🚨 Security researchers found two high-severity flaws in Chainlit, an open-source AI chatbot framework.

The bugs enable file reads and SSRF, exposing API keys and internal data and enabling lateral movement. Fixed in v2.9.4.

🔗 Read → https://thehackernews.com/2026/01/chainlit-ai-framework-flaws-enable-data.html

🛡️ Security teams don’t fail by missing bugs. They fail by fixing the wrong ones.

Gartner’s EAP category shifts focus from CVE volume to real attack paths across cloud and identity. Most alerts never reach critical assets. EAPs show what actually matters.

🔗 Read → https://thehackernews.com/2026/01/exposure-assessment-platforms-signal.html

🛑 RCE flaws found in widely used AI Python libraries.

Researchers report bugs in Apple FlexTok, NVIDIA NeMo, and Salesforce Uni2TS that trigger when malicious model metadata is loaded.

These tools power popular AI models. Patches are out, no active exploitation seen yet.

🔗 Read → https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html#rce-via-ai-libraries

Static pentest reports create unnecessary delays.

Today’s security teams need real-time visibility, automated handoffs, and continuous workflows. Not PDFs that stall remediation.

This step-by-step guide explains how automation modernizes pentest delivery so findings move from discovery to remediation immediately.

Download the guide 👉 https://thn.news/pentest-delivery-guide

🔔 Webinar Alert! MSSPs aren’t losing in 2026 because they’re small. They’re losing because delivery doesn’t scale.

This live webinar breaks down how AI removes manual assessments and reporting — so you can deliver CISO-level security without hiring more analysts.

See the exact operating model top MSSPs are using to protect margins.

🔗 Save your seat before it fills → https://thehackernews.com/2026/01/webinar-how-smart-mssps-using-ai-to.html

🚨 Zoom and GitLab shipped urgent security fixes.

➤ Zoom patched a critical RCE (CVSS 9.9) in Node MMRs that could let a meeting participant run code.

➤ GitLab fixed high-severity bugs enabling unauthenticated DoS and a 2FA bypass.

🔗 Details on affected versions and patches → https://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html

🧑‍💻 North Korean actors behind the Contagious Interview campaign targeted 3,136 IPs, researchers say.

The activity hit AI, crypto, finance, and software firms across Europe, Asia, and the Middle East.

💼 Hiring processes were the entry point.

🔗 Learn more → https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html

🚨 Cisco fixed an actively exploited zero-day in its voice and collaboration stack.

CVE-2026-20045 allows unauthenticated attackers to run commands and escalate to root on exposed Unified CM and Webex Calling systems.

🔗Details → https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html

🚨 Fortinet FortiGate under automated SSO abuse.

Attackers exploit CVE-2025-59718/59719 to add admin users, enable VPN access, and export firewall configs within seconds, per Arctic Wolf.

🔗 Learn what’s happening and what to disable → https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html

Model Context Protocol (MCP) connects AI models directly to live enterprise systems.

One compromised MCP server can expose data, tokens, and APIs at scale.

Most existing security tools have little to no visibility into this layer.

🔗 MCP risks and why they matter → https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html

🚨 SmarterMail flaw is under active attack within 48 hours of patching.

The bug lets attackers bypass auth, reset the admin password, then abuse built-in admin features to run OS commands as SYSTEM.

Activity points to patch reverse-engineering.

🔗 Details → https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html

🚨 Fake SymPy on PyPI is targeting Linux devs. The package sympy-dev clones the real project text, poses as a dev build, and has 1,100+ downloads since Jan 17.

It activates only when certain math functions run, then loads an XMRig miner fully in memory to avoid traces.

🔗 Learn how the loader works → https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html

Learn cybersecurity risk management from the experts at Georgetown. Attend our webinar on TBD.

Sign up - https://thn.news/risk-mgmt-insight

⚠️📧 Email is still the easiest way in.

In Google Workspace, BEC attacks often carry no links or malware, so native defenses miss them. One compromised inbox can expose years of sensitive email and files.

Hardening helps, but blind spots remain.

🔗 Gmail limits, real attack paths → https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html

🔥 ThreatsDay Bulletin — Get this week’s active threat landscape...

🔓 Zero-click Pixel exploit
🧱 EU moves to lock down the tech supply chain
🕷️ Mass WordPress plugin reconnaissance
📢 Malvertising → infostealers & RATs
🧾 Fake invoices, loans, and proxyware abuse
🌐 18,000+ active C2 servers exposed
💸 Crypto scams racing past $17B
🏧 ATM malware ring dismantled

🔗 Read all 20 updates → https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html

🚨 An 11-year-old critical flaw in GNU InetUtils telnetd lets attackers log in as root with no password.

Tracked as CVE-2026-24061 (CVSS 9.8), it affects all versions 1.9.3–2.7 due to an unsanitized USER environment value passed to login.

⚠️ Exploitation has already been observed in the wild.

🔗 Read →https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html