N2K

Need 2 Know

Ho ho ho! December’s Patch Tuesday delivers three zero-days

January 2, 2026

Credit: Clint Patterson / Unsplash

Chinese Supercomputer Allegedly Hacked, 10 Petabytes of Data Stolen

Data has allegedly been stolen from a state-run Chinese supercomputer.

Baltimore Security Guards On Strike

Baltimore security guards are participating in a strike.

Iranian-Linked Cyber Actors Target US Critical Infrastructure, Security Leaders Respond

algerj@bnpmedia.com (Jordyn Alger)

CISA warns that Iranian-connected cyber actors are focusing U.S. critical infrastructure.

LAPD Records Hacked and Exposed

A data breach has lead to the exposure of sensitive LAPD records.

Ransomware Response: How Businesses Regain Control Under Pressure

You can’t control when ransomware attacks happen, but you can control how you respond.

Healthcare Executives Face a New Era of Personal Risk

Protecting executives’ digital and physical environments is no longer optional.

New Trump Administration Budget Cuts $707M from CISA Funding

algerj@bnpmedia.com (Jordyn Alger)

The White House plans to cut $707M from CISA funding.

Breach of FBI Surveillance System Considered a “Major Incident,” Security Experts Weigh In

algerj@bnpmedia.com (Jordyn Alger)

Security leaders discuss this breach and share insights.

Physical Security in Global Arenas: How AI Improves Security at Scale

Transforming physical security from passive surveillance to proactive prevention.

World Cloud Security Day: Breaking Down the State of Cloud Cybersecurity and Physical Security

algerj@bnpmedia.com (Jordyn Alger)

A snapshot of the state of the cloud in cybersecurity and physical security.

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

info@thehackernews.com (The Hacker News)

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

info@thehackernews.com (The Hacker News)

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

info@thehackernews.com (The Hacker News)

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

info@thehackernews.com (The Hacker News)

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

info@thehackernews.com (The Hacker News)

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in

The Hidden Security Risks of Shadow AI in Enterprises

info@thehackernews.com (The Hacker News)

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

info@thehackernews.com (The Hacker News)

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf") first appeared on the VirusTotal platform on November 28, 2025. A second

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

info@thehackernews.com (The Hacker News)

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices," Darktrace said in a new report.

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures. "Built for

Microsoft starts removing Copilot buttons from Windows 11 apps

Microsoft is starting to remove "unnecessary" Copilot buttons from its Windows 11 apps. In the latest version of the Notepad app for Windows Insiders, Microsoft has removed the Copilot button in favor of a "writing tools" menu. The Copilot button in the Snipping Tool app also no longer appears when you select an area to […]

ChatGPT has a new $100 per month Pro subscription

OpenAI has announced a new version of its ChatGPT Pro subscription that costs $100 per month. The new Pro tier offers "5x more" usage of its Codex coding tool than the $20 per month Plus subscription and "is best for longer, high-effort Codex sessions," OpenAI says. The company is introducing the new tier as it […]

Here are the best Apple Watch deals available right now

In September, Apple launched its latest batch of smartwatches, including the Apple Watch Series 11, the SE 3, and the Ultra 3. Each has its own pros and cons, but the introduction of Apple’s newest wearables also means there are now more Apple Watch models on the market than ever before — and a lot […]

Florida launches investigation into OpenAI

Florida Attorney General James Uthmeier is launching an investigation into OpenAI over public safety and national security risks, as reported earlier by Reuters. In a statement on Thursday, Uthmeier says there are concerns that OpenAI's data and technology are "falling into the hands of America's enemies, such as the Chinese Communist Party." Uthmeier also says […]

The EFF is quitting X

Stevie Bonifield

The digital privacy nonprofit Electronic Frontier Foundation will no longer be posting on X as of Thursday, largely due to a sharp decline in views on the platform over the past several years. In a blog post announcing the departure, EFF's social media and video manager Kenyatta Thomas explained that the nonprofit used to get […]

John Deere will pay farmers $99 million over right-to-repair lawsuit

John Deere has agreed to pay farmers $99 million to resolve a class action lawsuit that accused the agricultural giant of preventing farmers and mechanics from accessing the materials needed to repair equipment, as reported earlier by Reuters. As part of the proposed settlement, John Deere says it will make repair resources available for a […]

Samsung’s Galaxy Watch 8 is easier to recommend now it starts at $260

Samsung’s Galaxy Watch 8 is one of the best Android smartwatches you can buy right now, especially if you’re already using a Samsung phone. Right now the 40mm, Bluetooth-enabled version’s on sale for $289.99 ($60 off) at Amazon, Best Buy, and Samsung, which is its second-best price this year and only $50 shy of its […]

NASA’s Artemis II mission to fly around the far side of the Moon

Humans haven’t set foot on the Moon since NASA’s Apollo 17 mission in 1972. Now, the space agency is racing to get back to the lunar surface under the umbrella of its Artemis program — a nod to the Greek goddess and twin sister of Apollo, whose name was given to NASA’s first program to […]

Instagram now lets you edit your own comments

If you make a mistake in an Instagram comment, you can now finally fix it without having to delete the comment and make it again. On Thursday, Instagram announced that users can now edit their comments within 15 minutes of posting them, which should hopefully give you ample time to clean up any errors. You […]

Netflix’s TV games get a big boost with Jackbox collection

Netflix's party-focused lineup of TV games just got three excellent new additions: Jackbox's Drawful 2, Fibbage 4, and Quiplash 3, available as the Jackbox Party Essentials pack on the platform. Subscribers can access Jackbox Party Essentials at no additional cost and use their phones as controllers to play. The Jackbox bundle seems like a natural […]

PO Box 1793 , Brenham, TX 77834

300 W Blue Bell Rd. , Brenham, TX 77833

CONTACT US

Brenham, TX

979-830-1292

mail@gosscom.com

Share by: