The cybercriminal group known as "The Com," which includes subgroups like "Shiny Hunters" and "Scattered Lapsus$ Hunters," is involved in significant cybercriminal activities, including data breaches and extortion.

A critical vulnerability, CVE-2025-54957, in the Dolby audio decoder has been addressed in the January 2026 Android security update. This flaw affects Dolby DD+ decoders and poses a significant risk to Android devices.

The UK Government has announced an investment of £210 million to bolster cybersecurity across its public services. This Government Cyber Action Plan aims to enhance the security of digital public services to the level of critical infrastructure.

The number of cyberattacks on Taiwan's energy sector increased by 1,000% in 2025 compared to 2024, making it the most targeted sector among nine critical infrastructure categories.

A high-severity vulnerability has been identified in Open WebUI, affecting versions 0.6.34 and older. This flaw, with a severity rating of 7.3, poses risks of account takeover and server compromise when the Direct Connections feature is enabled.

Two malicious Chrome extensions have been identified, targeting over 900,000 users by exfiltrating conversations from ChatGPT and DeepSeek. These extensions impersonate legitimate ones and request permissions to collect anonymized data.

The Columbia Weather Systems MicroServer is affected by multiple vulnerabilities that could allow attackers to redirect SSH connections, gain admin access to the web portal, and obtain limited shell access.

A critical command injection vulnerability, identified as CVE-2026-0625, has been discovered in legacy D-Link DSL routers. This flaw allows unauthenticated attackers to execute arbitrary commands remotely.

VVS Stealer is a Python-based malware targeting Discord users, employing advanced obfuscation techniques to extract sensitive data. It primarily focuses on stealing Discord tokens and browser information.

AI-powered IDEs forked from Microsoft VSCode, such as Cursor, Windsurf, Google Antigravity, and Trae, are vulnerable to "recommended extension" attacks. These IDEs recommend extensions that are not present in the OpenVSX registry.