Cybernews

Malicious campaign targeting vulnerable OpenWebUI servers: technical analysis

During an investigation into exposed OpenWebUI servers, the Cybernews research team identified a malicious campaign targeting vulnerable OpenWebUI servers with cryptocurrency miners and Info Stealers.
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
winbuzzer.com

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

Multi-factor authentication stops the majority of attacks, but adversary-in-the-middle phishing kits have emerged to steal session tokens and bypass even valid MFA challenges. Microsoft’s new Entra ...

Fake job applications pack malware that kills EDR before stealing data

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines. The operation ...
Windows Central

Microsoft just made a command line version of the Microsoft Store for Windows 11 — install and update your apps without a GUI

Microsoft has announced the Store CLI, a command-line interface for managing and installing Windows apps from the Microsoft Store. It's similar to WinGet, except the Store CLI only works for apps that ...
Windows Central

You can now chat with Microsoft Copilot while setting up your Windows 11 PC for the first time

A new demo experience lets users try Copilot for the first time before ever hitting the desktop, during the out of box setup experience on Windows 11. When you purchase through links on our site, we ...
GeekWire

Amazon CEO Andy Jassy defends $200B spending plan: ‘This isn’t some sort of quixotic top-line grab’

Amazon Web Services has accelerated its growth mode thanks in part to AI demand. (GeekWire File Photo / Todd Bishop) Amazon Web Services revenue grew at its fastest pace in more than three years, up ...
Morningstar

Pillar Security Discovered Critical Flaw in n8n Exposing Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

Pillar Security discovers two critical vulnerabilities (CVSS 10.0) in popular workflow automation platform affecting hundreds of thousands of deployments – enabling attackers to decrypt stored ...
Infosecurity-magazine.com

Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

Researchers at Pillar Security have found two maximum severity vulnerabilities (CVSS score of 10.0) in n8n, a popular open-source workflow automation platform powering hundreds of thousands of ...
CSOonline

From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

AI-assisted attackers weaponized exposed credentials and permissive roles to move from initial access to full AWS admin control in minutes. Threat actors tore through an Amazon Web Services ...
Neowin

Microsoft has a solid reason for you to install the latest Windows 11 update

The latest Windows 11 update is an optional one, but Microsoft has a few solid reasons for you to pull the trigger and install it right now. On January 30, 2026, Microsoft released KB5074105, the ...