Sami Laiho
@samilaiho.com
📤 1599
đź“Ą 179
đź“ť 2767
Keynote-speaker, Chief Research Officer, Microsoft MVP since 2011 More info:
https://samilaiho.com/
Multiple vulnerabilities in Trend Micro Apex Central (January 2026) URL:
jvndb.jvn.jp/en/contents/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
loading . . .
JVNDB-2026-001662 - JVN iPedia
https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001662.html
about 3 hours ago
0
1
1
Command injection vulnerability in ASUS routers URL:
jvndb.jvn.jp/en/contents/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
loading . . .
JVNDB-2026-000010 - JVN iPedia
https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000010.html
about 3 hours ago
0
2
1
CISA Releases 10 Industrial Control Systems Advisories URL:
www.cisa.gov/news-events/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: None
loading . . .
ICS Advisories | CISA
ICS Advisory DefinitionsAll Alerts and Advisories
https://www.cisa.gov/news-events/ics-advisories
about 3 hours ago
0
1
0
From runtime risk to real‑time defense: Securing AI agents
www.microsoft.com/en-us/securi...
loading . . .
From runtime risk to real‑time defense: Securing AI agents | Microsoft Security Blog
Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration.
https://www.microsoft.com/en-us/security/blog/2026/01/23/runtime-risk-realtime-defense-securing-ai-agents/
about 21 hours ago
0
0
0
Patch or die: VMware vCenter Server bug fixed in 2024 under attack today
www.theregister.com/2026/01/23/c...
loading . . .
Critical VMware vCenter Server bug under attack
: If you skipped it back then, now’s a very good time
https://www.theregister.com/2026/01/23/critical_vmware_vcenter_server_bug/
about 21 hours ago
0
2
0
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
www.welivesecurity.com/en/eset-rese...
loading . . .
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper.
https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/
about 21 hours ago
0
0
0
ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs
www.theregister.com/2026/01/23/s...
loading . . .
ShinyHunters claims Okta customer breaches, leaks data
: 'A lot more' victims to come, we're told
https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
2 days ago
0
2
0
Hackers exploit critical telnetd auth bypass flaw to get root
www.bleepingcomputer.com/news/securit...
loading . . .
Hackers exploit critical telnetd auth bypass flaw to get root
A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root/
2 days ago
1
1
0
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
www.darkreading.com/endpoint-sec...
loading . . .
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.
https://www.darkreading.com/endpoint-security/exploited-zero-day-flaw-cisco-uc-affect-millions
2 days ago
0
2
1
Fortinet confirms critical FortiCloud auth bypass not fully patched
www.bleepingcomputer.com/news/securit...
loading . . .
Fortinet confirms critical FortiCloud auth bypass not fully patched
Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability th...
https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/
2 days ago
0
0
0
thehackernews.com/2026/01/cisc...
loading . . .
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco fixes actively exploited CVE-2026-20045 zero-day enabling unauthenticated RCE in Unified CM and Webex; CISA sets Feb 11, 2026 deadline.
https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html
3 days ago
0
2
0
Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war, report finds
therecord.media/jordan-used-...
loading . . .
Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war, report finds
The findings, published by Citizen Lab Thursday, are based on the research institute’s digital forensic analysis of seized phones in four cases and Jordanian court records in three cases.
https://therecord.media/jordan-used-cellebrite-against-activists-critical-gaza-war
3 days ago
0
2
0
Bank of England: Financial sector failing to implement basic cybersecurity controls
www.theregister.com/2026/01/22/f...
loading . . .
BoE: UK finservs still lacking on basic cybersecurity
: Mind the cyber gap – similar flaws highlighted multiple years in a row
https://www.theregister.com/2026/01/22/financial_sector_cyber_gap/
3 days ago
0
1
0
European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data
www.bitdefender.com/en-us/blog/h...
loading . . .
European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data
It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.
https://www.bitdefender.com/en-us/blog/hotforsecurity/european-space-agencys-cybersecurity-in-freefall-as-yet-another-breach-exposes-spacecraft-and-mission-data
3 days ago
0
2
0
Congress Proposes Steep Cuts to CISA
www.databreachtoday.com/congress-pro...
loading . . .
Congress Proposes Steep Cuts to CISA
Congress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for
https://www.databreachtoday.com/congress-proposes-steep-cuts-to-cisa-a-30577
3 days ago
0
1
0
Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
arcticwolf.com/resources/bl...
loading . . .
Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf
Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/
3 days ago
0
1
0
New Android malware uses AI to click on hidden browser ads
www.bleepingcomputer.com/news/securit...
loading . . .
New Android malware uses AI to click on hidden browser ads
A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements.
https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-to-click-on-hidden-browser-ads/
3 days ago
0
1
0
GNU InetUtils Security Advisory: remote authentication by-pass in telnetd URL:
seclists.org/oss-sec/2026...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 9.8
loading . . .
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
https://seclists.org/oss-sec/2026/q1/89
3 days ago
0
0
0
thehackernews.com/2026/01/cert...
loading . . .
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html
4 days ago
0
2
0
securityaffairs.com/187110/hacki...
loading . . .
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking.
https://securityaffairs.com/187110/hacking/critical-tp-link-vigi-camera-flaw-allowed-remote-takeover-of-surveillance-systems.html
4 days ago
0
1
0
Don't click on the LastPass 'create backup' link - it's a scam
www.theregister.com/2026/01/21/l...
loading . . .
Don’t click the LastPass 'create backup' link
: Phishing campaign tries to reel in master passwords
https://www.theregister.com/2026/01/21/lastpass_backup_phishing_campaign/
4 days ago
0
0
0
Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
www.bleepingcomputer.com/news/securit...
loading . . .
Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition.
https://www.bleepingcomputer.com/news/security/tesla-hacked-37-zero-days-demoed-at-pwn2own-automotive-2026/
4 days ago
0
0
0
ACF plugin bug gives hackers admin on 50,000 WordPress sites
www.bleepingcomputer.com/news/securit...
loading . . .
ACF plugin bug gives hackers admin on 50,000 WordPress sites
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permission...
https://www.bleepingcomputer.com/news/security/acf-plugin-bug-gives-hackers-admin-on-50-000-wordpress-sites/
4 days ago
0
0
0
VoidLink cloud malware shows clear signs of being AI-generated
www.bleepingcomputer.com/news/securit...
loading . . .
VoidLink cloud malware shows clear signs of being AI-generated
The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model.
https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/
4 days ago
0
0
0
Oracle Critical Patch Update Advisory - January 2026 URL:
www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
loading . . .
https://www.oracle.com/security-alerts/cpujan2026.html
4 days ago
0
0
0
www.greenbone.net/en/blog/cve-...
loading . . .
CVE-2025-64155: In the Wild Exploitation of FortiSIEM for Unauthenticated Root-Level RCE
CVE-2025-64155 in FortiSIEM disclosed ⚡ Actively exploited unauthenticated root RCE. Secure systems now.
https://www.greenbone.net/en/blog/cve-2025-64155-fortisiem-root-rce-cvss-9-8/
5 days ago
0
0
0
For the price of Netflix, crooks can now rent AI to run cybercrime
www.theregister.com/2026/01/20/g...
loading . . .
For the price of Netflix, crooks can rent AI crime ops
: Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices
https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/
5 days ago
0
0
0
Google Gemini Flaw Turns Calendar Invites Into Attack Vector
www.darkreading.com/cloud-securi...
loading . . .
Google Gemini Flaw Turns Calendar Invites Into Attack Vector
The indirect prompt injection vulnerability allows an attacker to weaponize Google invites to circumvent privacy controls and access private data.
https://www.darkreading.com/cloud-security/google-gemini-flaw-calendar-invites-attack-vector
5 days ago
0
1
0
Fake ad blocker extension crashes the browser for ClickFix attacks
www.bleepingcomputer.com/news/securit...
loading . . .
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks.
https://www.bleepingcomputer.com/news/security/fake-ad-blocker-extension-crashes-the-browser-for-clickfix-attacks/
5 days ago
0
0
0
New PDFSider Windows malware deployed on Fortune 100 firm's network
www.bleepingcomputer.com/news/securit...
loading . . .
New PDFSider Windows malware deployed on Fortune 100 firm's network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems.
https://www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
5 days ago
0
0
0
reposted by
Sami Laiho
Atla Hrafney
6 days ago
In the 2010s, the Icelandic tv station Channel 2 accidentally added subtitles from a gritty crime drama to an episode of Teletubbies. I have translated some of the highlights
96
7311
3510
seclists.org/oss-sec/2026...
GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
loading . . .
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
https://seclists.org/oss-sec/2026/q1/89
6 days ago
0
1
0
UK govt. warns about ongoing Russian hacktivist group attacks
www.bleepingcomputer.com/news/securit...
loading . . .
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive ...
https://www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/
6 days ago
0
0
0
ABB Ability OPTIMAX Authentication Bypass in Single-Sign On with Azure Active Directory URL:
search.abb.com/library/Down...
loading . . .
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331
6 days ago
0
0
0
ABB Ability OPTIMAX Authentication Bypass in Single-Sign On with Azure Active Directory URL:
search.abb.com/library/Down...
loading . . .
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A1331
6 days ago
0
0
0
JVNDB-2026-001380 Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers URL:
jvndb.jvn.jp/en/contents/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.0: 9.8
loading . . .
JVNDB-2026-001380 - JVN iPedia
https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001380.html
6 days ago
0
0
0
AVEVA Process Optimization URL:
www.cisa.gov/news-events/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
loading . . .
AVEVA Process Optimization | CISA
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
6 days ago
0
0
0
Malicious GhostPoster browser extensions found with 840,000 installs
www.bleepingcomputer.com/news/securit...
loading . . .
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations.
https://www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/
7 days ago
0
1
0
Iran’s internet shutdown is now one of its longest ever, as protests continue
techcrunch.com/2026/01/15/i...
loading . . .
Iran’s internet shutdown is now one of its longest ever, as protests continue | TechCrunch
Iran’s government-imposed internet shutdown enters its second week as authorities continue their violent crackdown on protesters.
https://techcrunch.com/2026/01/15/irans-internet-shutdown-is-now-one-of-its-longest-ever-as-protests-continue/
8 days ago
0
2
0
Canadian investment regulator confirms hackers hit 750,000 investors
therecord.media/canada-ciro-...
loading . . .
Canadian investment regulator confirms hackers hit 750,000 investors
The nongovernmental Canadian Investment Regulatory Organization, which oversees the country's debt and equity marketplaces as well as some financial institutions, released details about an August 2025...
https://therecord.media/canada-ciro-investing-regulator-confirms-data-breach
8 days ago
0
2
0
Winter Olympics Could Share Podium With Cyberattackers
www.darkreading.com/remote-workf...
loading . . .
Cyber Threats Loom Over 2026 Winter Olympics
The Games in the Italian Alps are attracting hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the glitterati.
https://www.darkreading.com/remote-workforce/winter-olympics-podium-cyberattackers
8 days ago
0
1
0
Black Basta boss makes it onto Interpol's 'Red Notice' list
www.bleepingcomputer.com/news/securit...
loading . . .
Black Basta boss makes it onto Interpol's 'Red Notice' list
The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.
https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/
8 days ago
0
0
0
cymulate.com/blog/cve-202...
loading . . .
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
Cymulate Research Labs uncovered CVE-2026-20965, a token validation flaw in Azure Windows Admin Center enabling tenant-wide RCE and lateral movement.
https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/
9 days ago
0
1
0
CISA, Allies Sound Alarm on OT Network Exposure
www.databreachtoday.com/cisa-allies-...
loading . . .
CISA, Allies Sound Alarm on OT Network Exposure
U.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity - driven by remote access, third-party vendors and IT
https://www.databreachtoday.com/cisa-allies-sound-alarm-on-ot-network-exposure-a-30534
9 days ago
0
0
0
CISA, Allies Sound Alarm on OT Network Exposure
www.databreachtoday.com/cisa-allies-...
loading . . .
CISA, Allies Sound Alarm on OT Network Exposure
U.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity - driven by remote access, third-party vendors and IT
https://www.databreachtoday.com/cisa-allies-sound-alarm-on-ot-network-exposure-a-30534
9 days ago
0
1
1
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
www.bleepingcomputer.com/news/securit...
loading . . .
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code.
https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-fortinet-fortisiem-vulnerability-in-attacks/
9 days ago
0
0
0
Cisco finally fixes AsyncOS zero-day exploited since November
www.bleepingcomputer.com/news/securit...
loading . . .
Cisco finally fixes AsyncOS zero-day exploited since November
​Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025.
https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/
9 days ago
0
1
0
Google now lets you change your @gmail.com address, rolling out
www.bleepingcomputer.com/news/technol...
loading . . .
Google now lets you change your @gmail.com address, rolling out
Google has confirmed that it's now possible to change your @gmail.com address. This means that if your current email is
[email protected]
, you can now change it to
[email protected]
.
https://www.bleepingcomputer.com/news/technology/google-now-lets-you-change-your-gmailcom-address-rolling-out/
9 days ago
0
1
0
www.darkreading.com/remote-workf...
loading . . .
'Most Severe AI Vulnerability to Date' Hits ServiceNow
The ITSM giant tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.
https://www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
10 days ago
0
1
0
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
cloud.google.com/blog/topics/...
loading . . .
Releasing Rainbow Tables to Accelerate Protocol Deprecation | Google Cloud Blog
Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.
https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables/
10 days ago
0
0
1
Load more
feeds!
log in
