Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to expose sensitive user-mode memory, specifically section addresses, via remote ALPC ports. This could aid further […]
The post https://cybersecuritynews.com/desktop-window-manager-0-day-vulnerability/
.
https://cybersecuritynews.com/desktop-window-manager-0-day-vulnerability/
Top 10 Best SaaS Security Tools – 2026
Introduction : Security management across multiple Software-as-a-Service (SaaS) clouds can present challenges, primarily stemming from the heightened prevalence of malware and ransomware attacks. In the present landscape, organizations encounter many challenges with Software-as-a-Service (SaaS). One of the main challenges businesses face is the absence of standardized configuration practices, which leads to the need to handle […]
The post https://cybersecuritynews.com/best-saas-security-tools/
.
Best Security Solutions for Marketers – 2026
Marketers play an essential role in today’s market by bridging the gap between the consumer and the organization or product. In the process of becoming the bridge, marketers often handle and are responsible for a lot of valuable information. And to safeguard those assets, any marketer must take security-related measures to address the assets adequately. […]
The post https://cybersecuritynews.com/best-security-solutions-for-marketers/
.
https://cybersecuritynews.com/best-security-solutions-for-marketers/
Best Network Security Vendors for SaaS – 2026
Network security for Software as a Service (SaaS) requires a combination of rules, procedures, and technologies to ensure the confidentiality, integrity, and availability of SaaS-provided data and services. As-a-Service Security (SaaS) refers to a cloud-based methodology for delivering security services over the Internet, specifically in the context of network security. Businesses increasingly use security services […]
The post https://cybersecuritynews.com/network-security-vendors-for-saas/
.
https://cybersecuritynews.com/network-security-vendors-for-saas/
Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading
A malicious Chrome extension called MEXC API Automator is abusing trust in browser add-ons to steal cryptocurrency trading access from MEXC users. Posed as a tool that helps automate trading and API key creation, it quietly takes control of newly created API keys and turns a normal browser session into a full account takeover channel. […]
The post https://cybersecuritynews.com/malicious-chrome-extension-steals-wallet-login-credentials/
.
https://cybersecuritynews.com/malicious-chrome-extension-steals-wallet-login-credentials/
Google Integrating Gemini With Gmail With New features
Google announced Monday it’s integrating its Gemini AI model into Gmail, introducing features that transform the email service into a proactive personal assistant for its 3 billion users. The company is launching AI Overviews, a feature that synthesizes long email threads into concise summaries of key points. Users can also ask their inbox natural-language questions, such […]
The post https://cybersecuritynews.com/google-gemini-with-gmail/
.
Threat actors Allegedly Claim Discord Dataset Containing 78,541,207 Files
Threat actor HawkSec claims to be auctioning a Discord dataset comprising 78,541,207 files. The collection, organized into messages, voice sessions, actions, and servers, stems from an abandoned OSINT/CSINT project spanning several months. HawkSec promoted the dataset in their Discord server, titled “Hello Hawks Community,” announcing availability for purchase via designated channels. Files purportedly cover public […]
The post https://cybersecuritynews.com/discord-breach-claim/
.
Cybercriminal Cryptocurrency Transactions Peaked in 2025 Following Nation‑State Sanctions Evasion Moves
The cryptocurrency crime landscape reached an unprecedented milestone in 2025, with illicit cryptocurrency addresses receiving at least 154 billion dollars. This staggering figure represents a 162 percent increase compared to the previous year, driven largely by nation-states moving into cryptocurrency ecosystems to evade international sanctions at scale. The shift marks a critical turning point where […]
The post https://cybersecuritynews.com/cybercriminal-cryptocurrency-transactions-peaked/
.
https://cybersecuritynews.com/cybercriminal-cryptocurrency-transactions-peaked/
New Research Uncovers 28 Unique IP Addresses and 85 Domains Hosting Carding Markets
A recent investigation has exposed the technical foundation of underground carding operations, revealing 28 unique IP addresses and 85 domains actively hosting illegal marketplaces where stolen credit card data is bought and sold. These platforms operate as sophisticated e-commerce sites for financial fraud, enabling criminals to trade stolen payment information ranging from $5 to $150 […]
The post https://cybersecuritynews.com/new-research-uncovers-28-unique-ip-addresses/
.
https://cybersecuritynews.com/new-research-uncovers-28-unique-ip-addresses/
New ‘Penguin’ Pig Butchering as a Service Selling PII, Stolen Accounts and Fraud Kits
The world of cybercrime has taken a dangerous turn as pig butchering scams now operate as turnkey services, lowering entry barriers for bad actors worldwide. The “Penguin” operation represents a growing marketplace that provides everything scammers need to launch large-scale fraud campaigns, from stolen personal data to ready-made fraud templates. This service-based model mirrors other […]
The post https://cybersecuritynews.com/new-penguin-pig-butchering-as-a-service-selling-pii/
.
https://cybersecuritynews.com/new-penguin-pig-butchering-as-a-service-selling-pii/
New EDRStartupHinder Tool blocks antivirus and EDR services at startup on Windows 11 25H2 Defender
Security researcher TwoSevenOneT, known for EDR evasion tools like EDR-Freeze and EDR-Redir, unveiled EDRStartupHinder this week. The tool blocks antivirus and EDR services at startup by redirecting critical System32 DLLs via Windows Bindlink, demonstrated on Windows Defender in Windows 11 25H2. Antivirus and EDR services operate like standard Windows services but with enhanced protection from […]
The post https://cybersecuritynews.com/edrstartuphinder-tool/
.
Data Breach at Texas Gas Station Operator Exposes Info of 377,000+ Customers
A cybersecurity incident at Gulshan Management Services, Inc., a gas station operator based in Sugar Land, Texas, has compromised the personal information of over 377,000 customers. The breach, discovered on September 27, 2025, exposed sensitive data over 10 days from September 17 to September 27, 2025. Breach Details The incident involved a hacking breach of […]
The post https://cybersecuritynews.com/data-breach-at-texas-gas-station-operator-exposes/
.
https://cybersecuritynews.com/data-breach-at-texas-gas-station-operator-exposes/
BreachForums Hack: Hackers Expose All User Records from Popular Dark Web Forum
In a dramatic turn for the cybercrime underworld, a mysterious hacker known as “James” has leaked the complete user database of BreachForums, a notorious Dark Web forum serving as a hub for stolen data trading and hacking discussions. The breach, announced on January 9, 2026, via the site shinyhunte.rs, exposes metadata for over 323,986 users, […]
The post https://cybersecuritynews.com/breachforums-hack/
.
CISA Retires Ten Emergency Directives Following Milestone Achievement
The Cybersecurity and Infrastructure Security Agency (CISA) announced a significant milestone on January 8, 2026, by retiring ten Emergency Directives issued between 2019 and 2024. This marks the highest number of Emergency Directives retired by the agency simultaneously, reflecting progress in federal cybersecurity efforts. Emergency Directives are urgent orders issued by CISA to rapidly address […]
The post https://cybersecuritynews.com/cisa-retires-ten-emergency-directives/
.
https://cybersecuritynews.com/cisa-retires-ten-emergency-directives/
FBI Warns of Kimsuky Actors Leverage Malicious QR Codes to Target U.S. Organizations
North Korean state‑sponsored group Kimsuky is running new spearphishing campaigns that abuse QR codes to compromise U.S. organizations. The FBI warns that think tanks, NGOs, academic bodies, and government‑linked entities with a North Korea focus are now being lured with “Quishing” emails that hide malicious URLs behind QR images instead of clickable links. The shift […]
The post https://cybersecuritynews.com/fbi-warns-of-kimsuky-actors/
.
Cisco Small Business Switches Face Global DNS Crash Outage
Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service. Devices entered reboot loops every few minutes, disrupting operations until DNS configurations were removed. The issue surfaced around 2 AM UTC, affecting models like CBS250, C1200, CBS350, SG350, and SG550X series […]
The post https://cybersecuritynews.com/cisco-small-business-switches-dns-outage/
.
https://cybersecuritynews.com/cisco-small-business-switches-dns-outage/
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
A new phishing wave is abusing fake DocuSign notifications to drop stealthy malware on Windows systems. The emails copy real DocuSign branding and urge users to review a pending agreement, pushing them toward a link that claims to host the file. Once clicked, the chain shifts from browser to a multi‑stage loader built to dodge […]
The post https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/
.
https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/
New ChatGPT Flaws Allow Attackers to Exfiltrate Sensitive Data from Gmail, Outlook, and GitHub
Critical vulnerabilities in ChatGPT allow attackers to exfiltrate sensitive data from connected services like Gmail, Outlook, and GitHub without user interaction. Dubbed ShadowLeak and ZombieAgent, these flaws exploit the AI’s Connectors and Memory features for zero-click attacks, persistence, and even propagation. OpenAI’s Connectors enable ChatGPT to integrate with external systems such as Gmail, Jira, GitHub, […]
The post https://cybersecuritynews.com/chatgpt-vulnerabilities-expose-sensitive-data/
.
https://cybersecuritynews.com/chatgpt-vulnerabilities-expose-sensitive-data/
Microsoft Unveils a New Tool to Migrate from Slack to Microsoft Teams
Microsoft has launched a native Slack-to-Teams migration tool in the Microsoft 365 admin center, simplifying the transition for organizations migrating collaboration workloads. This feature supports transferring public and private channel content directly into Teams equivalents, preserving messages and continuity. The tool enters public preview via Targeted Release in early December 2025, with rollout completion by […]
The post https://cybersecuritynews.com/microsoft-tool-migrate-slack-to-teams/
.
https://cybersecuritynews.com/microsoft-tool-migrate-slack-to-teams/
Cisco ISE Vulnerability Let Remote attacker Access Sensitive Data – Public PoC Available
Cisco has patched a critical flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that lets authenticated administrators snoop on sensitive server files. Dubbed CVE-2026-20029, the vulnerability stems from a flaw in XML parsing in the web management interface and is assigned a CVSS score yet to be finalized, but is […]
The post https://cybersecuritynews.com/cisco-ise-vulnerability-sensitive-data/
.
https://cybersecuritynews.com/cisco-ise-vulnerability-sensitive-data/