Breaking cybersecurity news, vulnerability disclosures, and industry updates.
Microsoft introduces new Purview DLP integration, sensitivity label enforcement, and oversharing assessment tools for Copilot for Microsoft 365, responding to widespread CISO concerns about AI assistants accessing sensitive data through existing permissions.
Attackers drained approximately $3 million from CrossCurve's cross-chain bridge by spoofing messages to the ReceiverAxelar contract, which lacked proper validation of cross-chain calls.
Varonis discovered a prompt injection attack chain that could steal sensitive data from Microsoft Copilot with a single click, bypassing safety filters through double-request and chain-request techniques. Patched January 13, 2026.
The Russian-speaking Qilin ransomware group listed Tulsa International Airport as a victim, leaking financial documents, employee IDs, and executive communications in the aviation sector's first reported attack of 2026.
GlassWorm, a self-propagating worm using Solana blockchain for C2 and invisible Unicode obfuscation, has infected 35,800+ developers through compromised VS Code extensions on Open VSX.
HarfangLab uncovered an Iran-linked campaign using AI-generated Office macros and the SloppyMIO backdoor to target activists documenting human rights violations during Iran's 2025-2026 protests.
The Cybersecurity Information Sharing Act of 2015 faces expiration on January 30, 2026, despite bipartisan support for 10-year reauthorization. Sen. Rand Paul's objections over unrelated CISA agency concerns block permanent extension.
CrowdStrike's fiscal Q4 2026 earnings call scheduled for March 3, 2026, with analysts expecting continued momentum from Falcon platform consolidation, Charlotte AI efficiency gains, and FedRAMP High authorization.
Two chained Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8) allow unauthenticated RCE via Bash command injection. CISA gave federal agencies only 3 days to patch.
The GootLoader malware loader now creates malformed ZIP files containing hundreds of concatenated archives, causing security tools to extract harmless files while Windows extracts malicious JavaScript.
Attackers compromised an eScan regional update server on January 20, 2026, distributing signed malicious updates that deployed a multi-stage backdoor. IOCs and detection guidance included.
A malicious VS Code extension posing as an AI coding assistant deploys ConnectWise ScreenConnect for persistent remote access using quadruple impersonation tactics and Rust-based backup delivery.