β οΈ DevOps SaaS isnβt βalways on.β In 2024, GitHub, Jira, and Azure DevOps logged 502 incidents, causing 4,755 hours of outages or degraded service.
Early 2025 data shows a 69% YoY rise in major incidents. Shared responsibility leaves data protection with you.
π Read β https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html
Early 2025 data shows a 69% YoY rise in major incidents. Shared responsibility leaves data protection with you.
π Read β https://thehackernews.com/2026/01/high-costs-of-devops-saas-downtime.html
β‘4
π¨ Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites.
A hidden prompt in an event could trigger Gemini, when asked about a schedule, to summarize private meetings into a new calendar entryβvisible to attackers in some enterprise setups.
No user action required.
π Read β https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html
A hidden prompt in an event could trigger Gemini, when asked about a schedule, to summarize private meetings into a new calendar entryβvisible to attackers in some enterprise setups.
No user action required.
π Read β https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html
π±12π5π€―5π1
π¨ A major Telegram scam marketplace may be winding down.
Elliptic reports Tudou Guarantee has largely halted transactions in its public channels after processing $12B+ in illicit activity.
π Read β https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html
Elliptic reports Tudou Guarantee has largely halted transactions in its public channels after processing $12B+ in illicit activity.
π Read β https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html
π11π1π1
Thousands of fake banking sites are quietly pulling users in via Google.
CTM360 tracked 11,000+ fake bank domains targeting the U.S. and UK, many ranking next to real institutions. These sites run full onboarding and fake approvals before charging βfeesβ via crypto or PayPal.
π How SEO is weaponized for fraud β https://thehackernews.com/expert-insights/2026/01/ctm360-analysis-shows-how-fake-banks.html
CTM360 tracked 11,000+ fake bank domains targeting the U.S. and UK, many ranking next to real institutions. These sites run full onboarding and fake approvals before charging βfeesβ via crypto or PayPal.
π How SEO is weaponized for fraud β https://thehackernews.com/expert-insights/2026/01/ctm360-analysis-shows-how-fake-banks.html
π8π5
π¨ Cloudflare fixed a flaw in its ACME HTTP-01 handling that could conditionally disable WAF and allow requests to reach origin servers.
The issue was missing checks that the token matched an active challenge for the hostname.
π Learn more β https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html
The issue was missing checks that the token matched an active challenge for the hostname.
π Learn more β https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html
π9
Leaked API keys arenβt rare π The blind spot is where teams look.
Intruder scanned 5M apps and found 42K+ exposed tokens embedded in JavaScript bundlesβmost in SPAs. Many scanners never load front-end assets, so these leaks go unseen π
π How secrets slip past scanners β https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html
Intruder scanned 5M apps and found 42K+ exposed tokens embedded in JavaScript bundlesβmost in SPAs. Many scanners never load front-end assets, so these leaks go unseen π
π How secrets slip past scanners β https://thehackernews.com/2026/01/why-secrets-in-javascript-bundles-are.html
π10
This media is not supported in your browser
VIEW IN TELEGRAM
β οΈ Most enterprises have a hidden risk: orphan accounts. They still log in, but no one owns them.
IAM only controls whatβs connected. Service accounts, legacy apps, and AI agents are often missed.
Inactive access stays activeβand attackers use it.
π How continuous identity audits close this gap β https://thehackernews.com/2026/01/the-hidden-risk-of-orphan-accounts.html
IAM only controls whatβs connected. Service accounts, legacy apps, and AI agents are often missed.
Inactive access stays activeβand attackers use it.
π How continuous identity audits close this gap β https://thehackernews.com/2026/01/the-hidden-risk-of-orphan-accounts.html
π7
π¨ Uncharted: The AI Safety & Security Summit from Fuel iX π¨
Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access 9 expert-led sessions and a comprehensive report revealing risks in 24 generative AI models.
π Uncover hidden dangers in frontier AI models
βοΈ Learn legal frameworks balancing innovation with responsibility
π‘οΈ Get proactive defense strategies from top CISOs
π Receive a detailed report on vulnerabilities and actionable strategies
Access it now, on-demand: https://thn.news/uncharted-summit
Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access 9 expert-led sessions and a comprehensive report revealing risks in 24 generative AI models.
π Uncover hidden dangers in frontier AI models
βοΈ Learn legal frameworks balancing innovation with responsibility
π‘οΈ Get proactive defense strategies from top CISOs
π Receive a detailed report on vulnerabilities and actionable strategies
Access it now, on-demand: https://thn.news/uncharted-summit
π3π€2π1π±1
π¨ Researchers found a malware campaign abusing VS Code extensions to infect developers with Evelyn Stealer.
It injects into a legit Windows process to quietly steal credentials, browser cookies, and crypto data.
π Find how the extensions worked and what was stolen β https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html
It injects into a legit Windows process to quietly steal credentials, browser cookies, and crypto data.
π Find how the extensions worked and what was stolen β https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html
π₯5π4
π¨ Anthropicβs official Git MCP server had three vulnerabilities enabling file read/delete and potential RCE.
Researchers showed prompt injectionβvia AI-read contentβcan trigger the chain without direct system access.
π Exploit chain and CVEs β https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html
Researchers showed prompt injectionβvia AI-read contentβcan trigger the chain without direct system access.
π Exploit chain and CVEs β https://thehackernews.com/2026/01/three-flaws-in-anthropic-mcp-git-server.html
π7β‘3
Cybersecurity in 2026 isn't a knowledge problem. It's an execution problem. π
The big 3:
β’ AI-driven attacks
β’ Shadow agents
β’ Identity abuse
Stop reading, start executing!
Full Forecast: https://thn.news/tech-security-outlook
The big 3:
β’ AI-driven attacks
β’ Shadow agents
β’ Identity abuse
Stop reading, start executing!
Full Forecast: https://thn.news/tech-security-outlook
π₯13π3π€―3π2β‘1
π°π΅ North Koreaβlinked actors are luring developers with fake job repos.
Simply opening a malicious VS Code project can auto-run hidden tasks that fetch JavaScript from Vercel and deploy a backdoor enabling remote code execution.
π Learn how it works β https://thehackernews.com/2026/01/north-korea-linked-hackers-target.html
Simply opening a malicious VS Code project can auto-run hidden tasks that fetch JavaScript from Vercel and deploy a backdoor enabling remote code execution.
π Learn how it works β https://thehackernews.com/2026/01/north-korea-linked-hackers-target.html
π₯12π7π6
π¨ npm binary-parser flaw enables arbitrary JavaScript execution in some Node.js apps.
Affects versions < 2.3.0 and only hits apps that build parsers from untrusted input via dynamic code generation.
π Exploit path explained β https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html
Affects versions < 2.3.0 and only hits apps that build parsers from untrusted input via dynamic code generation.
π Exploit path explained β https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html
π2