Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app”…
Cyber Security
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with…
Taiwan Endures Greater Cyber Pressure From China
Chinese cyberattacks on Taiwan’s critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million…
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software.…
CISO Succession Crisis Highlights How Turnover Amplifies Security Risks
When cybersecurity leadership turns over too fast, risk does not reset. It compounds.
‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems.
Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day
The vendor’s first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last…
Shadow#Reactor Uses Text Files to Deliver Remcos RAT
Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools…
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment…
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC,…