Oracle’s January 2026 CPU resolves roughly 230 unique vulnerabilities across more than 30 products. The post Oracle’s First 2026 CPU Delivers 337 New Security Patches appeared first on SecurityWeek.
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is noRead More »Exposure Assessment Platforms Signal a Shift in Focus
The most common stolen passwords in 2025 were 123456, admin, and password, according to a Specops study. The post Analysis of 6 Billion Passwords Shows Stagnant User Behavior appeared first on SecurityWeek.
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys andRead More »Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That’s according to new findings from Check Point Research, which identified operational security blunders by malware’s author that provided clues to itsRead More »VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create aRead More »LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flawRead More »CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Under the new rules, measures for 5G cybersecurity would become mandatory. The post EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China appeared first on SecurityWeek.
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025,Read More »North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The lawsuit claims the university didn’t enact reasonable data security measures.
