Ravie LakshmananJan 22, 2026Cryptojacking / Malware A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The… Read More "Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts"
Ravie LakshmananJan 22, 2026Network Security / Vulnerability Cybersecurity company Arctic Wolf has warned of a “new cluster of automated malicious activity” that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026,… Read More "Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations"
Ravie LakshmananJan 22, 2026Vulnerability / Zero-Day Cisco has released fresh patches to address what it described as a “critical” security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a… Read More "Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex"
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That’s according to new findings from Check Point Research, which identified operational… Read More "VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code"
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development… Read More "North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews"
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical… Read More "Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws"
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is… Read More "Exposure Assessment Platforms Signal a Shift in Focus"
The Hacker NewsJan 21, 2026Artificial Intelligence / Automation Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets. The truth? Most MSSPs are running… Read More "How Smart MSSPs Using AI to Boost Margins with Half the Staff"
Ravie LakshmananJan 21, 2026Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security… Read More "Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs"
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects… Read More "CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution"
