Cybersecurity Articles

18/69 Monday, January 12, 2026 The threat group MuddyWater has launched attacks against diplomatic, financial, telecommunications, and maritime transportation organizations in the Middle East using the RustyWater malware. The campaign relies on spear-phishing emails disguised as cybersecurity safety guidance, with a malicious Microsoft Word document attached. When victims open the document and click “Enable Content,” […]

17/69 Monday, January 12, 2026 The well-known hacking forum BreachForums, a platform used for buying, selling, and sharing stolen data—as well as trading access to corporate networks and other cybercrime services-has suffered a data breach, with its user database table leaked online. The incident affects the latest incarnation of BreachForums, which has been repeatedly taken […]

16/69 Monday, January 12, 2026 Security researchers have observed renewed activity from the threat group APT28 (also known as BlueDelta), In this campaign, the group has focused on stealing high-value credentials, primarily targeting personnel in energy and nuclear research organizations in Turkey, as well as officials in European institutions and agencies in North Macedonia and […]

15/69 Friday, January 9, 2026 Cisco has released a security update to address CVE-2026-20029 affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which are used for network access control and identity management. The vulnerability is caused by improper handling of XML input processing in the Web Management Interface, allowing an attacker […]

14/69 Friday, January 9, 2026 Veeam has released security updates to address multiple vulnerabilities in Veeam Backup & Replication, including a critical issue tracked as CVE-2025-59470 with a CVSS score of 9.0. This vulnerability could allow remote code execution (RCE), enabling users assigned the Backup or Tape Operator roles to execute arbitrary code as the […]

13/69 Friday, January 9, 2026 A critical security vulnerability, tracked as CVE-2025-68428, has been discovered in jsPDF, a popular JavaScript library with more than 3.5 million downloads per week. The vulnerability carries a CVSS score of 9.2 and stems from Local File Inclusion (LFI) and Path Traversal flaws in the file-loading mechanism when jsPDF is […]

12/69 Thursday, January 8, 2026 The CERT Coordination Center (CERT/CC) has disclosed details of a vulnerability tracked as CVE-2025-65606 affecting the TOTOLINK EX200 wireless range extender. The flaw allows a remote attacker with access to the device to escalate privileges to the highest level (root). The vulnerability stems from improper firmware upload error handling, which […]

11/69 Thursday, January 8, 2026 Google has released the January 2026 Android security update to address a critical vulnerability in the Dolby Digital Plus (Dolby DD+) audio decoder, tracked as CVE-2025-54957. The flaw is rated Critical and was originally discovered by researchers from Google Project Zero in October 2025. Google had previously begun rolling out […]

10/69 Thursday, January 8, 2026 A critical security vulnerability, CVE-2026-0625, has been identified in several legacy D-Link router models that have already reached End-of-Life (EoL). The vulnerability is a Command Injection flaw in a CGI library, specifically at the dnscfg.cgi endpoint, caused by insufficient input validation. This flaw allows unauthenticated attackers to execute arbitrary commands […]

09/69 Wednesday, January 7, 2026 Security researchers from Zenity Labs have warned about potential security risks associated with Anthropic’s “Claude in Chrome” extension, which enables the AI to directly browse websites, fill out forms, and interact with web applications on behalf of users. Because the extension remains logged in at all times, Claude effectively gains […]