⚡ Identity risk is no longer about bad policies. It’s about blind spots.

IAM tools only cover what’s fully onboarded. Everything else becomes identity dark matter, where accounts and access exist without oversight.

As environments scale, this unmanaged layer grows quietly.

🔗 How identity goes dark → https://thehackernews.com/2026/01/what-is-identity-dark-matter.html

AI-powered VS Code forks are suggesting extensions that are missing from Open VSX.

That gap leaves the names unclaimed, letting anyone publish code under them.

Koi showed how a fake PostgreSQL extension spread via a single click.

🔗 Read → https://thehackernews.com/2026/01/vs-code-forks-recommend-missing.html

The Patching Paradox: You can't patch a device while it’s saving a life.

Stop chasing 10k vulnerabilities and start validating True Risk. Join us Jan 20 to learn how to secure legacy IoMT without clinical downtime.

Save your seat: https://thn.news/healthcare-sec-insights

⚠️ Bluetooth headphones built on Airoha chips have flaws that let attackers connect without pairing and control device functions over the air.

The issue sits in the RACE protocol and requires vendor firmware updates to fix.

🔗 Learn more → https://thehackernews.com/2026/01/weekly-recap-iot-exploits-wallet.html#:~:text=Flaws%20in%20Bluetooth%20Headphones%20Using%20Airoha%20Chips%20Detailed

🚨 CERT/CC disclosed an unpatched flaw in the end-of-life TOTOLINK EX200.

A firmware upload error can start an unauthenticated root telnet service, giving full control after web admin access.

🔗 Read → https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html

⚠️ Warning: Two Chrome extensions with 900,000+ installs were found stealing ChatGPT and DeepSeek conversations, plus all open tab URLs.

Researchers call this prompt poaching.

🔗 Read here → https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html

🛑 European hotels are facing a phishing campaign abusing Booking-com cancellation emails.

Victims hit a fake site, see a fake blue screen, and are told to run a PowerShell “fix.” That installs DCRat via MSBuild.exe, sets Defender exclusions, and persists on the system.

🔗 Learn more → https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html

🚨 Active exploitation is hitting old D-Link DSL router.

CVE-2026-0625 (CVSS 9.3) allows unauthenticated remote code execution via the dnscfg.cgi endpoint.

The same DNSChanger-style abuse seen in past hijacking campaigns is resurfacing, and many affected models are end of life and no longer maintained.

🔗 Active exploitation details → https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html

🛑 The breach doesn’t always start with phishing anymore. In some cases, it starts during hiring.

Synthetic resumes, cloned voices, and live video deepfakes can pass standard remote interviews.

Once hired, attackers gain legitimate access, time, and trust inside the environment.

🔗 Why hiring is now an attack surface → https://thehackernews.com/expert-insights/2026/01/deepfake-job-hires-when-your-next.html

Microsoft says attackers are abusing misconfigured MX routing and weak spoof protections to send phishing emails that appear internal.

Some emails use the same address in both “From” and “To,” enabling credential theft and BEC.

🔗 Read → https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html

⚠️ Veeam fixed a critical Backup & Replication flaw enabling remote code execution as the postgres user.

CVE-2025-59470 can be abused by authenticated Backup or Tape Operators via crafted parameters.

The update also fixes two additional RCE flaws and a root-level file write issue.

🔗 Read → https://thehackernews.com/2026/01/veeam-patches-critical-rce.html

🚨 Warning - Yet another n8n vulnerability.

n8n disclosed a CVSS 10.0 RCE flaw allowing authenticated users to execute untrusted code and fully compromise an instance.

CVE-2026-21877 affects cloud and self-hosted deployments running versions ≥0.123.0 and <1.121.3.

🔗 Read → https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html

🤖 Non-human accounts now rival humans in security risk. As AI and automation expand, service accounts and bots are gaining deep, unmanaged cloud access.

51% of security teams now rank non-human identity security as a top priority. Don't let machine identities become your biggest blind spot.

🔗 Read more: https://thehackernews.com/2026/01/the-future-of-cybersecurity-includes.html

🔥 WEBINAR ALERT - Most attacks today don’t drop malware. They blend into tools your teams already trust.

That’s why alerts stay quiet while real risk moves forward. Fileless and Living-off-the-Land attacks are now standard tradecraft.

🔗 Join our next webinar on how teams are closing this gap. Register here → https://thehackernews.com/2026/01/webinar-learn-how-ai-powered-zero-trust.html

🚨 Another CVSS 10.0 n8n vulnerability disclosed.

Researchers found another critical flaw (CVE-2026-21858) in n8n that lets remote attackers take full control with no authentication required.

The bug abuses Content-Type handling in form webhooks to read local files, steal secrets, forge admin sessions, and achieve RCE.

🔗 Details here → https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html

Black Cat is running an SEO poisoning campaign that ranks fake software sites in search results.

The group impersonates tools like Notepad++, tricking users into installing trojanized installers that drop a backdoor stealing browser data, keystrokes, clipboard contents, and enabling remote access.

🔗 Read → https://thehackernews.com/2026/01/black-cat-behind-seo-poisoning-malware.html

🏥 OpenAI launched ChatGPT Health, a sandboxed space for health chats.

Users can link medical records and wellness apps. Data uses purpose-built 🔒 encryption, stays siloed, isn’t used to train models, and doesn’t affect other chats.

🔗 Details here → https://thehackernews.com/2026/01/openai-launches-chatgpt-health-with.html

CISA added two flaws to its KEV list, citing evidence of exploitation.

🧩 PowerPoint RCE (CVSS 8.8) — memory corruption enables remote code execution
🚨 HPE OneView RCE (CVSS 10.0) — unauthenticated, affects all versions before 11.00

🔗 Read → https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

🗓️ Federal agencies must patch by Jan 28, 2026.

Ransomware has moved past simple extortion.

Stolen data is now auctioned when ransoms fail, turning breaches into repeat revenue. Data auctions expand profits, attract more actors, and scale attacks faster.

🔗 Read → https://thehackernews.com/2026/01/weekly-recap-iot-exploits-wallet.html#:~:text=Ransomware%20Turns%20Breaches%20into%20Bidding%20Wars

Large enterprises now run 45 security tools on average, yet 52% of executives say complexity blocks effective security. Vendor consolidation cut costs, not operational results.

That gap is driving a rethink of what a security “platform” should actually deliver.

🔗 Read → https://thehackernews.com/expert-insights/2026/01/the-security-platform-is-dead-long-live.html

Researchers disclosed multiple critical flaws in Coolify that let authenticated users run commands as root, enabling full server compromise.

The issues span 11 CVEs rated up to 10.0 and impact 52,890 internet-exposed hosts.

🔗 Details here → https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html