Port 22

~ 3 Feb 2026 ~

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

The Paramilitary ICE and CBP Units at the Center of Minnesota's Killings

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Critical React Native Metro dev server bug under attack as researchers scream into the void

CISA updated ransomware intel on 59 bugs last year without telling defenders

Microsoft SDL: Evolving security practices for an AI-powered world

When Cloud Outages Ripple Across the Internet

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

New EU Report Urges More Aggressive Action Against Transnational Repression

French cops raid X's Paris office in algorithmic bias probe

Microsoft finally sends TLS 1.0 and 1.1 to the cloud retirement home

Polish cops bail 20-year-old bedroom botnet operator

Microsoft is Giving the FBI BitLocker Keys

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

How Data Brokers Can Fuel Violence Against Public Servants

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

DIY AI bot farm OpenClaw is a security 'dumpster fire'

British military to get legal OK to swat drones near bases

The Notepad++ supply chain attack unnoticed execution chains and new IoCs

~ 2 Feb 2026 ~

Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Infostealers without borders: macOS, Python stealers, and platform abuse

StopICE hacked to send alarming text messages, admins accuse border patrol agent of sabotage

Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Securing the Mid-Market Across the Complete Threat Lifecycle

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords

Please Dont Feed the Scattered Lapsus Shiny Hunters

Saudi Arabia Ordered to Pay 3m to London Dissident Over Pegasus Spying

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Notepad++ update service hijacked in targeted state-linked attack

AI Coding Assistants Secretly Copying All Code to China

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

ICE and Qatari Security Forces at the Winter Olympics Put Italians on Edge

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Infrastructure cyberattacks are suddenly in fashion. We can buck the trend

A slippery slope: Beware of Winter Olympics scams and other cyberthreats

Why native cloud security falls short

I have a new blog: Traces of Humanity!

~ 1 Feb 2026 ~

Open-source AI is a global security nightmare waiting to happen, say researchers

AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues.

~ 31 Jan 2026 ~

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Jeffrey Epstein Had a Personal Hacker, Informant Claims

How to Film ICE

~ 30 Jan 2026 ~

Friday Squid Blogging: New Squid Species Discovered

January blues return as Ivanti coughs up exploited EPMM zero-days

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Case study: Securing AI application supply chains

Thousands more Oregon residents learn their health data was stolen in TriZetto breach

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Badges, Bytes and Blackmail

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

This month in security with Tony Anscombe January 2026 edition

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

DynoWiper update: Technical analysis and attribution

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Java developers want container security, just not the job that comes with it

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

~ 29 Jan 2026 ~

Maybe CISA should take its own advice about insider threats hmmm?

Turning threat reports into detection insights with AI

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

ICE Pretends Its a Military Force. Its Tactics Would Get Real Soldiers Killed

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

To stop crims, Google starts dismantling residential proxy network they use to hide

New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

AV vendor goes to war with security shop over update server scare

Seven habits that help security teams reduce risk without slowing delivery

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

ShinyHunters swipes right on 10M records in alleged dating app data grab

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

Patch or perish: Vulnerability exploits now dominate intrusions

Google Disrupts IPIDEA One of the Worlds Largest Residential Proxy Networks

Cyberattack on Poland's power grid could have turned deadly in winter cold

~ 28 Jan 2026 ~

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

ICE Is Using Palantirs AI Tools to Sort Through Tips

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

Ransomware crims forced to take off-RAMP as FBI seizes forum

Want the Federal Government to Hear Your Thoughts on AI?: New Consultation Launched

Here's the Company That Sold DHS ICE's Notorious Face Recognition App

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

Everybody is WinRAR phishing, dropping RATs as fast as lightning

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

From Triage to Threat Hunts: How AI Accelerates SecOps

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Fortinet unearths another critical bug as SSO accounts borked post-patch

Password Reuse in Disguise: An Often-Missed Risky Workaround

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Old Windows quirks help punch through new admin defenses

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan