N2K

Need 2 Know

Ho ho ho! December’s Patch Tuesday delivers three zero-days

January 2, 2026

Credit: Clint Patterson / Unsplash

Harvest Now, Decrypt Later: Preparing for the Quantum Hangover

Quantum computing will be the next major shockwave to hit cybersecurity.

How AI Could Impact Tax Season Security This Year

algerj@bnpmedia.com (Jordyn Alger)

The risks surrounding tax season are varied.

Strategies for Security Leaders in the Midst of Skill Shortages

algerj@bnpmedia.com (Jordyn Alger)

In this episode of Lock It Down with Security Magazine, Chief Security & Trust Officer Kory Daniels shares how security leaders struggling with skill shortages can make strategic tradeoffs to lessen their team’s burden.

From the Outside In: A Smarter Approach to Vendor Access

Modern access control strategies are shifting focus to vendors, contractors, and the perimeter itself.

AI-Generated Image-Based Harm Is Becoming a Security Issue — Organizations Must Prepare

AI-generated manipulated images are getting easier to create, harder to detect, and faster to distribute.

41% of Organizations Have Hired a Fake Candidate

Deepfakes are leading to fraudulent job positions and hirings.

Human-Related Security Risks Rose 90% in 2025

2025 saw a rise in AI-related security risks.

The 25 Most Vulnerable Passwords of 2026

Research reveals the most insecure passwords of 2026.

Implementing Meaningful De-Escalation Training in Your Security Program

Effective de-escalation training includes these four main focus points.

1.2M Bank Accounts Exposed in French National Bank Account Registry Breach

It is currently unknown how many accounts had data accessed and/or extracted.

Expert Recommends: Prepare for PQC Right Now

info@thehackernews.com (The Hacker News)

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The era of the cloud brought general availability of

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

info@thehackernews.com (The Hacker News)

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

info@thehackernews.com (The Hacker News)

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

info@thehackernews.com (The Hacker News)

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

info@thehackernews.com (The Hacker News)

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

info@thehackernews.com (The Hacker News)

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

info@thehackernews.com (The Hacker News)

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

Manual Processes Are Putting National Security at Risk

info@thehackernews.com (The Hacker News)

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic

We asked experts how to build a resume for the AI hiring era

With AI-backed hiring on the rise, tips for "hacking" your resume are all over social media. As job search companies increasingly rely on artificial intelligence to sort through applications, job seekers wonder how to best position themselves with those filters in mind. We decided to speak directly with job search leaders about how a resume […]

Xbox is in danger. Will Microsoft fix it or kill it?

Today, we’re talking about the future of Xbox. Phil Spencer, a two–time Decoder guest who’s led Xbox for more than a decade, retired last week. But in a shocking twist, his deputy and long-assumed successor, Sarah Bond, is also out too, and the Xbox division is now in the hands of Asha Sharma, one of […]

Anthropic gives its retired Claude AI a Substack

In January, Anthropic "retired" Claude 3 Opus, which at one time was the company's most powerful AI model. Today, it's back - and writing on Substack. The newsletter, called Claude's Corner, will give Opus 3 space to publish its "musings, insights, or creative works," Anthropic said in a blog post. The model will post weekly […]

Burger King will use AI to check if employees say ‘please’ and ‘thank you’

Burger King is launching an AI chatbot that will live in the headsets used by employees. The voice-enabled chatbot, called "Patty," is part of an overarching BK Assistant platform that will not only assist employees with meal preparation but also evaluate their interactions with customers for "friendliness." Thibault Roux, Burger King's chief digital officer, tells […]

The smart lock standard that could replace your keys is finally here

Jennifer Pattison Tuohy

Aliro has officially arrived. The smart lock standard, first announced in 2023, finally has a 1.0 spec, meaning companies can now get hardware certified and roll out support. Aliro is an open standard designed to let any smart lock be unlocked by any smartphone, regardless of manufacturer. It stores a digital key in your phone's […]

Instagram will alert parents if their kids ‘repeatedly’ search for self-harm topics

Jess Weatherbed

Starting next week, Instagram will notify parents to check on their teen searching for terms related to self-harm or suicide. Meta says a similar alert system for its AI chatbots is coming later this year. The new Instagram feature sends parents an alert when their child "repeatedly tries to search for terms clearly associated with […]

Google takes control of ‘Android of robotics’ project in quest for physical AI

Google is folding Alphabet's AI robotics "moonshot," Intrinsic, into the company after five years as an independent unit. The move marks a strategic shift as Google doubles down on physical AI and pulls experimental projects closer to its core business. Intrinsic "graduated" into an independent company inside Alphabet's Other Bets division in 2021, a portfolio […]

New York sues Valve, alleging its loot boxes are ‘quintessential gambling’

New York Attorney General Letitia James is suing Valve for "illegally promoting gambling" through the loot box systems it has built for video games like Counter-Strike 2, Team Fortress 2, and Dota 2, according to a press release. The attorney general seeks to "permanently stop Valve from promoting gambling features in its games, disgorge all […]

How the new Galaxy S26 phones compare

Samsung has just announced its new Galaxy S26 lineup, which includes the S26, S26 Plus, and S26 Ultra. While they aren't radical departures from last year's models, they bring a handful of notable upgrades. All three run on Qualcomm's Galaxy-centric Snapdragon 8 Elite Gen 5, which delivers improved performance and powers a slew of new […]

Corsair is halting Drop sales after March 25th

Cameron Faulkner

The Drop store, which was acquired by gaming gear giant Corsair in 2023, was a haven for mechanical keyboard enthusiasts and audiophiles to discover and buy hard-to-find gear - sometimes at surprisingly good prices. The company will cease sales after March 25th at 11:59PM PT, which is also the cut off to redeem Drop Rewards. […]

PO Box 1793 , Brenham, TX 77834

300 W Blue Bell Rd. , Brenham, TX 77833

CONTACT US

Brenham, TX

979-830-1292

mail@gosscom.com

Share by: