra_options parameter before passing it to […]

The post Apache bRPC Vulnerability Enables Remote Command Injection appeared first on Cyber Security News.