The Hacker News

Microsoft says attackers are abusing misconfigured MX routing and weak spoof protections to send phishing emails that appear internal. Some emails use the same address in both “From” and “To,” enabling credential theft and BEC. 🔗 Read → https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html

🛑 The breach doesn’t always start with phishing anymore. In some cases, it starts during hiring. Synthetic resumes, cloned voices, and live video deepfakes can pass standard remote interviews. Once hired, attackers gain legitimate access, time, and trust inside the environment. 🔗 Why hiring is now an attack surface → https://thehackernews.com/expert-insights/2026/01/deepfake-job-hires-when-your-next.html

🚨 Active exploitation is hitting old D-Link DSL router. CVE-2026-0625 (CVSS 9.3) allows unauthenticated remote code execution via the dnscfg.cgi endpoint. The same DNSChanger-style abuse seen in past hijacking campaigns is resurfacing, and many affected models are end of life and no longer maintained. 🔗 Active exploitation details → https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html

🛑 European hotels are facing a phishing campaign abusing Booking-com cancellation emails. Victims hit a fake site, see a fake blue screen, and are told to run a PowerShell “fix.” That installs DCRat via MSBuild.exe, sets Defender exclusions, and persists on the system. 🔗 Learn more → https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html

⚠️ Warning: Two Chrome extensions with 900,000+ installs were found stealing ChatGPT and DeepSeek conversations, plus all open tab URLs. Researchers call this prompt poaching. 🔗 Read here → https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html

🚨 CERT/CC disclosed an unpatched flaw in the end-of-life TOTOLINK EX200. A firmware upload error can start an unauthenticated root telnet service, giving full control after web admin access. 🔗 Read → https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html

⚠️ Bluetooth headphones built on Airoha chips have flaws that let attackers connect without pairing and control device functions over the air. The issue sits in the RACE protocol and requires vendor firmware updates to fix. 🔗 Learn more → https://thehackernews.com/2026/01/weekly-recap-iot-exploits-wallet.html#:~:text=Flaws%20in%20Bluetooth%20Headphones%20Using%20Airoha%20Chips%20Detailed

The Patching Paradox: You can't patch a device while it’s saving a life. Stop chasing 10k vulnerabilities and start validating True Risk. Join us Jan 20 to learn how to secure legacy IoMT without clinical downtime. Save your seat: https://thn.news/healthcare-sec-insights

AI-powered VS Code forks are suggesting extensions that are missing from Open VSX. That gap leaves the names unclaimed, letting anyone publish code under them. Koi showed how a fake PostgreSQL extension spread via a single click. 🔗 Read → https://thehackernews.com/2026/01/vs-code-forks-recommend-missing.html

⚡ Identity risk is no longer about bad policies. It’s about blind spots. IAM tools only cover what’s fully onboarded. Everything else becomes identity dark matter, where accounts and access exist without oversight. As environments scale, this unmanaged layer grows quietly. 🔗 How identity goes dark → https://thehackernews.com/2026/01/what-is-identity-dark-matter.html

⚠️ AdonisJS users are being advised to patch a critical flaw in adonisjs/bodyparser. CVE-2026-21440 (CVSS 9.2) allows arbitrary file writes via path traversal when upload filenames aren’t explicitly sanitized. 🔗 Read → https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html

🚨 Popular workflow automation platform n8n disclosed a critical flaw that lets authenticated users with workflow edit rights execute OS commands on the host. Tracked as CVE-2025-68668, the issue carries a CVSS score of 9.9. 🔗 Details here → https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html