BEWARE! Malicious Chrome extensions have slipped past the Web Store, stealing session cookies and enabling full account takeover in HR/ERP platforms.

BEWARE! Researchers have turned the tables on StealC operators by exploiting an XSS flaw in their web‑based control panel, exposing active attacker sessions.

ALERT! A critical FortiSIEM vulnerability is being actively exploited. Public proof‑of‑concept code is circulating, putting Fortinet’s SIEM at risk. Stay tuned for mitigation steps.

🚨 Critical alert! A brand‑new zero‑day (CVE‑2026‑21858) lets attackers take full control of n8n workflow servers. CVSS 10.0, ~100k instances worldwide at risk. #CyberSecurity #ZeroDay

🚨 320K records exposed! Monroe University breach leaks personal, financial & health data of students & staff. #DataBreach https://t.co/lxRpIFtxFu

🚨 Zero‑day alert! A critical RCE bug in Gogs has been weaponized against U.S. federal systems. @CISA just ordered agencies to patch it ASAP. #CyberThreat #ZeroDay

🚨 Breaking: Instagram just patched a bug that let threat actors mass‑request password‑reset emails, potentially exposing data from >17 M accounts. #InstagramLeak #InfoSec

Trend Micro released build 7190 fixing this and two other high-severity DoS issues. Review remote-access policies and upgrade ASAP. Have you applied the patch yet? Visit https://t.co/oacqxvQsa8 #InfoSec #PatchManagement #CyberDefense

The bug affects all on-prem builds before 7190. Exploit works by sending a crafted network message that makes the service blindly load any DLL - no login needed.

🚨 Breaking: Trend Micro's Apex Central management tool has a 9.8-rated LoadLibraryEX flaw. An unauthenticated attacker can force the server to load a malicious DLL and execute code as SYSTEM.

Lesson: regularly audit permissions, enforce encryption‑at‑rest, apply least‑privilege, and have an incident‑response plan ready. Have you hardened your own data stores? Share your steps below! https://t.co/oacqxvQsa8 #Privacy

What was exposed? Names, Social Security numbers, medical diagnoses, Medicaid info – all stored in an unsecured bucket. No encryption, no access controls. This shows why cloud config checks are non‑negotiable. #InfoSec

🔒 Breaking: The Illinois Dept. of Human Services accidentally exposed personal & health data of ~700,000 residents after a privacy‑setting error. A single mis‑config can leak a state’s most sensitive records. #DataBreach

By stealing config files and the secret key, attackers can forge admin cookies and run OS commands via the Execute Command node – a full system takeover.

The bug stems from content‑type confusion in formWebhook: a JSON POST can trick the parser into treating a 'files' section as a path, enabling arbitrary file reads.

🚨 Critical n8n RCE flaw uncovered! CVE‑2026‑21858 lets unauthenticated attackers hijack your workflow automation platform.

🛡️ Got Veeam? Verify your version, enable auto‑updates, and test restore procedures. Got questions? Drop a reply! #CyberSecurity #InfoSec #Veeam https://t.co/IZbrECEVlu

The bug lets threat actors run arbitrary code on your backup servers, risking data theft or ransomware. Veeam rolled out patches on Jan 7 2026 – apply them now!

🚨 New Veeam RCE alert! Critical remote‑code‑execution flaw in Veeam Backup & Replication could let attackers hijack your backups. Are you patched?

Yikes, Major #Pornhub data breach hits, exposing millions of user accounts. Sensitive personal details, including private browsing habits, were compromised. Pornhub says "This was not a breach of Pornhub Premium’s systems. Passwords, payment details and financial information