⏱️ 🔍 Many SOCs in 2026 still rely on manual malware review, which slows investigations as alert volumes rise.

Automation-first workflows reduce tool switching and manual correlation, shifting analyst time toward response. In enterprise SOCs using automated sandboxing, MTTR dropped by ~21 minutes per incident.

🔗 Learn how automation reduces response friction → https://thehackernews.com/2026/01/4-outdated-habits-destroying-your-socs.html

🛑 Microsoft says it disrupted RedVDS, a crimeware-as-a-service platform tied to phishing and financial fraud.

For $24/month, criminals rented disposable, no-log Windows RDP servers to run scams at scale. Microsoft links RedVDS activity to ~$40M in reported U.S. fraud losses since March 2025.

🔗 Details here → https://thehackernews.com/2026/01/microsoft-legal-action-disrupts-redvds.html

🛑 Palo Alto Networks patched a high-severity DoS flaw in GlobalProtect.

CVE-2026-0227 (CVSS 7.7) lets unauthenticated attackers repeatedly crash firewalls into maintenance mode.

🛡️ PoC exists; no active exploitation seen.

🔗 Read → https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html

🚨 50 CISOs surveyed. 1 clear AI priority for 2026.

As AI agents access source code, cloud infrastructure & customer data, security leaders are making tough budget decisions.

New survey data reveals:
✓ The #1 AI risk driving 2026 budgets
✓ Where current AI security falls short
✓ Which controls get funded first
✓ Budget allocation figures

Beyond Identity is sharing the complete findings in their next webinar:

📅 Tuesday, Jan 27 | 12pm ET
🔗Register here: https://thn.news/ciso-ai-insights

🚨 This week’s ThreatsDay Bulletin!

Hackers are hiding in everyday systems — cloning voices, faking invoices, breaking controllers, and stealing $26M in crypto.

Each story shows how attacks now look normal until it’s too late.

🔗 Full report: https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html

⚠️ Researchers disclosed a one-click Copilot attack that enables silent data exfiltration.

A legitimate Copilot URL injects hidden instructions, bypasses safeguards, and can keep exfiltrating data even after the chat is closed.

🔗 Learn more → https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html

🚨 A WordPress plugin with 40,000+ active installs is being actively exploited.

CVE-2026-23550 (CVSS 10.0) in Modular DS allows unauthenticated attackers to gain admin access by bypassing authentication through a flawed routing mechanism.

🔗 Details → https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html

🧠🔐 AI security isn’t a model problem. It’s a workflow problem.

As AI connects apps, data, and actions, attackers target context—inputs, outputs, extensions, and permissions—not algorithms

🔗 Why AI workflow control now defines real security → https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html

🔐⚙️ AWS fixed a CI misconfiguration in some AWS-managed GitHub repos, including the AWS JavaScript SDK.

The flaw, CodeBreach, involved broken webhook regex filters that could let untrusted users trigger privileged builds and expose admin tokens.

🔗 Read here → https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html

🚨 Cisco fixed a CVSS 10.0 RCE in AsyncOS after it was exploited as a zero-day by the China-nexus APT UAT-9686.

The flaw enables root-level command execution through the Spam Quarantine feature when it is exposed to the internet.

🔗 Read details → https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html

🇨🇳 A China-linked threat actor has targeted North American critical infrastructure.

Tracked as UAT-8837, the group seeks initial access to high-value networks, then maps Active Directory and steals credentials using mostly open-source tools.

Talos says a Sitecore zero-day was recently exploited to gain entry.

🔗 Read → https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

🚨 A China-linked group targeted U.S. government and policy entities using Venezuela-themed phishing lures.

The campaign delivered the LOTUSLITE backdoor via DLL side-loading. No confirmed compromises.

🔗 Details → https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html

⚠️ Update: Check Point says CVE-2025-37164 is being mass-exploited to spread the RondoDox botnet, with 40,000+ attacks on Jan 7.

The activity targeted government, finance, and industrial sectors, prompting same-day KEV inclusion.

🔗 Read → https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

Most people lock down passwords but forget what’s already public.

🧾 Home addresses and phone numbers are listed on data broker sites anyone can search. That visibility increases the risk of doxxing, scams, and real-world harassment.

🔗 How public data turns into a safety risk → https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html

🚨 Researchers uncovered 5 malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite.

They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation.

🔗 Details here → https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html

⚠️ GootLoader now uses 500–1,000 ZIP files glued together!

The broken ZIP won’t open in WinRAR or 7-Zip, but Windows Explorer still opens it and runs the JavaScript malware. Each download is different, so file hashes don’t match.

🔗 Learn how this ZIP trick bypasses defenses → https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html

OpenAI will start showing ads in ChatGPT for logged-in adult U.S. users on Free and Go plans.

📢 Ads are clearly labeled, appear only at the bottom of chats, and do not influence responses. OpenAI says conversations aren’t sold to advertisers, and ad personalization can be turned off.

🔗 Read → https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html

🚨 Authorities added Black Basta’s alleged leader, Oleg Nefedov, to the EU Most Wanted list and issued an INTERPOL Red Notice.

Police say he directed targeting, recruitment, and ransom handling for a ransomware group that pulled in hundreds of millions in crypto.

Leaked internal chats later exposed the operation.

🔗 Inside Black Basta → https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html

⚠️ Researchers exploited an XSS flaw in the StealC malware control panel and exposed its operators.

They extracted system fingerprints, live sessions, and cookies from infrastructure built to steal data—showing how fragile MaaS setups can be.

🔗 Read → https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html

🚨 A fake Chrome ad blocker crashes the browser on purpose, then tricks users into running attacker commands.

Huntress calls it CrashFix, an evolved ClickFix tactic linked to the KongTuke traffic distribution system for reuse in follow-on attacks.

🔗 Learn how the crash-and-fix loop works → https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html

🚨 AMD StackWarp flaw weakens SEV-SNP VM isolation.

A hardware bug in Zen 1–5 CPUs lets a privileged host misuse a control bit (via hyperthreading) to corrupt a confidential VM’s stack, enabling key recovery and auth bypass.

🔗 Details & fixes → https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html