ICYMI: 2026-01-15
Latest Headlines
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
Forget Predictions: True 2026 Cybersecurity Priorities From Leaders
New ‘StackWarp’ Attack Threatens Confidential VMs on AMD Processors
Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls
isVerified Emerges From Stealth With Voice Deepfake Detection Apps
New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data
Central Maine Healthcare Data Breach Impacts 145,000 Individuals
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact
Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits
Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats
Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks
BreachLock Expands Adversarial Exposure Validation (AEV) to Web Applications
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform
Azure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center
Cloudflare Acquires Human Native to Strengthen AI Data Security
Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security
Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features
MonetaStealer Malware Powered with AI Code Attacking macOS Users in the Wild
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
Grubhub confirms hackers stole data in recent security breach
Hackers exploit Modular DS WordPress plugin flaw for admin access
Microsoft Copilot Studio extension for VS Code now publicly available
Critical flaw lets hackers track, eavesdrop via Bluetooth audio devices
How to automate just-in-time access to applications with Tines
FTC bans GM from selling drivers’ location data for five years
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
Microsoft disrupts massive RedVDS cybercrime virtual desktop service
ChatGPT’s upcoming cross-platform feature is codenamed “Agora”
– MTZ