Daily CyberSecurity •

Attackers Weaponize Legitimate RMM Tools via Fake PDFs

RMM Software Abuse AhnLab ASEC Report

Cybercriminals

Attackers Weaponize Legitimate RMM Tools via Fake PDFs

January 13, 2026

The Soviet Ghost: How Carding Markets Survive on Legacy Domains

Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Cybercriminals

The Soviet Ghost: How Carding Markets Survive on Legacy Domains

January 12, 2026

“Boto Cor-de-Rosa”: Banking Malware Astaroth Pivots to WhatsApp in New Campaign

React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Cybercriminals

“Boto Cor-de-Rosa”: Banking Malware Astaroth Pivots to WhatsApp in New Campaign

January 12, 2026

Pig Butchering-as-a-Service: How “Penguin” Industrialized Global Fraud

Pig Butchering-as-a-Service (PBaaS) Crypto Fraud Economy

Cybercriminals

Pig Butchering-as-a-Service: How “Penguin” Industrialized Global Fraud

January 12, 2026

“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network

AsyncRAT Malware Cloudflare Tunnel Abuse

Malware

“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network

January 13, 2026

RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants

Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants

January 12, 2026

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Malware

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

January 9, 2026

Guloader Malware Rides Wave of Fake Performance Reports

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Malware

Guloader Malware Rides Wave of Fake Performance Reports

January 9, 2026

The Solonik Leak: 17.5 Million Instagram Profiles Exposed on Dark Web

Instagram 3 Billion, Reels Focus

Data Leak

The Solonik Leak: 17.5 Million Instagram Profiles Exposed on Dark Web

January 12, 2026

Spy Games or Glitch? The Truth Behind Venezuela’s BGP Leak

Venezuela BGP Leak CANTV

Data Leak

Spy Games or Glitch? The Truth Behind Venezuela’s BGP Leak

January 8, 2026

The Unpatchable Leak: Sony’s PS5 Security Crumples as BootROM Keys Hit the Web

PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Data Leak

The Unpatchable Leak: Sony’s PS5 Security Crumples as BootROM Keys Hit the Web

January 5, 2026

Anna’s Archive Claims 300TB Spotify Mirror, Forcing an Investigation Into a Massive Music Data Leak

Spotify data leak, Anna’s Archive CVE-2025-27154

Data Leak

Anna’s Archive Claims 300TB Spotify Mirror, Forcing an Investigation Into a Massive Music Data Leak

December 23, 2025

Hexaware Partners with AccuKnox for Cloud Security Services Hexaware-768x480_2_1768287544dpGB5zRWbr

Hexaware-768x480_2_1768287544dpGB5zRWbr

Hexaware Partners with AccuKnox for Cloud Security Services

cybernewswire January 13, 2026

Menlo Park, USA, 13th January 2026, CyberNewsWire

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild Gogs Vulnerability CVE-2025-8110

Gogs Vulnerability CVE-2025-8110

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild

Ddos January 13, 2026

Angular Security Alert: High-Severity SVG Flaw CVE-2026-22610 Exposes Apps to XSS Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular Security Alert: High-Severity SVG Flaw CVE-2026-22610 Exposes Apps to XSS

Ddos January 13, 2026

Cutting the Cord: QEMU 11.0 to Expunge 32-Bit Host Support in Cloud Variant QEMU 11.0 Cloud 32-bit host deprecation, QEMU TCG code reduction

QEMU 11.0 Cloud 32-bit host deprecation, QEMU TCG code reduction

Cutting the Cord: QEMU 11.0 to Expunge 32-Bit Host Support in Cloud Variant

Ddos January 13, 2026

Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE Ruckus vRIoT Vulnerability CVE-2025-69425 Ruckus Wireless, Critical Vulnerabilities

Ruckus vRIoT Vulnerability CVE-2025-69425 Ruckus Wireless, Critical Vulnerabilities

Double Critical: Hardcoded Secrets Expose Ruckus IoT Controllers to Root RCE

Ddos January 13, 2026

CVE-2025-52694 (CVSS 10): Critical Advantech SQL Injection Exposes IoT Devices

Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-52694 (CVSS 10): Critical Advantech SQL Injection Exposes IoT Devices

Ddos January 13, 2026

Critical Alert: Moxa Switches Exposed to OpenSSH Remote Code Execution (CVSS 9.8) Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Critical Alert: Moxa Switches Exposed to OpenSSH Remote Code Execution (CVSS 9.8)

Ddos January 13, 2026

Tearing Down the Wall: Google Brings AirDrop Support to the Pixel 9 Google Quick Share AirDrop interoperability, Pixel 9 AirDrop support 2026 Snapdragon AirDrop Quick Share Interoperability Quick Share AirDrop Cross-Platform File Transfer

Google Quick Share AirDrop interoperability, Pixel 9 AirDrop support 2026 Snapdragon AirDrop Quick Share Interoperability Quick Share AirDrop Cross-Platform File Transfer

Tearing Down the Wall: Google Brings AirDrop Support to the Pixel 9

Ddos January 13, 2026

The 2nm Reunion: Qualcomm Confirms Samsung Foundry Talks at CES 2026 Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

The 2nm Reunion: Qualcomm Confirms Samsung Foundry Talks at CES 2026

Ddos January 12, 2026

The Glass Box: Musk Pledges Full X Algorithm & Ad Transparency in 7 Days X Platform, AI Training X open-source algorithm 2026, Elon Musk ad transparency

X Platform, AI Training X open-source algorithm 2026, Elon Musk ad transparency

The Glass Box: Musk Pledges Full X Algorithm & Ad Transparency in 7 Days

Ddos January 12, 2026

Critical React Router Flaws: CVE-2025-61686 Exposes Server Files React Router Vulnerabilities CVE-2025-61686

React Router Vulnerabilities CVE-2025-61686

Critical React Router Flaws: CVE-2025-61686 Exposes Server Files

Ddos January 12, 2026

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data

Ddos January 12, 2026

CVE-2025-68637: Critical Apache Uniffle Flaw Exposes Clusters to Eavesdropping Apache Uniffle Vulnerability CVE-2025-68637

Apache Uniffle Vulnerability CVE-2025-68637

CVE-2025-68637: Critical Apache Uniffle Flaw Exposes Clusters to Eavesdropping

Ddos January 12, 2026

CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow zlib Vulnerability CVE-2026-22184

zlib Vulnerability CVE-2026-22184

CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow

Ddos January 12, 2026

Unpatched & Exposed: Legacy Vivotek Cameras Broadcast Live Video to All Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Unpatched & Exposed: Legacy Vivotek Cameras Broadcast Live Video to All

Ddos January 12, 2026

China-Nexus Actor UAT-7290 Caught Targeting Telecoms in South Asia and Europe UAT-7290 China-nexus Espionage Adversarial Misuse of Generative AI

UAT-7290 China-nexus Espionage Adversarial Misuse of Generative AI

China-Nexus Actor UAT-7290 Caught Targeting Telecoms in South Asia and Europe

Ddos January 12, 2026

Game Over? Critical InputPlumber Flaws Expose Linux Gamers to Hijacking InputPlumber Vulnerability CVE-2025-66005

InputPlumber Vulnerability CVE-2025-66005

Game Over? Critical InputPlumber Flaws Expose Linux Gamers to Hijacking

Ddos January 12, 2026

Does Password Strength Matter In The Days of AI Cyber Attacks? cybersecurity Advertise

cybersecurity Advertise

Does Password Strength Matter In The Days of AI Cyber Attacks?

Ddos January 10, 2026

The Atomic Engine: Meta Secures 6.6 GW of Nuclear Power to Fuel its AI Future Meta nuclear energy deals 6.6GW, Prometheus supercluster Ohio power

Meta nuclear energy deals 6.6GW, Prometheus supercluster Ohio power

The Atomic Engine: Meta Secures 6.6 GW of Nuclear Power to Fuel its AI Future

Ddos January 10, 2026

The Frictionless Frontier: Microsoft Launches “Copilot Checkout” at NRF 2026 Microsoft Copilot Checkout NRF 2026, agentic commerce AI shopping

Microsoft Copilot Checkout NRF 2026, agentic commerce AI shopping

The Frictionless Frontier: Microsoft Launches “Copilot Checkout” at NRF 2026

Ddos January 10, 2026