2+ hour, 12+ min ago   (394+ words) Cybercriminals are tricking users with fake websites mimicking popular tools like Notepad++ and 7-Zip. These sites push Remote Monitoring and Management (RMM) tools laced with malware. According to AhnLab's Security Intelligence Center (ASEC), attackers now use RMM software right from…...

1+ day, 3+ min ago   (175+ words) CISA emphasizes that cyber intrusions in OT environments can result in physical harm, environmental damage, or disruption of essential services, with consequences far more severe than traditional IT security incidents. The framework establishes principles-based goals for operators of essential services,…...

1+ day, 8+ min ago   (246+ words) A critical backdoor vulnerability in the LA-Studio Element Kit for Elementor WordPress plugin exposes over 20,000 active installations to unauthenticated attacks. Discovered on January 12, 2026, the flaw allows attackers to create malicious administrator users without authentication. Security firm Wordfence validated the issue…...

1+ day, 14+ min ago   (161+ words) A sophisticated watering hole attack targeting EmEditor users, a popular Windows text editor favored by developers, especially in Japan. In late December 2025, attackers compromised EmEditor's download page to distribute a tampered MSI installer. EmEditor, developed by U.S.-based Emurasoft, issued a…...

1+ day, 1+ hour ago   (247+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. Federal agencies must patch affected systems…...

3+ day, 20+ hour ago   (293+ words) The Node.js project, operating under the OpenJS Foundation, has implemented a significant quality control measure on its HackerOne bug bounty program. The new requirement mandates that security researchers maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports,…...

3+ day, 22+ hour ago   (213+ words) Microsoft is rolling out a critical security enhancement designed to shield Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling launches mid-February 2026, with full general availability expected by late February. The new security…...

4+ day, 17+ hour ago   (312+ words) The second day of Pwn2Own Automotive 2026 has accelerated the competition dramatically, with security researchers uncovering dozens of critical vulnerabilities in automotive systems and EV charging infrastructure. The event has now awarded over $516,500 across 37 unique zero-day vulnerabilities, establishing a landmark year for…...

4+ day, 17+ hour ago   (145+ words) The vulnerability is now confirmed in active exploitation, with evidence emerging just 48 hours after the official patch became available. The flawed branches authentication logic is based on the'IsSysAdmin'parameter. When set to'true, the endpoint bypasses all password validation checks that exist…...

4+ day, 18+ hour ago   (174+ words) The Akamai Security Intelligence and Response Team (SIRT) has disclosed a critical command injection vulnerability in Vivotek legacy camera firmware that permits remote attackers to execute arbitrary code without authentication. Assigned CVE-2026-22755, the flaw resides in the upload_map.cgi script and…...