Jan 06, 2026Ravie LakshmananIoT Security / Vulnerability The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device.… Read More "Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover"
A new multi-stage malware campaign targeting hospitality organizations during the peak holiday season has been observed, using social engineering techniques such as fake CAPTCHA prompts and simulated Blue Screen of Death (BSOD) errors to trick users into manually executing malicious code. Tracked… Read More "Hospitality Sector Hit By PHALT#BLYX ClickFix Malware Campaign"
A data breach occurs when sensitive information is exposed to the public without authorization. These events are growing in popularity, costing businesses an average of USD 4.44 million per event. Unfortunately, many companies are unknowingly still repeating the same mistakes… Read More "How to Prevent Data Breaches in 2026 (Highly Effective Strategy)"
Jan 06, 2026Ravie LakshmananThreat Intelligence / Cloud Security Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX… Read More "VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX"
The information security landscape is constantly evolving, which is why it’s so important to stay up to date with the latest trends, threats, and advancements. Given that a Google search for cybersecurity websites produces millions of results, we thought we… Read More "The Top Cybersecurity Websites and Blogs of 2026"
Jan 06, 2026Ravie LakshmananMalware / Endpoint Security Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the… Read More "Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat"
A new Cyber Unit to coordinate responses to cyber threats across the public sector and an ambassador scheme to help encourage secure software development have been announced as part of the UK government’s new Cyber Action plan. Designed to make… Read More "UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats"
Organizations of all sizes that store, process, or transmit credit card data must comply with PCI DSS (Payment Card Industry Data Security Standards). The PCI standard’s 12 principal requirements can prove challenging for organizations to achieve and maintain, especially those… Read More "How to Prepare for a PCI DSS 4.0 Audit in 7 Steps in 2026"
India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act India’s Telecommunications Act punishes SIM tampering and possession of unauthorized equipment, boosting accountability and telecom cybersecurity. The Indian government has introduced explicit legal provisions under subsection… Read More "India Introduces New Reforms To The Telecommunications Act"
Jan 06, 2026The Hacker NewsSaaS Security / Enterprise Security The Invisible Half of the Identity Universe Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented… Read More "What is Identity Dark Matter?"
