β οΈ n8n disclosed two sandbox escape flaws that let authenticated users seize control of automation servers.
One issue is rated CVSS 9.9 and enables full RCE. Risk is higher in internal execution mode, which n8n already advises against.
π Details β https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html
One issue is rated CVSS 9.9 and enables full RCE. Risk is higher in internal execution mode, which n8n already advises against.
π Details β https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html
π12π₯1
π¨ A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system.
Tracked as CVE-2026-22709 (CVSS 9.8), the issue stems from improper Promise handler sanitization.
π How the flaw works β https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html
Tracked as CVE-2026-22709 (CVSS 9.8), the issue stems from improper Promise handler sanitization.
π How the flaw works β https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html
π5π1
π€ AI didnβt replace SOC analysts. It fixed the scale gap.
Agentic AI investigates every alert first, then hands a verdict to humans.
π« No sampling. No skipped signals.
π Full context by default.
π How triage really changes β https://thehackernews.com/2026/01/from-triage-to-threat-hunts-how-ai.html
Agentic AI investigates every alert first, then hands a verdict to humans.
π« No sampling. No skipped signals.
π Full context by default.
π How triage really changes β https://thehackernews.com/2026/01/from-triage-to-threat-hunts-how-ai.html
π₯8
Researchers find Russian-linked ELECTRUM targeted Polandβs β‘ power infrastructure in December.
The coordinated attack hit wind, solar, and CHP sites, breaching OT systems and damaging some equipment beyond repair.
π Read β https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html
The coordinated attack hit wind, solar, and CHP sites, breaching OT systems and damaging some equipment beyond repair.
π Read β https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html
π₯9π€―6β‘1
π¨ Fake VS Code extension abused #Moltbotβs name to deliver remote access malware.
It posed as an AI assistant, despite Moltbot having no official VS Code plugin. Once installed, it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control.
π Read β https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html
It posed as an AI assistant, despite Moltbot having no official VS Code plugin. Once installed, it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control.
π Read β https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html
π€―20π9β‘2
π¨ Container adoption has outpaced security.
82% of organizations suffered a container breach last year, and most now assume one will happen every year. Fast-moving containers and unchecked public images keep adding risk faster than teams can fix it.
π Why container security prevention is failing in 2026 β https://thehackernews.com/expert-insights/2026/01/the-great-container-disconnect-security.html
82% of organizations suffered a container breach last year, and most now assume one will happen every year. Fast-moving containers and unchecked public images keep adding risk faster than teams can fix it.
π Why container security prevention is failing in 2026 β https://thehackernews.com/expert-insights/2026/01/the-great-container-disconnect-security.html
π8β‘4π3π€2π1
πͺ Google dismantles IPIDEA, a major residential proxy network.
GTIG says 550+ threat groups used it this month to hide espionage, cybercrime, and password-spray attacks by routing traffic through hijacked home devices worldwide.
π Read β https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html
GTIG says 550+ threat groups used it this month to hide espionage, cybercrime, and password-spray attacks by routing traffic through hijacked home devices worldwide.
π Read β https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html
π10π₯7π1
π¨ SolarWinds patches unauthenticated RCE paths β https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html
Four critical Web Help Desk bugs let attackers skip login, run code.
Deserialization + auth bypass chained. Update closes it.
Four critical Web Help Desk bugs let attackers skip login, run code.
Deserialization + auth bypass chained. Update closes it.
π₯5π4π2
π¨ Fake ChatGPT Chrome add-on stole 459+ API keys: https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#:~:text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts
Keys sent to Telegram after logout or chat delete.
Hidden Google access raised the real stakes.
Keys sent to Telegram after logout or chat delete.
Hidden Google access raised the real stakes.
π10π5π±4
ππ‘οΈ Poor threat intel drives downtime and analyst burnout in modern SOCs.
Fresh, validated feeds shorten MTTD/MTTR and reduce false positives at scale.
Full details: https://thehackernews.com/2026/01/3-decisions-cisos-need-to-make-to.html
Fresh, validated feeds shorten MTTD/MTTR and reduce false positives at scale.
Full details: https://thehackernews.com/2026/01/3-decisions-cisos-need-to-make-to.html
π8
π₯ This weekβs ThreatsDay tracks exploits, ransomware trends, crypto laundering, and phishing operations.
Patterns point to scale and repetition, not one-off incidents, across platforms teams already trust.
Full details β‘οΈ https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html
Patterns point to scale and repetition, not one-off incidents, across platforms teams already trust.
Full details β‘οΈ https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html
π₯7
π Too many security tools. Not enough visibility.
If your asset inventory lives in spreadsheets π, alerts lack context π¨, and remediation drags on β³, CTEM might be overdue.
This CTEM Readiness Checklist highlights 8 signs itβs time to move from firefighting to prevention with Axonius as the foundation for complete asset intelligence.
Worth a quick read if exposure management is on your radar π β https://thn.news/ctem-readiness-checklist
If your asset inventory lives in spreadsheets π, alerts lack context π¨, and remediation drags on β³, CTEM might be overdue.
This CTEM Readiness Checklist highlights 8 signs itβs time to move from firefighting to prevention with Axonius as the foundation for complete asset intelligence.
Worth a quick read if exposure management is on your radar π β https://thn.news/ctem-readiness-checklist
π2
π‘οΈ OMICRON uncovers widespread OT vulnerabilities in substations and power plants.
Most issues surfaced within 30 minutes, showing systemic visibility and governance failures.
Detection at network level is now baseline, not optional.
Full details: https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html
Most issues surfaced within 30 minutes, showing systemic visibility and governance failures.
Detection at network level is now baseline, not optional.
Full details: https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html
π3
β οΈ Researchers map 175K publicly exposed Ollama LLM servers worldwide.
Tool-calling turns exposed AI into a highest-severity execution risk.
Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html
Tool-calling turns exposed AI into a highest-severity execution risk.
Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html
π₯7