1Password adds pop-up warnings for suspected phishing sites

The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. The subscription-based password management service is widely used in the enterprise environment by many well-known organizations. Recently, Windows added support for native passkey management via […]

Microsoft investigates Windows 11 boot failures after January updates

Microsoft is investigating reports that some Windows 11 devices are failing to boot with “UNMOUNTABLE_BOOT_VOLUME” errors after installing the January 2026 Patch Tuesday security updates. The issue affects Windows 11 version 25H2 and all editions of Windows 11 version 24H2 after installing the KB5074109 cumulative update released as part of this month’s updates. According to Microsoft, […]

Sandworm hackers linked to failed wiper attack on Poland’s energy systems

A cyberattack targeting Poland’s power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. Sandworm (also tracked as UAC-0113, APT44, and Seashell Blizzard) is a Russian nation-state hacking group that has been active since 2009. […]

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are advertised as AI-based coding assistants that provide the promised functionality. However, they do not disclose the upload activity or ask users for consent to deliver data to a remote server. The VS Code Marketplace is […]

CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. The security issues have been added to CISA’s KEV (Known Exploited Vulnerabilities) catalog, indicating that the agency has evidence that hackers are exploiting them […]

US to deport Venezuelans who emptied bank ATMs using malware

South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. 34-year-old Luz Granados and 40-year-old Johan Gonzalez-Jimenez have previously pleaded guilty to conspiracy and computer crimes for emptying older ATM models throughout the […]

Hackers exploit critical telnetd auth bypass flaw to get root

A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. The security issue is tracked as CVE-2026-24061 and was reported on January 20. It is trivial to leverage and multiple exploit examples are publicly available. Bug persisted since 2015 Open-source contributor Simon Josefsson […]