⚠️ Update: Check Point says CVE-2025-37164 is being mass-exploited to spread the RondoDox botnet, with 40,000+ attacks on Jan 7.

The activity targeted government, finance, and industrial sectors, prompting same-day KEV inclusion.

🔗 Read → https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

Most people lock down passwords but forget what’s already public.

🧾 Home addresses and phone numbers are listed on data broker sites anyone can search. That visibility increases the risk of doxxing, scams, and real-world harassment.

🔗 How public data turns into a safety risk → https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html

🚨 Researchers uncovered 5 malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite.

They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation.

🔗 Details here → https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html

⚠️ GootLoader now uses 500–1,000 ZIP files glued together!

The broken ZIP won’t open in WinRAR or 7-Zip, but Windows Explorer still opens it and runs the JavaScript malware. Each download is different, so file hashes don’t match.

🔗 Learn how this ZIP trick bypasses defenses → https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html

OpenAI will start showing ads in ChatGPT for logged-in adult U.S. users on Free and Go plans.

📢 Ads are clearly labeled, appear only at the bottom of chats, and do not influence responses. OpenAI says conversations aren’t sold to advertisers, and ad personalization can be turned off.

🔗 Read → https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html

🚨 Authorities added Black Basta’s alleged leader, Oleg Nefedov, to the EU Most Wanted list and issued an INTERPOL Red Notice.

Police say he directed targeting, recruitment, and ransom handling for a ransomware group that pulled in hundreds of millions in crypto.

Leaked internal chats later exposed the operation.

🔗 Inside Black Basta → https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html

⚠️ Researchers exploited an XSS flaw in the StealC malware control panel and exposed its operators.

They extracted system fingerprints, live sessions, and cookies from infrastructure built to steal data—showing how fragile MaaS setups can be.

🔗 Read → https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html

🚨 A fake Chrome ad blocker crashes the browser on purpose, then tricks users into running attacker commands.

Huntress calls it CrashFix, an evolved ClickFix tactic linked to the KongTuke traffic distribution system for reuse in follow-on attacks.

🔗 Learn how the crash-and-fix loop works → https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html

🚨 AMD StackWarp flaw weakens SEV-SNP VM isolation.

A hardware bug in Zen 1–5 CPUs lets a privileged host misuse a control bit (via hyperthreading) to corrupt a confidential VM’s stack, enabling key recovery and auth bypass.

🔗 Details & fixes → https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html

⚡ Cybersecurity Recap: From critical exploits to cloud missteps and AI-driven attacks, the threat surface keeps expanding.

See how defenders are adapting—and where the next wave is forming.

🔗 Read the full Weekly Recap → https://thehackernews.com/2026/01/weekly-recap-fortinet-exploits-redline.html

⚠️ DevOps SaaS isn’t “always on.” In 2024, GitHub, Jira, and Azure DevOps logged 502 incidents, causing 4,755 hours of outages or degraded service.

Early 2025 data shows a 69% YoY rise in major incidents. Shared responsibility leaves data protection with you.

🔗 Read → https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html

🚨 Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites.

A hidden prompt in an event could trigger Gemini, when asked about a schedule, to summarize private meetings into a new calendar entry—visible to attackers in some enterprise setups.

No user action required.

🔗 Read → https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html

🚨 A major Telegram scam marketplace may be winding down.

Elliptic reports Tudou Guarantee has largely halted transactions in its public channels after processing $12B+ in illicit activity.

🔗 Read → https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html

Thousands of fake banking sites are quietly pulling users in via Google.

CTM360 tracked 11,000+ fake bank domains targeting the U.S. and UK, many ranking next to real institutions. These sites run full onboarding and fake approvals before charging “fees” via crypto or PayPal.

🔗 How SEO is weaponized for fraud → https://thehackernews.com/expert-insights/2026/01/ctm360-analysis-shows-how-fake-banks.html

🚨 Cloudflare fixed a flaw in its ACME HTTP-01 handling that could conditionally disable WAF and allow requests to reach origin servers.

The issue was missing checks that the token matched an active challenge for the hostname.

🔗 Learn more → https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html

Leaked API keys aren’t rare 🔑 The blind spot is where teams look.

Intruder scanned 5M apps and found 42K+ exposed tokens embedded in JavaScript bundles—most in SPAs. Many scanners never load front-end assets, so these leaks go unseen 👀

🔗 How secrets slip past scanners → https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html

⚠️ Most enterprises have a hidden risk: orphan accounts. They still log in, but no one owns them.

IAM only controls what’s connected. Service accounts, legacy apps, and AI agents are often missed.

Inactive access stays active—and attackers use it.

🔗 How continuous identity audits close this gap → https://thehackernews.com/2026/01/the-hidden-risk-of-orphan-accounts.html

🚨 Uncharted: The AI Safety & Security Summit from Fuel iX 🚨

Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access 9 expert-led sessions and a comprehensive report revealing risks in 24 generative AI models.

🔒 Uncover hidden dangers in frontier AI models
⚖️ Learn legal frameworks balancing innovation with responsibility
🛡️ Get proactive defense strategies from top CISOs
📄 Receive a detailed report on vulnerabilities and actionable strategies

Access it now, on-demand: https://thn.news/uncharted-summit

🚨 Researchers found a malware campaign abusing VS Code extensions to infect developers with Evelyn Stealer.

It injects into a legit Windows process to quietly steal credentials, browser cookies, and crypto data.

🔗 Find how the extensions worked and what was stolen → https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html

🚨 Anthropic’s official Git MCP server had three vulnerabilities enabling file read/delete and potential RCE.

Researchers showed prompt injection—via AI-read content—can trigger the chain without direct system access.

🔗 Exploit chain and CVEs → https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html

Cybersecurity in 2026 isn't a knowledge problem. It's an execution problem. 📉

The big 3:
• AI-driven attacks
• Shadow agents
• Identity abuse

Stop reading, start executing!

Full Forecast: https://thn.news/tech-security-outlook