The Hacker News

Everyone’s building with AI in the cloud. Few are thinking about how to actually secure it. NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next. Worth a watch → https://thn.news/secure-cloud-insights

🔐 Active malware campaign abuses DLL side-loading in a signed GitKraken ahost.exe. A rogue libcares-2.dll is placed beside it to hijack DLL search order, bypass signature checks, and run code; invoice/RFQ lures drop stealers and RATs. 🔗 Read → https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html

🧭 Ad-hoc OSINT is still widely used across fraud, KYC, and investigations. As Oskar Gross explains, this approach creates real operational and security risk—analysts expose themselves, evidence gets lost, and teams unknowingly redo the same work. Scaling OSINT depends on standardized workflows and preservation, not more tools. 🔗 Inside why ad-hoc OSINT breaks at scale → https://thehackernews.com/expert-insights/2026/01/why-ad-hoc-osint-doesnt-scale-from.html

📊 New research across 4,700 websites finds 64% of third-party apps access sensitive data without business justification, up from 51% last year. The increase reflects governance gaps, not new exploits. Marketing scripts and tag managers account for much of the exposure. 🔗 Key findings and accountability breakdown → https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html

🚨 Fortinet fixed a CVSS 9.4 bug in FortiSIEM that allows unauthenticated code execution. The issue is in the phMonitor service on TCP port 7900. Crafted requests can trigger OS command injection, enabling file writes as admin and escalation to root via a scheduled task. 🔗 Details → https://thehackernews.com/2026/01/fortinet-fixes-critical-fortisiem-flaw.html 🔐 Patch now. Restrict access to port 7900.

⚠️ Microsoft’s first Patch Tuesday of 2026 fixes 114 Windows flaws, including one exploited in the wild. CVE-2026-20805 is a local info-leak in Desktop Window Manager that can expose memory addresses and weaken ASLR. 🔗 Read → https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html

🚨 Node.js fixed a DoS bug where apps crash instead of throwing a catchable error. 🧩 CVE-2025-59466 impacts Next.js, React Server Components, and most APM tools via AsyncLocalStorage. When async_hooks is enabled, deep recursion can force a hard process exit, dropping services. 🔗 Read → https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html

🚨 Ukraine’s CERT reports PLUGGYAPE malware attacks on defense forces from Oct–Dec 2025. Hackers used Signal and WhatsApp, posing as charities to deliver password-protected archives. New variants add stealth and flexible C2 via external services. 🔗 Read → https://thehackernews.com/2026/01/pluggyape-malware-uses-signal-and.html

🚨 A web skimming campaign active since January 2022 is still stealing checkout data from compromised e-commerce sites. Researchers found Magecart-style JavaScript that hides from admins, swaps real Stripe forms with fakes, steals card and personal data, then erases itself. 🔗 How the skimmer works → https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html

🚨 Malicious Chrome extension targeted MEXC users by abusing an already logged-in browser session. It auto-created new API keys, secretly enabled withdrawals, hid that permission in the UI, and sent the keys to a Telegram bot. Uninstalling the extension didn’t revoke 🔑 access. 🔗 Read → https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html

🤖 AI agents now build, test, and deploy code on their own. The real risk isn’t the model—it’s who controls what the agent can run, call, and access. This WEBINAR breaks down MCPs, permissions, and practical controls to secure agentic AI without slowing teams. ⏳ Save your seat → https://thehackernews.com/2026/01/webinar-t-from-mcps-and-tool-access-to.html

🚨 The most effective attacks in 2025 still rely on 2015-era tactics—just at far greater scale. Supply-chain abuse remains central, from npm package takeovers to long-term trust attacks like XZ Utils. AI didn’t change attacker strategy; it automated execution, reducing time, cost, and manpower. 🔗 Why fundamentals still fail → https://thehackernews.com/2026/01/what-should-we-learn-from-how-attackers.html