The Hacker News

🚨 Fortinet confirms active exploitation of CVE-2025-59718 / 59719, allowing FortiGate FortiCloud SSO bypass — even on fully patched devices. Attackers abuse crafted SAML logins to gain admin access, add persistent accounts, enable VPN, and steal configs. Disabling FortiCloud SSO is advised. 🔗 Details → https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html

🇺🇸 TikTok confirmed a new U.S. joint venture to stay operational in the country. ByteDance will reduce its stake to 19.9%, giving majority control to U.S. investors. U.S. user data and algorithms will move to Oracle’s U.S. cloud with third-party security audits. 🔗 Read → https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html

🛠️⚠️ Attackers are abusing trusted IT tools, not deploying malware. A new campaign steals email logins, then installs legitimate RMM software for silent, long-term access. Because the tools are signed and allowed, many security controls don’t trigger. 🔗 Details → https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html

⚠️ Osiris ransomware hit a major food service operator in Southeast Asia, researchers say. The attack used a custom POORTRY driver to shut down security tools, then encrypted systems and exfiltrated data to cloud storage. 🔗 Details here → https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html

🚨 An 11-year-old critical flaw in GNU InetUtils telnetd lets attackers log in as root with no password. Tracked as CVE-2026-24061 (CVSS 9.8), it affects all versions 1.9.3–2.7 due to an unsanitized USER environment value passed to login. ⚠️ Exploitation has already been observed in the wild. 🔗 Read →https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html

🔥 ThreatsDay Bulletin — Get this week’s active threat landscape... 🔓 Zero-click Pixel exploit 🧱 EU moves to lock down the tech supply chain 🕷️ Mass WordPress plugin reconnaissance 📢 Malvertising → infostealers & RATs 🧾 Fake invoices, loans, and proxyware abuse 🌐 18,000+ active C2 servers exposed 💸 Crypto scams racing past $17B 🏧 ATM malware ring dismantled 🔗 Read all 20 updates → https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html

Behind every bar in this report is time won, money saved, or risk stopped. @anyrun_app helps businesses boost DR by 36% & reduce MTTR by 21 minutes with better attack visibility for SOC & MSSP teams. See how it can support your org in 2026 👉https://thn.news/threat-intel-hub

⚠️📧 Email is still the easiest way in. In Google Workspace, BEC attacks often carry no links or malware, so native defenses miss them. One compromised inbox can expose years of sensitive email and files. Hardening helps, but blind spots remain. 🔗 Gmail limits, real attack paths → https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html

Learn cybersecurity risk management from the experts at Georgetown. Attend our webinar on TBD. Sign up - https://thn.news/risk-mgmt-insight

🚨 Fake SymPy on PyPI is targeting Linux devs. The package sympy-dev clones the real project text, poses as a dev build, and has 1,100+ downloads since Jan 17. It activates only when certain math functions run, then loads an XMRig miner fully in memory to avoid traces. 🔗 Learn how the loader works → https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html

🚨 SmarterMail flaw is under active attack within 48 hours of patching. The bug lets attackers bypass auth, reset the admin password, then abuse built-in admin features to run OS commands as SYSTEM. Activity points to patch reverse-engineering. 🔗 Details → https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html

Model Context Protocol (MCP) connects AI models directly to live enterprise systems. One compromised MCP server can expose data, tokens, and APIs at scale. Most existing security tools have little to no visibility into this layer. 🔗 MCP risks and why they matter → https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html