Security Update Gaps Highlight Risks in Android Ecosystem A recent study has exposed significant security vulnerabilities within the Android ecosystem, exacerbated by device manufacturers—commonly referred to as OEMs—who fail to deliver timely updates. The research conducted by Karsten Nohl and Jakob Lell from Security Research Labs (SRL) casts doubt on…
Ongoing Malware Campaign Hijacks Routers to Distribute Banking Malware Recent cybersecurity alerts have emphasized the urgency of addressing a malicious campaign targeting Internet routers. This operation exploits vulnerabilities to distribute Android banking malware, jeopardizing users’ personal data, login credentials, and two-factor authentication codes. Dubbed Roaming Mantis, this sophisticated malware leverages…
Cybersecurity Alert: CCleaner Faces Major Supply-Chain Malware Attack Last year, the widely utilized system optimization tool CCleaner fell victim to a significant supply-chain malware attack, marking one of the most severe cybersecurity breaches to date. Hackers infiltrated the servers of Piriform, the software’s parent company acquired by Avast in 2017,…
Cloud Security, Regulation, Security Operations Civil Society Organizations Express Concerns Over Potential Impact of Google-Wiz Deal on Cloud Security Michael Novinson (@MichaelNovinson) • January 30, 2026 A coalition of civil society organizations has voiced significant concerns regarding Google’s proposed acquisition of Wiz, arguing that it could severely diminish competition in…
Vulnerability Discovered in AI-Enabled Children’s Toy Reveals Sensitive Data In a concerning incident this month, security researcher Joseph Thacker uncovered a significant vulnerability in Bondus, a line of stuffed dinosaur toys equipped with artificial intelligence chat functions aimed at children. The toy allows kids to engage in interactive conversations, functioning…
Fraud Management & Cybercrime, Identity & Access Management, Security Operations ShinyHunters Campaign Utilizes Voice Phishing to Circumvent MFA and Compromise Corporate Data Mathew J. Schwartz (euroinfosec) • January 28, 2026 Image: Oleksandr Yashchuk/Shutterstock Security experts are advising customers of identity provider Okta utilizing its single-sign-on (SSO) services to remain vigilant…
A significant security breach has resulted in the theft of over 100 million passwords from a compromised database, raising major concerns for online security across numerous platforms. The exposed database, which contained 149 million usernames and passwords, has been removed following concerns raised by a cybersecurity researcher to the hosting…
Cybersecurity experts are currently grappling with a surge of voice-phishing attacks aimed at single sign-on (SSO) tools. These coordinated efforts have led to instances of data theft and extortion, as various cybercrime groups, including one claiming ties to ShinyHunters, harness sophisticated voice calls and phishing kits to deceive victims into…
Endpoint Security, Internet of Things Security ‘WhisperPair’ Vulnerability Poised to Persist for Years Greg Sirico • January 23, 2026 Image: Melnikov Dmitriy/Shutterstock A recently disclosed vulnerability, known as “WhisperPair,” poses significant risks by allowing attackers to exploit flaws within Google’s Fast Pair technology, utilized in Bluetooth audio accessories. The vulnerability…
