Security Issues, Vulnerabilities, Exploits & Government Alerts
Ravie LakshmananJan 21, 2026Email Security / Malware LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords. The…
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as…
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest…
Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read…
Ravie LakshmananJan 20, 2026Malware / Threat Intelligence Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan…
The Hacker NewsJan 20, 2026Enterprise Security / AI Security The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go – but their accounts often remain. These…
Ravie LakshmananJan 20, 2026Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio…
Ravie LakshmananJan 20, 2026Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. “The…
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners…
Ravie LakshmananJan 20, 2026Cryptocurrency / Artificial Intelligence A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain…