Aggregator

A vulnerability classified as critical has been found in Siemens TeleControl Server Basic 3.1.2.1/3.1.2.2/3.1.2.3. This vulnerability affects unknown code. Performing a manipulation results in execution with unnecessary privileges. This vulnerability was named CVE-2025-40942. The attack needs to be approached locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Elastic Metricbeat up to 7.17.29/8.19.9/9.1.9/9.2.3. It has been rated as critical. This issue affects some unknown processing of the component Prometheus Helper Module. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2026-0528. Access to the local network is required for this attack to succeed. There is no exploit available.

Feds Warn US May Lose Quantum Race Without Sustained Research Funding
Federal scientists told Congress that failure to reauthorize the National Quantum Initiative threatens to unravel coordinated research and development progress, stall commercialization and allow China to surpass U.S. leadership as adversaries accelerate post-quantum capabilities.

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge
This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

OIG: Gaps in Standards, Third-Party Oversight Put Agencies, Health Sector at Risk
Auditors say the U.S. Department of Health and Human Services should buttress its ability to respond to cyberthreats by standardizing governance and controls across its many divisions - and also do a better job of overseeing its many contractors and the risk they introduce.

Learn about the early 2026 Terraform update, how the change will affect your workflow, and how to successfully navigate any issues that may arise.

An automated routing policy configuration error caused us to leak some Border Gateway Protocol prefixes unintentionally from a router at our Miami data center. We discuss the impact and the changes we are implementing as a result.

Most security programs don’t fail because leaders make bad decisions. They fail because leaders make decisions without enough clarity. And clarity is exactly what modern environments have taken away. An October 2025 commissioned study conducted by Forrester Consulting on behalf of NETSCOUT shows something every...

A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real time. Security researchers discovered that cybercriminals are now leveraging generative AI systems to create malicious code that loads dynamically after users visit seemingly safe websites. This […]

The post Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds appeared first on Cyber Security News.

eBay 更新了它的用户协议，明确禁止第三方生成式 AI 未经许可与该平台互动代替用户自动购物。新条款将于 2026 年 2 月 20 日生效。过去一年多家 AI 公司推出了自动购物的 AI 功能：OpenAI 推出 Instant Checkout，允许用户直接在聊天界面从 Etsy 和 Shopify 商家购物；Perplexity 为其付费客户提供了 Buy with Pro 功能，亚马逊提供了 Buy For Me 功能。eBay 新条款禁止的是第三方自动购物，没有排除它可能会自己提供 AI 购物功能。

Выявлена новая схема кражи криптовалюты через поддельные сайты видеоконференций.

Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. [...]

双引擎更强劲，DualLM帮你更好分析安全补丁~

“Russia’s aggressive actions have consequences," Foreign Minister Johann Wadephul said after Germany announced a Russian diplomat had been expelled on suspicions of espionage.

Невесомость покажет, как они растут без искажений гравитации… и даст ключ к лекарству.

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix...

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made phishing kits are currently used by a number of threat actors that go after credentials and authentication factors to gain access to corporate systems and assets. “These custom kits are made available on an as-a-service … More →

The post Okta users under attack: Modern phishing kits are turbocharging vishing attacks appeared first on Help Net Security.

本次微访谈于1月20日举行，邀请了11位来自国内高校和企业的专家分享自己的观点和看法

Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. [...]