Cyber Security News

18 January 2026 20:36

120 Data Breach Statistics for 2026

So, here are the 120 data breach stats for 2025.

All the sources we mentioned applies its own methodology, so numbers vary, and we include them all so readers can judge for themselves.

Cyber_Security_Channel

Cyber Security News

15 January 2026 22:23

The 5 Critical Cybersecurity Controls Every Organization Needs

Administrative accounts represent your organization’s “keys to the kingdom”.

Regular reviews ensure that only necessary personnel have elevated privileges.

Failure to minimize admin accounts and/or eliminate shared accounts can lead to accountability issues during security incidents.

Ensuring all activities are logged and traceable to a single user aids investigations and deters potential compromises.

Cyber_Security_Channel

Cyber Security News

12 January 2026 18:36

Cybersecurity in Medical Devices: From Insight to Action

A central theme of the session was the critical role of penetration testing in ensuring medical device security.

Unlike traditional IT testing, medical device pentesting covers a much broader spectrum — from embedded hardware and firmware through industry specific communication interfaces and protocols, to cloud services and hospital network integration.

By embedding penetration testing across all stages of medical device development, deployment, and maintenance, manufacturers can confidently bring secure innovations to market — protecting both patients and the integrity of digital healthcare systems.

Cyber_Security_Channel

Cyber Security News

08 January 2026 22:08

ℹ️ What Security Teams Miss in Email Attacks

In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack.

Employees struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a trusted vendor.

Employees in the largest organizations, with workforces of 50,000 or more, had the highest rate of second-step engagement with VEC.

Cyber_Security_Channel

Cyber Security News

04 January 2026 23:17

GhostPoster Firefox Extensions Hide Malware in Icons

The extension’s developer used steganography to hide after that marker a loader that reaches a remote command-and-control (C&C) server to retrieve an encrypted payload.

Cyber_Security_Channel

Cyber Security News

31 December 2025 21:35

2️⃣0️⃣2️⃣6️⃣ Happy New Year from the Cyber Security News Team!

We would like to say thank you for continously supporting our community throughout the eventful year of 2025.

Together we have managed to reach important milestones and expand our sphere of influence even further around the globe.

♥️ We are grateful for all the members, partners, and supporters that engaged with our content, purchased paid advertisements, and showed appreciation to our channels =)

Our team hopes that all the content on this channel was useful and enjoyable for you.

☃️ We are planning to show dedication by continuing our mission next year, and are always open to your feedback, suggestions, and collaboration ideas — @cybersecadmin.

Thank you once again, and all the best in the New Year of 2026!

Warm regards to each of you,
~The Cyber Security News Team

🎅 @Cyber_Security_Channel 🎁

Cyber Security News

26 December 2025 23:38

Hundreds of Arrests as Operation Sentinel Recovers $3m

The outcomes from Operation Sentinel reflect the commitment of African law enforcement agencies, working in close coordination with international partners.

Their actions have successfully protected livelihoods, secured sensitive personal data and preserved critical infrastructure.

Cyber_Security_Channel

Cyber Security News

22 December 2025 23:50

MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS

In the Mobile section, coverage has been added for adversaries abusing the ‘linked devices’ feature in Signal and WhatsApp.

Also in this section, the ‘abuse accessibility features’ technique has been brought back after it was deprecated in version 7 of ATT&CK.

Cyber_Security_Channel

Cyber Security News

18 December 2025 23:45

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware

It added, “Its tool-use API enables the system to update its understanding of a file using a wide range of reverse engineering tools, including Microsoft memory analysis sandboxes based on Project Freta, custom and open-source tools, documentation search, and multiple decompilers.”

Cyber_Security_Channel

Cyber Security News

14 December 2025 05:37

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

A DuckDB maintainer was also phished, but the DuckDBLabs team was able to block the attacker’s access shortly after.

However, the DuckDB distribution for Node.js on the NPM registry was injected with malware, the team announced.

Cyber_Security_Channel

Cyber Security News

09 December 2025 20:47

🔴 LIVE from inside #Lazarus APT's IT workers scheme.
 
For weeks, researchers from NorthScan & BCA LTD kept #hackers believing they controlled a US dev's laptop.

In reality, it was #ANYRUN sandbox recording everything.
 
➡️ See full story and videos — click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

04 December 2025 14:01

📣 Webinar: Cybersecurity Law, Regulations and Compliance

Enhance your ImmuniWeb® AI Platform skills, earn CPE credits & qualify to become ImmuniWeb® Certified Professional.

Key insights:

• Recent developments in data protection, privacy law
• Cybersecurity requirements, penalties personal liability for non-compliance
• Strategies to reduce legal risks
• Insurance pitfalls & ways to avoid them
• Best data breach investigation practices & disclosure in 2026
• How cybersecurity compliance services by ImmuniWeb can help

→ When: December 11 at 10am, 5pm and 9pm CET.

→ Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.

Registration is open:

Session 1 – December 11, 2025

Geneva 10am | Dubai 1pm | Singapore 5pm

👉 Click here.

Session 2 – December 11, 2025

Geneva 5pm | New York 11am | California 8am

👉 Click here.

Session 3 – December 11, 2025

Geneva 9pm | New York 3pm | California 12pm

👉 Click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

01 December 2025 04:57

Securing The Human Layer: Modernising Workforce Authentication

Attackers are using increasingly sophisticated techniques, including credential spraying, brute-force attacks and malware that intercepts passwords and one-time passwords (OTPs).

Additionally, push-bombing or MFA fatigue attacks overwhelm users with mobile push authentication prompts, increasing the likelihood of accidental approval.

These vulnerabilities highlight the urgent need to move away from legacy authentication methods, which consistently fail to prevent breaches and expose organizations to financial, reputational and operational harm.

Cyber_Security_Channel

Cyber Security News

26 November 2025 22:39

Back in August: 6.4 million Bouygues Telecom customers just had their data exposed in a huge data breach – and it's the second to hit French telecoms operators in a month

Never share your usernames and passwords.

Be particularly wary of calls from fake bank advisors who may try to gain your trust by giving your name or account number.

If in doubt, end the call and call your bank or bank advisor back at their usual number.

Cyber_Security_Channel

Cyber Security News

22 November 2025 18:36

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

As soon as the card details, along with the expiration data and CVV number, are entered, the page attempts to process a transaction in the background...

While a "support chat" window appears on the screen with steps to complete a supposed "3D Secure verification for your credit card" to secure against fake bookings.

📷 Photo Credit: Dreamstime

Cyber_Security_Channel

Cyber Security News

16 January 2026 14:05

ℹ️ Join ImmuniWeb AI Platform 2026 Webinar: New Products and Capabilities to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.

✔️ Key Insights that Will be Covered:

• Useful and novel product features, functionalities and integrations
• New cybersecurity and compliance products by ImmuniWeb
• Practical use of ML and AI by ImmuniWeb in year 2026
• Cybersecurity cost reduction with ImmuniWeb
• Cybersecurity compliance with ImmuniWeb
• Live demo of ImmuniWeb AI Platform
• Full 2026 product map

Date & Time: January 29 at 10am and 5pm CET

Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.

✅ Register Now:

Session 1 – January 29, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm

👉 Click here.

Session 2 – January 29, 2026 – Geneva 5pm | New York 11am | California 8am

👉 Click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

14 January 2026 12:02

🚨 CastleLoader Attacks Government Agencies, Compromising up to 400+ Devices at Once

Its unusual process hollowing via an AutoIt3 script is hard for EDR to detect.

See full analysis from #ANYRUN with extracted runtime config, C2s, and #IOCs 👇

Read the full blog article — click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

10 January 2026 18:34

2026 Strategic Cybersecurity Planning: How CISOs Can Build a Future-Proof, Prevention-First Stack

Gartner identifies ten technologies shaping enterprise strategy in 2026. This list includes:

1. AI-Native Development Platforms
2. AI Supercomputing Platforms
3. Confidential Computing
4. Multiagent Systems
5. Domain-Specific Language Models
6. Physical AI
7. Preemptive Cybersecurity
8. Digital Provenance
9. AI Security Platforms
10. Geopatriation

Cyber_Security_Channel

Cyber Security News

06 January 2026 17:07

Conflicting Narratives in Security Incident: Hackers Claim Resecurity Breach, Firm Says Honeypot

According to Resecurity, it detected the threat actor's reconnaissance activities in November 2025.

The firm claims this monitoring led to the identification of the attackers' infrastructure, which was subsequently reported to law enforcement.

Cyber_Security_Channel

Cyber Security News

03 January 2026 00:44

Korean Air Data Compromised in Oracle EBS Hack

Korean Air reportedly confirmed that hackers have stolen the information of roughly 30,000 of its current and former employees from KC&D, including names and bank account numbers.

Customer data was not exposed, the airline said.

Cyber_Security_Channel

Cyber Security News

28 December 2025 13:07

DarkSub 2025: Top Cybersecurity Tool For Privacy Protection

DarkSub excels in several key areas, including its zero-data retention policy, ensuring users' activity logs remain private.

Its modular design allows users to customize privacy settings based on real-world use cases, such as VPN protection, stealth browsing, or firewall elevation.

Additionally, DarkSub's AI-powered threat detection system provides real-time alerts and predictive insights to stay ahead of emerging threats ¹.

@Cyber_Security_Channel

Cyber Security News

24 December 2025 08:44

Beyond the Prompt: Building Trustworthy Agent Systems

Output validation & guardrails: never trust raw agent output.

Implement strict validation checks before any action is taken or result is presented. Define clear boundaries for what actions are permissible (e.g., “can read this database but never modify it”).

Cyber_Security_Channel

Cyber Security News

20 December 2025 21:25

New Android Albiriox Malware Gains Traction in Dark Web Markets

Researchers found that the dropper used JSONPacker to obfuscate the underlying code, prompting victims to enable the “Install Unknown Apps” permission before installing Albiriox.

Once active, the malware connects to its command server over an unencrypted TCP channel and registers the device using hardware and OS identifiers.

Cyber_Security_Channel

Cyber Security News

16 December 2025 10:02

🚨 New Threat Alert: Salty2FA & Tycoon2FA are Now Targeting Enterprises in a Joint Phishing Operation.

A new PhaaS “chimera” now appears inside the same campaigns and even the same payloads, making attribution harder.

See the hybrid payload executed in the @anyrun_app sandbox — click here.

👨‍💻 Get all the details and actionable IOCs to adapt detection and threat hunting — click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

12 December 2025 02:45

React2Shell Attacks Linked to North Korean Hackers

In the EtherRAT attack, React2Shell is exploited to execute a shell command for downloading and executing a shell script designed to deploy a JavaScript implant.

This implant is a dropper that decrypts the main payload, EtherRAT.

Cyber_Security_Channel

Cyber Security News

06 December 2025 20:36

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

All gained ‘Featured’ and ‘Verified’ statuses from Google, before the threat actor weaponized them with a malicious update in mid-2024.

One of them, Clean Master, had more than 300,000 installs.

The update essentially transformed the extensions into a remote code execution framework, Koi says.

Every hour, the extensions would check an external server for instructions and execute arbitrary JavaScript code, with full browser API access.

Cyber_Security_Channel

Cyber Security News

03 December 2025 07:59

⚡️University of Pennsylvania Confirms New Data Breach After Oracle Hack

University of Pennsylvania disclosed another breach in late October 2025, after a hacker compromised internal systems and stole data on Penn's development and alumni activities.

The attacker claimed they exfiltrated personal information belonging to roughly 1.2 million students, alumni, and donors.

Institution noted that the attackers exploited a previously unknown security vulnerability.

@Cyber_Security_Channel

Cyber Security News

28 November 2025 22:05

Chrome Sandbox Escape Earns Researcher $250,000

$250,000 is the maximum reward that Google is prepared to pay out for a Chrome sandbox escape vulnerability, but the amount can only be earned for a submission that includes a high-quality report with demonstration of remote code execution.

Cyber_Security_Channel

Cyber Security News

25 November 2025 02:25

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

BadAudio is deployed as a DLL and uses search order hijacking for execution.

Recent versions have been dropped in archives also containing VBS, BAT, and LNK files, designed to automate the malware’s placement, to achieve persistence, and trigger the DLL’s sideloading.

Cyber_Security_Channel

Cyber Security News

20 November 2025 17:50

Newly Identified Android Spyware Appears to be From a Commercial Vendor

The Android spyware, dubbed LANDFALL, exploited a zero-day, or previously undocumented, vulnerability in Galaxy phones’ image processing libraries.

The spyware was likely sent via the WhatsApp messaging platform to exfiltrate data and snoop on targets.

The vulnerability was privately reported to Samsung in September 2024 but the company did not release a firmware update to fix it until April 2025.

Cyber_Security_Channel