⚠️ Researchers disclosed a one-click Copilot attack that enables silent data exfiltration.

A legitimate Copilot URL injects hidden instructions, bypasses safeguards, and can keep exfiltrating data even after the chat is closed.

🔗 Learn more → https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html

🚨 A WordPress plugin with 40,000+ active installs is being actively exploited.

CVE-2026-23550 (CVSS 10.0) in Modular DS allows unauthenticated attackers to gain admin access by bypassing authentication through a flawed routing mechanism.

🔗 Details → https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html

🧠🔐 AI security isn’t a model problem. It’s a workflow problem.

As AI connects apps, data, and actions, attackers target context—inputs, outputs, extensions, and permissions—not algorithms

🔗 Why AI workflow control now defines real security → https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html

🔐⚙️ AWS fixed a CI misconfiguration in some AWS-managed GitHub repos, including the AWS JavaScript SDK.

The flaw, CodeBreach, involved broken webhook regex filters that could let untrusted users trigger privileged builds and expose admin tokens.

🔗 Read here → https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html

🚨 Cisco fixed a CVSS 10.0 RCE in AsyncOS after it was exploited as a zero-day by the China-nexus APT UAT-9686.

The flaw enables root-level command execution through the Spam Quarantine feature when it is exposed to the internet.

🔗 Read details → https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html

🇨🇳 A China-linked threat actor has targeted North American critical infrastructure.

Tracked as UAT-8837, the group seeks initial access to high-value networks, then maps Active Directory and steals credentials using mostly open-source tools.

Talos says a Sitecore zero-day was recently exploited to gain entry.

🔗 Read → https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

🚨 A China-linked group targeted U.S. government and policy entities using Venezuela-themed phishing lures.

The campaign delivered the LOTUSLITE backdoor via DLL side-loading. No confirmed compromises.

🔗 Details → https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html

⚠️ Update: Check Point says CVE-2025-37164 is being mass-exploited to spread the RondoDox botnet, with 40,000+ attacks on Jan 7.

The activity targeted government, finance, and industrial sectors, prompting same-day KEV inclusion.

🔗 Read → https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

Most people lock down passwords but forget what’s already public.

🧾 Home addresses and phone numbers are listed on data broker sites anyone can search. That visibility increases the risk of doxxing, scams, and real-world harassment.

🔗 How public data turns into a safety risk → https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html

🚨 Researchers uncovered 5 malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite.

They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation.

🔗 Details here → https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html

⚠️ GootLoader now uses 500–1,000 ZIP files glued together!

The broken ZIP won’t open in WinRAR or 7-Zip, but Windows Explorer still opens it and runs the JavaScript malware. Each download is different, so file hashes don’t match.

🔗 Learn how this ZIP trick bypasses defenses → https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html

OpenAI will start showing ads in ChatGPT for logged-in adult U.S. users on Free and Go plans.

📢 Ads are clearly labeled, appear only at the bottom of chats, and do not influence responses. OpenAI says conversations aren’t sold to advertisers, and ad personalization can be turned off.

🔗 Read → https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html

🚨 Authorities added Black Basta’s alleged leader, Oleg Nefedov, to the EU Most Wanted list and issued an INTERPOL Red Notice.

Police say he directed targeting, recruitment, and ransom handling for a ransomware group that pulled in hundreds of millions in crypto.

Leaked internal chats later exposed the operation.

🔗 Inside Black Basta → https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html

⚠️ Researchers exploited an XSS flaw in the StealC malware control panel and exposed its operators.

They extracted system fingerprints, live sessions, and cookies from infrastructure built to steal data—showing how fragile MaaS setups can be.

🔗 Read → https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html

🚨 A fake Chrome ad blocker crashes the browser on purpose, then tricks users into running attacker commands.

Huntress calls it CrashFix, an evolved ClickFix tactic linked to the KongTuke traffic distribution system for reuse in follow-on attacks.

🔗 Learn how the crash-and-fix loop works → https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html

🚨 AMD StackWarp flaw weakens SEV-SNP VM isolation.

A hardware bug in Zen 1–5 CPUs lets a privileged host misuse a control bit (via hyperthreading) to corrupt a confidential VM’s stack, enabling key recovery and auth bypass.

🔗 Details & fixes → https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html

⚡ Cybersecurity Recap: From critical exploits to cloud missteps and AI-driven attacks, the threat surface keeps expanding.

See how defenders are adapting—and where the next wave is forming.

🔗 Read the full Weekly Recap → https://thehackernews.com/2026/01/weekly-recap-fortinet-exploits-redline.html

⚠️ DevOps SaaS isn’t “always on.” In 2024, GitHub, Jira, and Azure DevOps logged 502 incidents, causing 4,755 hours of outages or degraded service.

Early 2025 data shows a 69% YoY rise in major incidents. Shared responsibility leaves data protection with you.

🔗 Read → https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html

🚨 Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites.

A hidden prompt in an event could trigger Gemini, when asked about a schedule, to summarize private meetings into a new calendar entry—visible to attackers in some enterprise setups.

No user action required.

🔗 Read → https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html