Pro-Russian hacktivist campaigns continue against UK organizations
The UK's National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad. In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting cyber operations worldwide against organizations and critical infrastructure sectors. One group highlighted by the NCSC is NoName057(16), which has been active since March 2022. READ MORE...
Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. Synacktiv Team took home $35,000 after successfully chaining an information leak and an out-of-bounds write flaw to get root permissions on the Tesla Infotainment System in the USB-based attack category. They also chained three vulnerabilities to gain root-level code execution on the Sony XAV-9500ES digital media receiver. READ MORE...
Analysis of 6 Billion Passwords Shows Stagnant User Behavior
Despite years of security awareness efforts, an analysis of 6 billion credentials leaked in 2025 confirms that poor password hygiene persists, as simple numeric sequences and common words remain the primary choice for millions of users. The data comes from a report published by password management firm Specops Software based on an analysis conducted by the threat intelligence team of its parent company, Outpost24. READ MORE...
Cloudflare whacks WAF bypass bug that opened side door for attackers
Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover. FearsOff security researchers reported the bug in October through Cloudflare's bug bounty program, and the CDN says it has patched the vulnerability in its ACME (Automatic Certificate Management Environment) validation logic with no action required from its customers. READ MORE...
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
North Korean threat actors are abusing Visual Studio Code task configuration files for malware delivery in a new campaign targeting macOS software developers, Jamf warns. The attacks, the security firm says, represent a fresh iteration of fake job offer campaigns attributed to North Korean hackers, including Operation Dream Job, Contagious Interview, ClickFake Interview, and DeceptiveDevelopment. READ MORE...
VoidLink cloud malware shows clear signs of being AI-generated
The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. Check Point Research published details about VoidLink last week, describing it as an advanced Linux malware framework that offers custom loaders, implants, rootkit modules for evasion, and dozens of plugins that expand its functionality. READ MORE...
Internet voting is insecure and should not be used in public elections
Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure. Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn't matter. Bradley Tusk and his Mobile Voting Foundation keep touting internet voting to journalists and election administrators, this whole effort is misleading and dangerous. READ MORE...
Google Gemini Flaw Turns Calendar Invites Into Attack Vector
Researchers have uncovered a prompt injection vulnerability in Google's application ecosystem that allows attackers to gain access to sensitive data via its Gemini generative artificial intellience (GenAI) tool. The flaw is the latest one that various researchers have discovered in Gemini and other AI assistants that demonstrate how large language model (LLM)-driven apps have created new avenues for exploit. The flaw allows attackers to place a payload inside a standard Google Calendar invite. READ MORE...
Vulnerabilities Threaten to Break Chainlit AI Framework
Two old fashioned software vulnerabilities in a hot artificial intelligence (AI) framework could have allowed attackers to take over users' cloud environments. Not every vulnerability affecting AI chatbots is about prompt injection (PI), indirect prompt injection (IPI), or any strange new threat vector. Strip away all the glitz, and AI technology is built on ordinary IT and cloud infrastructure. Thus, it's often vulnerable to the same sorts of bugs that any other IT and cloud applications are. READ MORE...
- ...in 1938, radio DJ and early rock and roll icon Robert Weston Smith, AKA "Wolfman Jack", is born in Belvidere, NC.
- ...in 1940, pro golfer Jack Nicklaus -- 'The Golden Bear' -- is born in Upper Arlington, OH.
- ...in 1954, the very first nuclear-powered submarine, the USS Nautilus (named for the submarine in "Twenty Thousand Leagues Under the Sea") is launched off the Connecticut coast.
- ...in 1981, production of the DeLorean DMC-12 sports car, as seen in the "Back to the Future" films, begins in Dunmurry, Ireland.
