Third-party identity verification provider breach exposes government ID images (Total Wireless / Veriff)
(Wednesday January 21, 2026)
ENTITY INFORMATION
SUBMITTED BY
COUNSEL
BREACH INFORMATION
reporting agencies been notified:
combination with:
NOTIFICATION AND PROTECTION SERVICES
EXPERIAN_JOB48255D18_VER_L01_DBM-5461_SAS_1.PDF
[/cgi-bin/agviewerad/ret?loc=3504]
and a brief description of the service: TOTAL WIRELESS HAS ARRANGED
WITH EXPERIAN TO OFFER AFFECTED INDIVIDUALS WITH COMPLIMENTARY CREDIT
MONITORING AND IDENTITY RESTORATION SERVICES FOR 12 MONTHS.
Excel)
CREDITS
Copyright © 2014
All rights...
When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches
(Wednesday January 21, 2026)
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
(Wednesday January 21, 2026)
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
(Wednesday January 21, 2026)
Zoom and GitLab have released security updates to resolve a number of
security vulnerabilities that could result in denial-of-service (DoS)
and remote code execution. The most severe of the lot is a critical
security flaw impacting Zoom Node Multimedia Routers (MMRs) that could
permit a meeting participant to conduct remote code execution attacks.
The vulnerability, tracked as CVE-2026-22844
Infostealers are being used to create legitimate samples resembling a full blown data breach, resulting in a PR nightmare for companies
(Wednesday January 21, 2026)
Break LLM Workflows with Claude's Refusal Magic String
(Wednesday January 21, 2026)
How Anthropic's refusal test string can be abused to stop streaming responses and create sticky failures.
A new era of agents, a new era of posture
(Wednesday January 21, 2026)
AI agents are transforming how organizations operate, but their
autonomy also expands the attack surface.
The post .
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff
(Wednesday January 21, 2026)
Pro-Russian denial-of-service attacks target UK, NCSC warns
(Wednesday January 21, 2026)
Exposure Assessment Platforms Signal a Shift in Focus
(Wednesday January 21, 2026)
Gartner® doesn’t create new categories lightly. Generally speaking,
a new acronym only emerges when the industry's collective "to-do list"
has become mathematically impossible to complete. And so it seems that
the introduction of the Exposure Assessment Platforms (EAP) category
is a formal admission that traditional Vulnerability Management (VM)
is no longer a viable way to secure a modern
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
(Wednesday January 21, 2026)
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
(Wednesday January 21, 2026)
Fake PNB MetLife payment pages abusing UPI & Telegram bots
(Wednesday January 21, 2026)
Universal News Scraper
(Wednesday January 21, 2026)
A robust CLI news scraper and aggregator. Features topic auto-discovery (via Bing RSS), anti-blocking logic, keyword/date filtering, and JSON/CSV export. Built with Python & Rich. - Ilias1988/Universal-News-Scraper
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
(Wednesday January 21, 2026)
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
(Wednesday January 21, 2026)
When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management
(Wednesday January 21, 2026)
Discover how a decade-old vulnerability class leads to pre-authentication Remote Code Execution (RCE) in an enterprise API management platform. This article details the end-to-end compromise of an API Gateway, from initial subdomain reconnaissance and API fuzzing to achieving an interactive reverse shell via unsafe Java deserialization in unauthenticated cluster sync endpoints.
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
(Wednesday January 21, 2026)
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
(Tuesday January 20, 2026)
Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure
(Tuesday January 20, 2026)
Four priorities for AI-powered identity and network access security in 2026
(Tuesday January 20, 2026)
Discover four key identity and access priorities for the new year to
strengthen your organization's identity security baseline.
The post .
The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network
(Tuesday January 20, 2026)
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
(Tuesday January 20, 2026)
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
(Tuesday January 20, 2026)
Building Trust in AI Agent Ecosystems
(Tuesday January 20, 2026)
Explore how enterprises build secure AI agent ecosystems using
frameworks and tools like Project CodeGuard and MCP Scanner to ensure
trust and accountability.
The Hidden Risk of Orphan Accounts
(Tuesday January 20, 2026)
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
(Tuesday January 20, 2026)
Cloudflare Zero-day: Accessing Any Host Globally
(Tuesday January 20, 2026)
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
(Tuesday January 20, 2026)
Why Secrets in JavaScript Bundles are Still Being Missed
(Tuesday January 20, 2026)
Leaked API keys are no longer unusual, nor are the breaches that
follow. So why are sensitive tokens still being so easily exposed? To
find out, Intruder’s research team looked at what traditional
vulnerability scanners actually cover and built a new secrets
detection method to address gaps in existing approaches. Applying
this at scale by scanning 5 million applications revealed over
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
(Tuesday January 20, 2026)
A Telegram-based guarantee marketplace known for advertising a broad
range of illicit services appears to be winding down its operations,
according to new findings from Elliptic. The blockchain intelligence
company said Tudou Guarantee has effectively ceased transactions
through its public Telegram groups following a period of significant
growth. The marketplace is estimated to have processed
Hackers disrupt Iranian state TV to support exiled prince
(Tuesday January 20, 2026)
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
(Monday January 19, 2026)
Cybersecurity researchers have disclosed details of a security flaw
that leverages indirect prompt injection targeting Google Gemini as a
way to bypass authorization guardrails and use Google Calendar as a
data extraction mechanism. The vulnerability, Miggo Security's Head of
Research, Liad Eliyahu, said, made it possible to circumvent Google
Calendar's privacy controls by hiding a dormant
Frida 17.6.0 released – major Android stability improvements, Android 16 support
(Monday January 19, 2026)
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
(Monday January 19, 2026)
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
(Monday January 19, 2026)
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
(Monday January 19, 2026)
A team of academics from the CISPA Helmholtz Center for Information
Security in Germany has disclosed the details of a new hardware
vulnerability affecting AMD processors. The security flaw, codenamed
StackWarp, can allow bad actors with privileged control over a host
server to run malicious code within confidential virtual machines
(CVMs), undermining the integrity guarantees provided by AMD
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
(Monday January 19, 2026)
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
(Monday January 19, 2026)
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes
(Sunday January 18, 2026)
DNS sinkholing does not erase abuse infrastructure but captures it at the moment of intervention, creating a stable boundary from which pre-takedown organiza...
Successful Errors: New Code Injection and SSTI Techniques
(Sunday January 18, 2026)
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
(Sunday January 18, 2026)
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
(Saturday January 17, 2026)
React2shell attack lab
(Saturday January 17, 2026)
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
(Saturday January 17, 2026)
OpenAI on Friday said it would start showing ads in ChatGPT to
logged-in adult U.S. users in both the free and ChatGPT Go tiers in
the coming weeks, as the artificial intelligence (AI) company expanded
access to its low-cost subscription globally. "You need to know that
your data and conversations are protected and never sold to
advertisers," OpenAI said. "And we need to keep a high bar and give
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
(Friday January 16, 2026)
StackWarp: Exploiting Stack Layout Vulnerabilities in Modern Processors
(Friday January 16, 2026)
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
(Friday January 16, 2026)
Cybersecurity researchers have discovered five new malicious Google
Chrome web browser extensions that masquerade as human resources (HR)
and enterprise resource planning (ERP) platforms like Workday,
NetSuite, and SuccessFactors to take control of victim accounts. "The
extensions work in concert to steal authentication tokens, block
incident response capabilities, and enable complete account
Your Digital Footprint Can Lead Right to Your Front Door
(Friday January 16, 2026)
You lock your doors at night. You avoid sketchy phone calls. You’re
careful about what you post on social media. But what about the
information about you that’s already out there—without your
permission? Your name. Home address. Phone number. Past jobs. Family
members. Old usernames. It’s all still online, and it’s a lot
easier to find than you think. The hidden safety threat lurking online
Most
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
(Friday January 16, 2026)
Security experts have disclosed details of a new campaign that has
targeted U.S. government and policy entities using politically themed
lures to deliver a backdoor known as LOTUSLITE. The targeted malware
campaign leverages decoys related to the recent geopolitical
developments between the U.S. and Venezuela to distribute a ZIP
archive ("US now deciding what's next for Venezuela.zip")
Multiple cross-site leaks disclosing Facebook users in third-party websites
(Friday January 16, 2026)
Instagram account takeover via Meta Pixel script abuse
(Friday January 16, 2026)
Leaking Meta FXAuth Token leading to 2 click Account Takeover
(Friday January 16, 2026)
What is "Has Madison Account" in Account info subscriber on Google account
(Friday January 16, 2026)
China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusions
(Friday January 16, 2026)
Weekly Update 486
(Friday January 16, 2026)
. It’s special here, like a second home that just feels…
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
(Friday January 16, 2026)
WinBoat: Drive by Client RCE + Sandbox escape.
(Friday January 16, 2026)
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
(Thursday January 15, 2026)
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
(Thursday January 15, 2026)
Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.
WEF: AI overtakes ransomware as fastest-growing cyber risk
(Thursday January 15, 2026)
Demonstration: prompt-injection failures in a simulated help-desk LLM
(Thursday January 15, 2026)
The requested lab could not be found.
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
(Thursday January 15, 2026)
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
(Thursday January 15, 2026)
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
(Thursday January 15, 2026)
Smashing Security podcast #450: From Instagram panic to Grok gone wild
(Thursday January 15, 2026)
Most Inspiring Women in Cyber 2026: Meet The Judges
(Thursday January 15, 2026)
Next month, the annual Most Inspiring Women in Cyber Awards will take
place at The BT Tower, London, celebrating some of the industry’s
most inspirational – and oftentimes unsung – women. Sponsored by
Fidelity International, BT, Plexal and Bridewell, and proudly
supported by industry-leading diversity groups WiTCH, WiCyS UK&I and
Seidea, the 2026 event is […]
The post .
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
(Thursday January 15, 2026)
Cisco’s Journey in AI Workforce Transformation
(Thursday January 15, 2026)
Cisco’s latest AI research reveals how AI is reshaping the way Cisco
employees work—and what that means for individual and team
engagement, performance, career growth, and leadership.
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
(Thursday January 15, 2026)
As AI copilots and assistants become embedded in daily work, security
teams are still focused on protecting the models themselves. But
recent incidents suggest the bigger risk lies elsewhere: in the
workflows that surround those models. Two Chrome extensions posing as
AI helpers were recently caught stealing ChatGPT and DeepSeek chat
data from over 900,000 users. Separately, researchers
4 Outdated Habits Destroying Your SOC's MTTR in 2026
(Thursday January 15, 2026)
It’s 2026, yet many SOCs are still operating the way they did years
ago, using tools and processes designed for a very different threat
landscape. Given the growth in volumes and complexity of cyber
threats, outdated practices no longer fully support analysts’ needs,
staggering investigations and incident response. Below are four
limiting habits that may be preventing your SOC from evolving at
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
(Thursday January 15, 2026)
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
(Thursday January 15, 2026)
Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC
(Thursday January 15, 2026)
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
(Thursday January 15, 2026)
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
(Wednesday January 14, 2026)
Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms
(Wednesday January 14, 2026)
Cisco AI Summit will define what comes next
(Wednesday January 14, 2026)
Cisco AI Summit brings together Jensen Huang, Sam Altman, Matt Garman,
Marc Andreessen, Dr. Fei-Fei Li, and more to define how artificial
intelligence will reshape business and society.
FBI raids home and seizes phone of Washington Post journalist
(Wednesday January 14, 2026)
The reporter had previously reported on the Trump administration's
efforts to fire hundreds of thousands of federal workers.
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
(Wednesday January 14, 2026)
Introduction
AI Agents Are Becoming Authorization Bypass Paths
(Wednesday January 14, 2026)
Not long ago, AI agents were harmless. They wrote snippets of code.
They answered questions. They helped individuals move a little faster.
Then organizations got ambitious. Instead of personal copilots,
companies started deploying shared organizational AI agents - agents
embedded into HR, IT, engineering, customer support, and operations.
Agents that don’t just suggest, but act. Agents
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations
(Wednesday January 14, 2026)
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
(Wednesday January 14, 2026)
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
(Wednesday January 14, 2026)
Fortinet has released updates to fix a critical security flaw
impacting FortiSIEM that could allow an unauthenticated attacker to
achieve code execution on susceptible instances. The operating system
(OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4
out of 10.0 on the CVSS scoring system. "An improper neutralization of
special elements used in an OS command ('OS command
Keeper Security puts Atlassian Williams F1 Team in pole position on cybersecurity
(Wednesday January 14, 2026)
In Formula 1, milliseconds matter… and so does security. Keeper
Security has helped Atlassian Williams F1 Team tighten its cyber
defences, revealing how the iconic racing team is using KeeperPAM to
protect its data, systems and global operations without taking its
foot off the accelerator. Announced on 13 January 2026, a new case
study from […]
The post .
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
(Wednesday January 14, 2026)
