Mert SARICA
@hack4career.com
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex thehackernews.com/2026/01/cisc...
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco fixes actively exploited CVE-2026-20045 zero-day enabling unauthenticated RCE in Unified CM and Webex; CISA sets Feb 11, 2026 deadline.
thehackernews.com
January 22, 2026 at 2:49 PM
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex thehackernews.com/2026/01/cisc...
APT28 (Fancy Bear) is now deploying "LAMEHUG," a new malware framework integrating LLM capabilities for dynamic command generation. Linked to Russia's GRU, the group continues to target NATO members and logistics entities supporting Ukraine.
socradar.io/blog/dark-we...
socradar.io/blog/dark-we...
Dark Web Profile: APT28
APT28 is one of the most tracked state-linked intrusion sets because its activity often aligns with major geopolitical events and long-running espionage
socradar.io
January 21, 2026 at 1:22 PM
APT28 (Fancy Bear) is now deploying "LAMEHUG," a new malware framework integrating LLM capabilities for dynamic command generation. Linked to Russia's GRU, the group continues to target NATO members and logistics entities supporting Ukraine.
socradar.io/blog/dark-we...
socradar.io/blog/dark-we...
Law enforcement tracks ransomware group blamed for massive financial losses www.helpnetsecurity.com/2026/01/19/i...
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
International ransomware group investigation identifies Ukrainian suspects, names alleged organizer, and losses across Western countries.
www.helpnetsecurity.com
January 21, 2026 at 1:21 PM
Law enforcement tracks ransomware group blamed for massive financial losses www.helpnetsecurity.com/2026/01/19/i...
sardanioss/httpcloak: Go HTTP client with browser-identical TLS/HTTP2 fingerprinting. Bypass bot detection by perfectly mimicking Chrome, Firefox, and Safari at the cryptographic level (JA3/JA4, Akamai fingerprint, header order).
GitHub - sardanioss/httpcloak: Go HTTP client with browser-identical TLS/HTTP2 fingerprinting. Bypass bot detection by perfectly mimicking Chrome, Firefox, and Safari at the cryptographic level (JA3/JA4, Akamai fingerprint, header order). Supports HTTP/1.1, HTTP/2, HTTP/3, sessions, cookies, and proxies.
Go HTTP client with browser-identical TLS/HTTP2 fingerprinting. Bypass bot detection by perfectly mimicking Chrome, Firefox, and Safari at the cryptographic level (JA3/JA4, Akamai fingerprint, head...
github.com
January 19, 2026 at 1:01 PM
sardanioss/httpcloak: Go HTTP client with browser-identical TLS/HTTP2 fingerprinting. Bypass bot detection by perfectly mimicking Chrome, Firefox, and Safari at the cryptographic level (JA3/JA4, Akamai fingerprint, header order).
New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout
New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout
US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars.
www.securityweek.com
January 19, 2026 at 1:00 PM
New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout
WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking www.securityweek.com/whisperpair-...
WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking
The critical issue impacts Bluetooth audio accessories with improper Google Fast Pair implementations.
www.securityweek.com
January 16, 2026 at 1:51 PM
WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking www.securityweek.com/whisperpair-...
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild cybersecuritynews.com/cisco-0-day-...
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances.
cybersecuritynews.com
January 16, 2026 at 1:43 PM
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild cybersecuritynews.com/cisco-0-day-...
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via exposed phMonitor service.
thehackernews.com
January 15, 2026 at 1:05 PM
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
I built a firewall that blocks my IoT devices from phoning home
I built a firewall that blocks my IoT devices from phoning home
My lightbulbs do not need internet access and they never should
www.xda-developers.com
January 15, 2026 at 1:01 PM
I built a firewall that blocks my IoT devices from phoning home
Facebook login thieves now using browser-in-browser trick
Facebook login thieves now using browser-in-browser trick
Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.
www.bleepingcomputer.com
January 14, 2026 at 1:00 PM
Facebook login thieves now using browser-in-browser trick
CISOs’ top 10 cybersecurity priorities for 2026
CISOs’ top 10 cybersecurity priorities for 2026
AI’s ongoing rise — both as a threat and a means for defense — is reshaping security execs’ agendas, which also include added emphasis on resiliency, third-party risk management, and geopolitical…
www.csoonline.com
January 13, 2026 at 1:00 PM
CISOs’ top 10 cybersecurity priorities for 2026
Top 10 APT Groups in 2025
Top 10 APT Groups in 2025
Advanced Persistent Threats, known as APTs, represent some of the most capable cyber adversaries. APT groups are often state-backed...
socradar.io
January 12, 2026 at 1:20 PM
Top 10 APT Groups in 2025
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
Researchers show how pig butchering-as-a-service providers equip scam networks with turnkey tools and infrastructure for large-scale online fraud.
thehackernews.com
January 12, 2026 at 1:00 PM
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...
github.com
January 9, 2026 at 1:05 PM
DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers
Alleged cybercrime kingpin arrested and extradited from Cambodia to China
Alleged cybercrime kingpin arrested and extradited from Cambodia to China | CNN
A prominent tycoon wanted by United States federal prosecutors for allegedly running one of Asia’s largest transnational criminal networks has been arrested and extradited to China, Cambodian…
www.cnn.com
January 9, 2026 at 1:00 PM
Alleged cybercrime kingpin arrested and extradited from Cambodia to China
Germany Faces Intense New Year DDoS Campaign: Weekly DDoS Threat Intelligence Analysis
Germany Faces Intense New Year DDoS Campaign: Weekly DDoS Threat Intelligence Analysis
The activity focused primarily on Germany, accounting for nearly 88% of all attacks, with additional targeting of Ukrainian and international domains. This
socradar.io
January 6, 2026 at 1:15 PM
Germany Faces Intense New Year DDoS Campaign: Weekly DDoS Threat Intelligence Analysis
NordVPN Denies Breach After Hacker Leaks Data
NordVPN Denies Breach After Hacker Leaks Data
The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems.
www.securityweek.com
January 6, 2026 at 1:05 PM
NordVPN Denies Breach After Hacker Leaks Data
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture
Cybersecurity failures aren’t about tools, they’re about people. ORCS turns risk awareness into everyday habits that help teams act fast and smart.
www.csoonline.com
January 6, 2026 at 1:00 PM
How the Organizational Risk Culture Standard can supercharge your cybersecurity culture
Digital wallet fraud: how your bank card can be stolen without it leaving your wallet www.theguardian.com/money/2026/j...
Digital wallet fraud: how your bank card can be stolen without it leaving your wallet
Fraudsters use phishing to steal card details, which fund a spending spree using Apple Pay or Google Pay
www.theguardian.com
January 5, 2026 at 1:44 PM
Digital wallet fraud: how your bank card can be stolen without it leaving your wallet www.theguardian.com/money/2026/j...
NordVPN Dev Data Leak, Crow Stealer Tool & Large Data Listings
NordVPN Dev Data Leak, Crow Stealer Tool & Large Data Listings
SOCRadar’s Dark Web Team identified several new underground posts this week, including a threat actor claim involving alleged internal NordVPN development
socradar.io
January 5, 2026 at 1:20 PM
NordVPN Dev Data Leak, Crow Stealer Tool & Large Data Listings
GitHub - pranshuparmar/witr: Why is this running? github.com/pranshuparma...
At its core, witr answers:
What is running?
How did it start?
What is keeping it running?
What context does it belong to?
At its core, witr answers:
What is running?
How did it start?
What is keeping it running?
What context does it belong to?
GitHub - pranshuparmar/witr: Why is this running?
Why is this running? Contribute to pranshuparmar/witr development by creating an account on GitHub.
github.com
January 5, 2026 at 1:15 PM
GitHub - pranshuparmar/witr: Why is this running? github.com/pranshuparma...
At its core, witr answers:
What is running?
How did it start?
What is keeping it running?
What context does it belong to?
At its core, witr answers:
What is running?
How did it start?
What is keeping it running?
What context does it belong to?
GHOSTCREW - AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools
GHOSTCREW - AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools
GHOSTCREW emerges as a game-changing open-source toolkit for red teamers and penetration testers.
cybersecuritynews.com
January 5, 2026 at 1:05 PM
GHOSTCREW - AI-based Red Team Toolkit for Penetration Testing Invoking Metasploit, Nmap and Other Tools
Cybersecurity leaders’ resolutions for 2026
Cybersecurity leaders’ resolutions for 2026
From all things AI to prioritizing resilience and having an eye towards quantum, here are the top security priorities for the year ahead.
www.csoonline.com
January 5, 2026 at 1:00 PM
Cybersecurity leaders’ resolutions for 2026
Former Coinbase support agent arrested for helping hackers
Former Coinbase support agent arrested for helping hackers
A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database.
www.bleepingcomputer.com
December 30, 2025 at 1:00 PM
Former Coinbase support agent arrested for helping hackers
WIRED Data Leak Exposes 2.3M Users Amid Broader Claims socradar.io/blog/wired-d...
WIRED Data Leak Exposes 2.3M Users Amid Broader Claims
This blog provides a factual overview of the WIRED data leak, explains what information was exposed, how attackers allegedly gained access...
socradar.io
December 29, 2025 at 1:36 PM
WIRED Data Leak Exposes 2.3M Users Amid Broader Claims socradar.io/blog/wired-d...