-
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
·
A Little Sunshine, Agentic AI, AI Agents, AI assistant, Amazon AWS, Anthropic, CJ Moses, Claude, ClawdBot, Cline, Copilot, DVULN, FortiGate, grith.ai, James Wilson, Jamieson O’Reilly, Latest Warnings, Laura Ellis, Matt Schlict, Meta, Microsoft, Moltbook, Moltbot, OpenClaw, Orca Security, Rapid7, Risky Business, Roi Nisimi, Saurav Hiremath, Simon Willison, Snyk, Summer Yue, The Coming Storm, Web Fraud 2.0¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the target and the legitimate site — forwarding the victim’s username, password and multi-factor authentication (MFA) code to the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild.
·
Chris Goettl, CVE-2026-21256, CVE-2026-21509, CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21516, CVE-2026-21519, CVE-2026-21523, CVE-2026-21525, CVE-2026-21533, Desktop Window Manager, Immersive, Ivanti, Kev Breen, Latest Warnings, Microsoft Word, MSHTML, sans internet storm center, Security Tools, Time to Patch, Windows Remote Desktop Services, Windows shell¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
·
Adam Barnett, Chris Goettl, CVE-2023-31096, CVE-2026-0628, CVE-2026-0891, CVE-2026-0892, CVE-2026-20805, CVE-2026-20952, CVE-2026-20953, CVE-2026-21265, Desktop Window Manager, Immersive, Ivanti, Kev Breen, Latest Warnings, Microsoft Office, Microsoft Patch Tuesday January 2026, Rapid7, The Coming Storm, Time to Patch¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
·
911s5, 922 Proxy, A Little Sunshine, Aisuru, AISURU Botnet, Akamai Technologies, Android Debug Bridge, BadBox 2.0, Ben Brundage, Chad Seaman, DDoS-for-Hire, HUMAN Security, IPidea, Kimwolf, Kimwolf botnet, krebsfiveheadindustries, Latest Warnings, Lindsay Kaye, Oxylabs, Quokka, residential proxy, Riley Kilmer, Spur, Synthient, Uhale app, Web Fraud 2.0, XLab¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
