Threat Note

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses. Read More  

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools

 Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455,…

 Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time…

[[{"value":"Other noteworthy stories that might have slipped under the radar: BodySnatcher agentic AI hijacking, Telegram IP exposure, shipping systems hacked by researcher. The post In Other News: FortiSIEM Flaw Exploited,…

Security professionals are moving on up the executive ranks as enterprises face rising regulatory and compliance standards. Read More  

[[{"value":"The company will use the investment to accelerate the adoption of its solution among financial institutions and digital businesses. The post Monnai Raises $12 Million for Identity and Risk Data…

[[{"value":"The startup is building the necessary infrastructure and tools to help organizations transition to post-quantum computing. The post Project Eleven Raises $20 Million for Post-Quantum Security appeared first on SecurityWeek."}]] Read…

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account

Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense. Read More  

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 16, 2026 –Read the full story in AIInvest The macro tailwind for the cybersecurity sector is…

[[{"value":"The incident impacted the personal information of CIRO member firms and their registered employees. The post 750,000 Impacted by Data Breach at Canadian Investment Watchdog appeared first on SecurityWeek."}]] Read More  

[[{"value":"We've known that social engineering would get AI wings. Now, at the beginning of 2026, we are learning just how high those wings can soar. The post Cyber Insights 2026:…

[[{"value":"The critical issue impacts Bluetooth audio accessories with improper Google Fast Pair implementations. The post WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking appeared first on SecurityWeek."}]] Read More