The Hacker News

🛑 URGENT: Microsoft rushed out out-of-band fixes for an actively exploited Office zero-day. CVE-2026-21509 (CVSS 7.8) lets attackers bypass Office security using a malicious file that must be opened by the victim. 🔗 Details → https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html

Google Project Zero revealed a working zero-click exploit chain against Pixel 9 phones. A bug in the Dolby audio decoder let Google Messages process a malicious audio file in the background, gaining code execution, then a kernel bug completed the takeover. Pixel patches shipped in early Jan 2026. 🔗 Read → https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html#zero-click-chain-hits-pixel

🚨 ALERT: Indian users are being hit by a cyber-espionage campaign posing as Income Tax emails. Opening the attachment installs a stealth backdoor that disguises itself as Windows Explorer, bypasses UAC, and stays hidden. 🔗 Inside the attack chain and payloads → https://thehackernews.com/2026/01/indian-users-targeted-in-tax-phishing.html

🚨 Weekly Cybersecurity Recap ⚠️ Old flaws, new attacks 🧠 AI writing malware 🧩 Trusted software abused ⏱️ Exploits moving fast 🔐 Read the full recap. Stay alert → https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html

🚨 Two popular VS Code AI assistant extensions were caught spying on developers. They looked normal but quietly sent opened files and code edits to servers in 🇨🇳 China. Koi Security says 1.5M installs were exposed without consent. 🔗Read → https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html

🛑 Attackers now use 🤖 AI to write, hide, and mutate malware in real time. Google and Anthropic confirm AI-orchestrated attacks running autonomously end to end. They bypass EDR by looking normal on each endpoint. The tell is in network behavior. 🔗 How network signals expose what endpoints miss → https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html

🧑‍💻 North Korea’s Konni group is using AI-assisted PowerShell malware to target blockchain developers. Campaigns hit Japan, Australia, and India via Google ad–style phishing links that bypass filters and drop EndRAT. 🔗 Inside the full attack chain → https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html

⚠️ Russian users hit by a new phishing chain delivering Amnesia RAT and ransomware. Fake business docs and LNK files do the work — no exploits. Payloads are split across GitHub and Dropbox, then Microsoft Defender is disabled using defendnot. 🔗Full attack chain and defenses → https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html

🤖 AI agents now move faster than IAM can see. Shared agents quietly gain broad, long-lived access across systems, often with no clear owner. That’s how access drift begins. The risk isn’t stolen creds—it’s valid access used in unsafe ways that never trigger alerts. 🔗 Read → https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html

🇵🇱 Poland blocked what officials described as its strongest cyberattack on the energy sector in years. ESET links it to Russia-aligned Sandworm, which used a new DynoWiper malware to target ⚡ power plants and renewable energy systems in late Dec 2025. 🔗Details → https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html

🚨 CISA confirms active exploitation of a critical VMware vCenter Server flaw. CVE-2024-37079 allows remote code execution via a DCE/RPC heap overflow if an attacker has network access. 🔗 Details → https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html

🚨 CISA added four exploited vulnerabilities to its KEV list, impacting Zimbra, Versa SD-WAN, Vite, and a compromised npm package linked to a supply-chain attack. ⏳ U.S. federal agencies must apply fixes by Feb 12 under BOD 22-01. 🔗 CVEs, fixes, and deadlines → https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html