Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Johnson Controls Metasys Products | CISA

by CISA
January 27, 2026
Security News, Assessments & Alerts
1 min read

View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Metasys Products are affected: Metasys Application and Data…

Prioritization, Validation, and Outcomes That Matter

The Hacker NewsJan 27, 2026Attack Surface Management / Cyber Risk Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who…

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked…

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The…

Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation

Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out…

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire…

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to…

Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Ravie LakshmananJan 26, 2026Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving…

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

The Hacker NewsJan 26, 2026Endpoint Security / Artificial Intelligence If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to…

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Ravie LakshmananJan 26, 2026Malware / Endpoint Security The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the…

« Previous
1
…
83
84
85
86
87
…
523
Next »