Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign that uses fake virtual private network (VPN) clients distributed through search engine optimization (SEO) ...
Dark Reading

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.
SecurityWeek

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Cisco has fixed 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD appliances, including two critical-severity bugs.
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
VentureBeat

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...
PC World

WinRAR under attack by state-level hackers, according to Google

PCWorld reports that Google’s Threat Intelligence Group discovered state-sponsored hackers from Russia and China actively exploiting a critical WinRAR vulnerability (CVE-2025-8088). This security flaw ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
Forbes

Direct File Is Gone. Here’s How You Can Still File Your Taxes For Free

The IRS shut down its direct filing program for 2026, but Free File, Fillable Forms, MilTax, and some private tools remain—if you know where to look. Here’s how to navigate the free options still ...
Bleeping Computer

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...
The Hill

IRS Direct File is gone. This is how you can still file taxes for free

(NEXSTAR) – In 2025, nearly 300,000 Americans used a new electronic system to file their taxes directly with the IRS for free. In 2026, that’s no longer an option. IRS Direct File launched as a pilot ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...