Dutch police believe they have arrested a man behind the AVCheck online platform - a service used by cybercrims that Operation Endgame shuttered in May.β¦
The vulnerability was discovered in Asus routers, but all devices using the affected chipset are susceptible to attacks.Β
The post Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks appeared first on SecurityWeek.
CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities (KEV) catalog.β¦
If you were still questioning whether iOS 26+ is for you, now is the time to make that call.
Why?
On December 12, 2025, Apple patched two WebKit zeroβday vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone 11 and newer users toward iOS 26+, because thatβs where the fixes and new memory protections live. These vulnerabilities were primarily used in highly targeted attacks, but such campaigns are likely to expand over time.
WebKit powers the Safari browser and many other iOS applications, so itβs a big attack surface to leave exposed and isnβt limited to βriskyβ behavior. These vulnerabilities allowed an attacker to execute arbitrary code on a device after exploitation via malicious web content.
Apple has confirmed that attackers are already exploiting these vulnerabilities in the wild, making installation of the update a highβpriority security task for every user. Campaigns that start with diplomats, journalists, or executives often lead to tooling and exploits leaking or being repurposed, so βIβm not a targetβ is not a viable safety strategy.β
Due to public resistance to new features like Liquid Glass, many iPhone users have not yet upgraded to iOS 26.2. Reports suggest adoption of iOS 26 has been unusually slow. As of January 2026, only about 4.6% of active iPhones are on iOS 26.2, and roughly 16% are on any version of iOS 26, leaving the vast majority on older releases such as iOS 18.
However, Apple only ships these fixes and newer protections, such as Memory Integrity Enforcement, on iOS 26+ for supported devices. Users on older, unsupported devices wonβt be able to access these protections at all.
Another important factor in the upgrade cycle is restarting the device. What many people donβt realize is that when you restart your device, any memory-resident malware is flushedβunless it has somehow gained persistence, in which case it will return. High-end spyware tools tend to avoid leaving traces needed for persistence and often rely on users not restarting their devices.
Upgrading requires a restart, which makes this a win-win: you get the latest protections, and any memory-resident malware is flushed at the same time.
For iOS and iPadOS users, you can check if youβre using the latest software version, go to Settings > General > Software Update. Itβs also worth turning on Automatic Updates if you havenβt already. You can do that on the same screen.
The most important fixβhowever painful you may find itβis to upgrade to iOS 26.2. Not doing means missing an accumulating list of security fixes, leaving your device vulnerable to more and more newly found vulnerabilities.
Β But here are some other useful tips:
We donβt just report on phone securityβwe provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices byΒ downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Mandiant has released an open source tool to help Salesforce admins detect misconfigurations that could expose sensitive data.β¦
SAP has released 17 security notes, including four that address critical SQL injection, RCE, and code injection vulnerabilities.
The post SAPβs January 2026 Security Updates Patch Critical Vulnerabilities appeared first on SecurityWeek.
A Dutch appeals court has kept a seven-year prison sentence in place for a man who hacked port IT systems with malware-stuffed USB sticks to help cocaine smugglers move containers, brushing off claims that police shouldn't have been reading his encrypted chats.β¦
Forty years ago, The MentorβLoyd Blankenshipβpublished βThe Conscience of a Hackerβ in Phrack.
You bet your ass weβre all alikeβ¦ weβve been spoon-fed baby food at school when we hungered for steakβ¦ the bits of meat that you did let slip through were pre-chewed and tasteless. Weβve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world nowβ¦ the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasnβt run by profiteering gluttons, and you call us criminals. We exploreβ¦ and you call us criminals. We seek after knowledgeβ¦ and you call us criminals. We exist without skin color, without nationality, without religious biasβ¦ and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe itβs for our own good, yet weβre the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
The 44-year-old individual planted remote access malware on a logistics firmβs systems, with help from employees.
The post Dutch Port Hacker Sentenced to Prison appeared first on SecurityWeek.
Hackers stole complete customer information, including contact details, national identity numbers, and payment details.
The post Spanish Energy Company Endesa Hacked appeared first on SecurityWeek.
The British government is asking defense firms to rapidly produce a new ground-launched ballistic missile to aid Ukraine's fight against Russia - hardware that might also be adopted by UK's armed forces in future.β¦
Ransomware remains the biggest concern for CISOs in 2026, according to WEFβs Global Cybersecurity Outlook 2026 report.
The post Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEFΒ appeared first on SecurityWeek.
Indiaβs government has updated the regulations it imposes on cryptocurrency services providers, as part of its efforts to combat fraud, money laundering, and terrorism.β¦
PCs and datacenters aren't the only devices that need DRAM. The global memory shortage is roiling the cybersecurity market, with the cost of firewalls expected to balloon and hit both customers and vendors in the pocketbook in 2026, according to research analysts Wedbush.β¦
Login
