12/69 Thursday, January 8, 2026 The CERT Coordination Center (CERT/CC) has disclosed details of a vulnerability tracked as CVE-2025-65606 affecting the TOTOLINK EX200 wireless range extender. The flaw allows a remote attacker with access to the device to escalate privileges to the highest level (root). The vulnerability stems from improper firmware upload error handling, which […]
11/69 Thursday, January 8, 2026 Google has released the January 2026 Android security update to address a critical vulnerability in the Dolby Digital Plus (Dolby DD+) audio decoder, tracked as CVE-2025-54957. The flaw is rated Critical and was originally discovered by researchers from Google Project Zero in October 2025. Google had previously begun rolling out […]
10/69 Thursday, January 8, 2026 A critical security vulnerability, CVE-2026-0625, has been identified in several legacy D-Link router models that have already reached End-of-Life (EoL). The vulnerability is a Command Injection flaw in a CGI library, specifically at the dnscfg.cgi endpoint, caused by insufficient input validation. This flaw allows unauthenticated attackers to execute arbitrary commands […]
09/69 Wednesday, January 7, 2026 Security researchers from Zenity Labs have warned about potential security risks associated with Anthropic’s “Claude in Chrome” extension, which enables the AI to directly browse websites, fill out forms, and interact with web applications on behalf of users. Because the extension remains logged in at all times, Claude effectively gains […]
08/69 Wednesday, January 7, 2026 Ledger, the manufacturer of self-custodial hardware wallets for digital assets, has notified some customers that their personal information may have been affected by a data breach involving its third-party payment service provider, Global-e. The company emphasized that the incident did not impact Ledger’s own network, hardware, or software systems, and […]
07/69 Wednesday, January 7, 2026 Security researchers from Securonix have identified a new cyberattack campaign dubbed PHALT#BLYX, targeting businesses in the travel and hospitality sector. Attackers send phishing emails impersonating customers from Booking[.]com, claiming to cancel hotel reservations and requesting unusually large refunds to create a sense of urgency. When employees click the link in […]
06/69 Tuesday, January 6, 2026 Cybersecurity researchers have identified a new information-stealing malware strain called VVS Stealer, developed in Python and heavily obfuscated using the PyArmor tool to evade security detection. The malware has been sold on Telegram since April 2025 at prices starting as low as €10 (approximately USD 11), and is primarily designed […]
05/69 Tuesday, January 6, 2026 Sedgwick, a global provider of claims management and risk administration services, has disclosed a cybersecurity incident affecting one of its U.S. government contracting units, Sedgwick Government Solutions, after the TridentLocker ransomware group claimed it had accessed and exfiltrated approximately 3.4 GB of data. The incident was publicly disclosed around New […]
04/69 Tuesday, January 6, 2026 Cybersecurity researchers from Check Point have revealed a newly discovered phishing campaign that employs a sophisticated technique by abusing Google Cloud Application Integration, an automation feature provided by Google, to send fraudulent emails to victims. What makes this campaign particularly concerning is that the phishing emails are sent from a […]
03/69 Monday, January 5, 2026 Finnish authorities have seized a cargo vessel and detained its crew following an incident in which an undersea internet cable operated by Elisa, connecting Finland and Estonia, was severed in the early hours of New Year’s Day. Finland’s maritime authorities reported that the vessel was observed dragging its anchor across […]
