Cybersecurity News, Insights and Analysis

New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data

The attack bypassed Copilot’s data leak protections and allowed for session exfiltration even after the Copilot chat was closed.

Central Maine Healthcare Data Breach Impacts 145,000 Individuals

Hackers stole patients’ personal, treatment, and health insurance information from the hospital’s IT systems.

VoidLink Linux Malware Framework Targets Cloud Environments

Designed for long-term access, the framework targets cloud and container environments with loaders, implants, and rootkits.

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact

Only a dozen new advisories have been published this Patch Tuesday by industrial giants.

Traveler Information Stolen in Eurail Data Breach

Hackers stole the personal and reservation information of people with a Eurail pass and those who made a seat reservation with the company.

Aikido Security Raises $60 Million at $1 Billion Valuation

The developer security company has raised a total of more than $84 million in funding.

Investor Lawsuit Over CrowdStrike Outage Dismissed

A judge has ruled that the plaintiffs failed to demonstrate intent to defraud investors.

RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement

RedVDS enables threat actors to set up servers that can be used for phishing, BEC attacks, account takeover, and fraud.

Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits

The Predator spyware is more sophisticated and dangerous than previously realized.

Novee Emerges From Stealth With $51.5 Million in Funding

Novee provides continuous AI-driven penetration testing to uncover and address novel vulnerabilities.

WitnessAI Raises $58 Million for AI Security Platform

The company will use the fresh investment to accelerate its global go-to-market and product expansion.

Robo-Advisor Betterment Discloses Data Breach

A threat actor breached Betterment’s systems, accessed customer information, and sent scam crypto-related messages.

RunSafe Security has appointed Bob Lyle as Chief Revenue Officer.

Ryan Hauptman has joined software supply chain security provider NetRise as VP Federal Sales.

HUB Cyber Security has appointed Limor Zur‑Stoller as Chief Financial Officer.

SecurityBridge has appointed Jesper Zerlang as Chief Executive Officer.

1Password has appointed former AWS executive Nancy Wang as Chief Technology Officer (CTO).

More People On The Move

RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement

RedVDS enables threat actors to set up servers that can be used for phishing, BEC attacks, account takeover, and fraud.

Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits

The Predator spyware is more sophisticated and dangerous than previously realized.

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.

CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million

News of the move to acquire Seraphic comes less than a week after CrowdStrike announced an agreement to acquire identity security startup SGNL for $740 million.

Cyber Insights 2026: External Attack Surface Management

AI will assist companies in finding their external attack surface, but it will also assist bad actors in locating and attacking the weak points.

Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF

Ransomware remains the biggest concern for CISOs in 2026, according to WEF’s Global Cybersecurity Outlook 2026 report.

Rethinking Security for Agentic AI

When software can think and act on its own, security strategies must shift from static policy enforcement to real-time behavioral governance.

Etay Maor Read more

The Loudest Voices in Security Often Have the Least to Lose

Security advice fails when it comes from those who don’t bear the consequences and won’t be responsible for making it work.

Joshua Goldfarb Read more

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses

We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound.

Steve Durbin Read more

Rising Tides: When Cybersecurity Becomes Personal – Inside the Work of an OSINT Investigator

Shannon Miller shares her approach to creating domestic safety and a call to the cyber community to help reduce harm.

Jennifer Leggio Read more

Five Cybersecurity Predictions for 2026: Identity, AI, and the Collapse of Perimeter Thinking

The perimeter is gone. Credentials are no longer sufficient. And security can no longer rely on static controls in a dynamic threat environment.

Torsten George Read more

More Expert Insights

Webinar: Why Mid-Sized Organizations Need a New Approach to Email Security

January 22, 2026

Learn how to protect your organization from 2026’s AI-driven threats by moving beyond legacy tools to adaptive, behavioral email security.

Virtual Event: Ransomware Resilience & Recovery 2026 Summit

February 25, 2026

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

SecurityWeek’s CISO Forum 2026 Outlook Series is a two-part webinar series to evaluate the year’s most pressing challenges and share critical updates shaping the 2026 security landscape.
[January 14 & 21, 2026 | Virtual]

2026 Ransomware Resilience & Recovery Summit

SecurityWeek’s 2026 Ransomware Summit is a must-attend event for cybersecurity professionals as ransomware attacks continue to hit big-name victims across industries with ruthless efficiency.
[February 25, 2026 | Virtual]

SecurityWeek’s 2026 Supply Chain Security Summit is where top security experts unpack the complexity of modern software supply chain threats and proven strategies to mitigate risk.
[March 18, 2026 | Virtual]

SecurityWeek’s 2026 Threat Detection & IR Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and more.
[May 20, 2026 | Virtual]

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact

Only a dozen new advisories have been published this Patch Tuesday by industrial giants. (January 15, 2026)

Read more
Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM

Exploitable without authentication, the two security defects could lead to configuration leak and code execution. (January 14, 2026)

Read more
Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities

The two browser updates resolve 26 security defects, including bugs that could be exploited for code execution. (January 14, 2026)

Read more
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released. (January 13, 2026)

Read more

RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement

RedVDS enables threat actors to set up servers that can be used for phishing, BEC attacks, account takeover, and fraud. (January 14, 2026)

Read more
Researchers Trap Scattered Lapsus$ Hunters in Honeypot

Using fake accounts and synthetic data to lure the hackers, the researchers gathered information on their servers. (January 6, 2026)

Read more
Cyberattack Unlikely in Communications Failure That Grounded Flights in Greece

Flights across Greece were impacted for several hours after noise was reported on multiple air traffic communication channels. (January 5, 2026)

Read more
Pro-Russian Hackers Claim Cyberattack on French Postal Service

Central computer systems at French national postal service La Poste were knocked offline Monday in DDoS attack. (December 24, 2025)

Read more