N2K

Need 2 Know

Ho ho ho! December’s Patch Tuesday delivers three zero-days

January 2, 2026

Credit: Clint Patterson / Unsplash

Why CISA Accepting KEV Nominations Is So Important

algerj@bnpmedia.com (Jordyn Alger)

CISA announced that it will be accepting nominations to its Known Exploited Vulnerabilities (KEV) catalog.

Cultural Fit Decides If You Will Thrive in a New Security Role

jerry@smrgroup.com (Jerry J. Brennan)

Finding the right cultural fit can be central to succeeding in a new security position.

Schools Blackmailed with Explicit AI Deepfakes of Students

Images on school websites and social media accounts are being leveraged by cybercriminals to create sexually explicit deepfakes of students.

Security Leaders Should Prepare for World Cup Scams

algerj@bnpmedia.com (Jordyn Alger)

It’s likely that cybercriminals will increase scam activity leading up to and during this event.

Strategies, Expert Insights from the 2026 Verizon DBIR

algerj@bnpmedia.com (Jordyn Alger)

The overarching theme of this year’s report is “keeping a strong foundation in the face of change.”

Financial Services, Cybersecurity and the Evolving Threat Landscape

algerj@bnpmedia.com (Jordyn Alger)

How can financial institutions manage evolving cyber threats?

GitHub Breached, Internal Repositories Exposed

GitHub experienced a cyber incident.

Credential Management in High Turnover Environments

In this episode of Lock It Down with Security Magazine, Editor-in-Chief Rachelle Blair-Frasier speaks with Frank Rojas, Business Development Manager for Hospitality and Gaming at Traka, and Dre Perkins, VP of US Strategic Key Accounts for Vingcard.

Security Leadership Has a Soundtrack

Security relies heavily on frameworks, music reminds us that leadership is also performance.

Should Customers Worry About the 7-Eleven Data Breach?

algerj@bnpmedia.com (Jordyn Alger)

Is the average 7-Eleven customer at risk from the recent data breach?

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

info@thehackernews.com (The Hacker News)

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

info@thehackernews.com (The Hacker News)

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

info@thehackernews.com (The Hacker News)

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive effort launched by the artificial intelligence (AI) company to secure critical global software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

info@thehackernews.com (The Hacker News)

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

info@thehackernews.com (The Hacker News)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. "Drupal Core

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

info@thehackernews.com (The Hacker News)

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

info@thehackernews.com (The Hacker News)

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government entities using compromised accounts. It's been

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

info@thehackernews.com (The Hacker News)

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The

Record Club is trying to be Letterboxd for music nerds

Terrence O’Brien

There isn't really a solid equivalent to Goodreads or Letterboxd for music lovers, but Record Club is aiming to change that. Yes, we have Rate Your Music, but its interface is crowded, and it feels more geared towards longer-form reviews than cataloging your listening habits and connecting with other fans. Record Club is clean and […]

The man behind the legendary MPC, Roger Linn, stays focused with a single browser tab

Terrence O’Brien

Roger Linn is a legend in the world of musical instruments. He's been at the cutting edge of music technology for decades. He created the LM-1, the first drum machine to use samples, and its successor, the LinnDrum, is one of the most iconic drum machines of all time. They were used on countless records […]

Here are 38 Memorial Day deals we recommend for $50 or less

Massive OLED TVs and Sonos speakers might be stealing the Memorial Day spotlight, but there are also plenty of great deals that won’t set you back nearly as much. In fact, some of the best discounts we’re seeing are on gadgets that retail for $50 or less, from portable chargers and 4K streaming devices to […]

Hanging out in my favorite virtual coffee shop in Tokyo

Finding a cafe that fits you can be a revelatory experience. For me at least, there are few places outside of my house that I can truly feel comfortable in. I'm lucky enough to have two options in walking distance: a coffee shop that's bright, airy, and full of art, and another that doubles as […]

I have a new go-to browser

Hi, friends! Welcome to Installer No. 129, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, come on you Gunners, and also you can read all the old editions at the Installer homepage.) This week, I've mostly been sick, which has meant nearly a full rewatch of Parks […]

Google’s new anything-to-anything AI model is wild

Allison Johnson

Last year I deepfaked my kid's stuffed animal to make it look like his plush deer was on vacation. It was an experiment to see if I could re-create the events depicted in a Gemini ad Google was running, and I never showed the videos of Buddy the deer on his adventures to my four-year-old. […]

Google’s AI search is so broken it can ‘disregard’ what you’re looking for

Google's AI Overviews are running into an interesting problem right now. Earlier on Friday, if you searched for the term "disregard," the AI Overview section would include a response like what you'd see from a more traditional AI chatbot instead of the typical AI summary, as spotted on X. As you can see in the […]

Twelve South’s AirFly Pro 2 has hit one of its best prices ahead of summer travel

With Memorial day weekend kicking off the travel season, we’re seeing a lot of deals pop up on travel gadgets, from portable power banks to noise-canceling headphones. One of the best right now is Twelve South’s AirFly Pro 2 Bluetooth adapter, which lets you use your wireless headphones with in-flight entertainment systems so you can […]

Meta’s Forum is part Reddit, part Facebook, and part Google AI Overview

Stevie Bonifield

Meta's new Forum app for iPhones takes Facebook Groups and moves them to a dedicated app with a dedicated AI chatbot to go with it, like an AI revamp of the ill-fated Groups app Facebook shut down in 2017. Rather than going to ChatGPT or tacking "Reddit" onto the end of a Google search, Forum […]

Elon, stop trying to make Grok happen

There is a harsh truth about Elon Musk's "truth-seeking" AI chatbot Grok: It's not very good, and not many people are using it. That's the takeaway of a new Reuters report, which found that Grok barely appears in federal records of how the US government used AI last year. It's not the only sign xAI's […]

PO Box 1793 , Brenham, TX 77834

300 W Blue Bell Rd. , Brenham, TX 77833

CONTACT US

Brenham, TX

979-830-1292

mail@gosscom.com

Share by: