The Hacker News

🚨 Fortinet FortiGate under automated SSO abuse. Attackers exploit CVE-2025-59718/59719 to add admin users, enable VPN access, and export firewall configs within seconds, per Arctic Wolf. 🔗 Learn what’s happening and what to disable → https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html

🚨 Cisco fixed an actively exploited zero-day in its voice and collaboration stack. CVE-2026-20045 allows unauthenticated attackers to run commands and escalate to root on exposed Unified CM and Webex Calling systems. 🔗Details → https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html

🧑‍💻 North Korean actors behind the Contagious Interview campaign targeted 3,136 IPs, researchers say. The activity hit AI, crypto, finance, and software firms across Europe, Asia, and the Middle East. 💼 Hiring processes were the entry point. 🔗 Learn more → https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html

🚨 Zoom and GitLab shipped urgent security fixes. ➤ Zoom patched a critical RCE (CVSS 9.9) in Node MMRs that could let a meeting participant run code. ➤ GitLab fixed high-severity bugs enabling unauthenticated DoS and a 2FA bypass. 🔗 Details on affected versions and patches → https://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html

🔔 Webinar Alert! MSSPs aren’t losing in 2026 because they’re small. They’re losing because delivery doesn’t scale. This live webinar breaks down how AI removes manual assessments and reporting — so you can deliver CISO-level security without hiring more analysts. See the exact operating model top MSSPs are using to protect margins. 🔗 Save your seat before it fills → https://thehackernews.com/2026/01/webinar-how-smart-mssps-using-ai-to.html

Static pentest reports create unnecessary delays. Today’s security teams need real-time visibility, automated handoffs, and continuous workflows. Not PDFs that stall remediation. This step-by-step guide explains how automation modernizes pentest delivery so findings move from discovery to remediation immediately. Download the guide 👉https://thn.news/pentest-delivery-guide

🛑 RCE flaws found in widely used AI Python libraries. Researchers report bugs in Apple FlexTok, NVIDIA NeMo, and Salesforce Uni2TS that trigger when malicious model metadata is loaded. These tools power popular AI models. Patches are out, no active exploitation seen yet. 🔗 Read → https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html#rce-via-ai-libraries

🛡️ Security teams don’t fail by missing bugs. They fail by fixing the wrong ones. Gartner’s EAP category shifts focus from CVE volume to real attack paths across cloud and identity. Most alerts never reach critical assets. EAPs show what actually matters. 🔗 Read → https://thehackernews.com/2026/01/exposure-assessment-platforms-signal.html

🚨 Security researchers found two high-severity flaws in Chainlit, an open-source AI chatbot framework. The bugs enable file reads and SSRF, exposing API keys and internal data and enabling lateral movement. Fixed in v2.9.4. 🔗 Read → https://thehackernews.com/2026/01/chainlit-ai-framework-flaws-enable-data.html

🤖⚠️ One developer. 88,000+ lines of code. Researchers say an advanced Linux malware framework was built in weeks with AI help, guided by a single skilled developer using an AI agent—resetting expectations for what one actor can build. 🔗 Read → https://thehackernews.com/2026/01/voidlink-linux-malware-framework-built.html

🔐 Containers now power core production systems, but security is lagging behind. ActiveState data shows 82% of orgs suffered a container breach last year—and many leaders now treat incidents as expected, not preventable. 🔗 Why container security is becoming “inevitable” → https://thehackernews.com/expert-insights/2026/01/the-great-container-disconnect-security.html

🚨 LastPass is warning users about an active phishing campaign. Fake “maintenance” emails create 24-hour urgency and redirect victims to spoofed LastPass sites designed to steal master passwords. 🔗 How the scam works and how to spot it → https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html