The Friday Wrap up
@thefwu.com
Your daily, and weekly, cybersecurity digest. I curate and categorize the day's and week's top security incidents, vulnerabilities, and threats. Essential intelligence without the overwhelm.
A significant botnet, a new Microsoft Office zero-day vulnerability, and other security updates are shaping the cybersecurity landscape. Staying informed is crucial to understanding these evolving threats. #CybersecurityUpdate
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.
thehackernews.com
February 3, 2026 at 2:05 PM
A significant botnet, a new Microsoft Office zero-day vulnerability, and other security updates are shaping the cybersecurity landscape. Staying informed is crucial to understanding these evolving threats. #CybersecurityUpdate
Mozilla is adding a setting in Firefox that lets users disable all AI features, giving more control and privacy over browser use. A clear step for those who prefer tech without artificial intelligence built in. #PrivacyControl
Mozilla announces switch to disable all Firefox AI features
In response to user feedback on AI integration, Mozilla announced today that the next Firefox release will let users disable AI features entirely or manage them individually.
www.bleepingcomputer.com
February 3, 2026 at 11:05 AM
Mozilla is adding a setting in Firefox that lets users disable all AI features, giving more control and privacy over browser use. A clear step for those who prefer tech without artificial intelligence built in. #PrivacyControl
Researchers have discovered Chrome extensions stealing user data. This highlights ongoing privacy risks and the importance of vigilance in protecting personal information online. #CybersecurityThreats
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Experts uncovered malicious Chrome extensions that replace affiliate links, exfiltrate data, and steal ChatGPT authentication tokens from users.
thehackernews.com
February 2, 2026 at 2:05 PM
Researchers have discovered Chrome extensions stealing user data. This highlights ongoing privacy risks and the importance of vigilance in protecting personal information online. #CybersecurityThreats
Crypto wallets saw a record $1.58B in illegal funds last year, mostly from scams and stolen crypto—highlighting growing risks in digital finance. More funds now flow into illicit wallets despite efforts to block them. #CyberCrimeTrends
Crypto wallets received a record $158 billion in illicit funds last year
Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024.
www.bleepingcomputer.com
February 2, 2026 at 11:05 AM
Crypto wallets saw a record $1.58B in illegal funds last year, mostly from scams and stolen crypto—highlighting growing risks in digital finance. More funds now flow into illicit wallets despite efforts to block them. #CyberCrimeTrends
FWU: Dating apps breached, 1.5M devs hit by malicious VS Code extensions, Ivanti zero-days exploited, 175K exposed AI servers found, shadow AI everywhere. Another week in cybersecurity! 🔐 #FWU #fridaywrapup #CyberSecurity
Friday Wrap Up: 30 January 2025
Another week, another avalanche of cyber chaos!
open.substack.com
January 30, 2026 at 8:00 PM
FWU: Dating apps breached, 1.5M devs hit by malicious VS Code extensions, Ivanti zero-days exploited, 175K exposed AI servers found, shadow AI everywhere. Another week in cybersecurity! 🔐 #FWU #fridaywrapup #CyberSecurity
New security threats revealed: remote code execution vulnerabilities and darknet developments require regular updates and strong defenses. Stay informed to keep safe. #CybersecurityInsights
thehackernews.com
January 30, 2026 at 2:05 PM
New security threats revealed: remote code execution vulnerabilities and darknet developments require regular updates and strong defenses. Stay informed to keep safe. #CybersecurityInsights
A data breach at Match Group exposed sensitive info from popular dating apps like Tinder, Hinge, OkCupid, and Match, linked to a third-party vendor. The incident highlights the risks of external partnerships in data security. #databreach
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data.
www.bleepingcomputer.com
January 30, 2026 at 11:05 AM
A data breach at Match Group exposed sensitive info from popular dating apps like Tinder, Hinge, OkCupid, and Match, linked to a third-party vendor. The incident highlights the risks of external partnerships in data security. #databreach
A significant vulnerability in the vm2 JavaScript library affects Node.js, allowing attackers to bypass sandbox protections and execute malicious code. It is crucial for tech systems relying on Node.js to address this issue. #CybersecurityAlert
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
thehackernews.com
January 29, 2026 at 2:05 PM
A significant vulnerability in the vm2 JavaScript library affects Node.js, allowing attackers to bypass sandbox protections and execute malicious code. It is crucial for tech systems relying on Node.js to address this issue. #CybersecurityAlert
A new flaw in the n8n workflow tool lets attackers break out of its sandbox, potentially taking full remote control of affected systems. This vulnerability highlights risks in low-code tools when security controls are bypassed. #CyberSecurityRisk
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
www.bleepingcomputer.com
January 29, 2026 at 11:05 AM
A new flaw in the n8n workflow tool lets attackers break out of its sandbox, potentially taking full remote control of affected systems. This vulnerability highlights risks in low-code tools when security controls are bypassed. #CyberSecurityRisk
Cybersecurity alert: fake browser updates are tricking users into downloading malware in ClickFix attacks. These threats highlight the importance of careful online navigation and staying informed for safety. #CyberSafety
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
thehackernews.com
January 28, 2026 at 2:05 PM
Cybersecurity alert: fake browser updates are tricking users into downloading malware in ClickFix attacks. These threats highlight the importance of careful online navigation and staying informed for safety. #CyberSafety
Nike is looking into a potential data breach after a hacker group leaked internal files, claiming a successful cyberattack. It's part of a growing trend of ransomware gangs targeting big companies. #CyberSecurity
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.
www.bleepingcomputer.com
January 28, 2026 at 11:05 AM
Nike is looking into a potential data breach after a hacker group leaked internal files, claiming a successful cyberattack. It's part of a growing trend of ransomware gangs targeting big companies. #CyberSecurity
Firewall flaws highlight security risks, AI generate harmful malware, and enterprises face evolving threats. Stay informed to protect your digital world.
#CybersecurityUpdates
#CybersecurityUpdates
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you need to track this week.
thehackernews.com
January 27, 2026 at 2:05 PM
Firewall flaws highlight security risks, AI generate harmful malware, and enterprises face evolving threats. Stay informed to protect your digital world.
#CybersecurityUpdates
#CybersecurityUpdates
Microsoft fixed a serious Office security flaw hackers were already using. This zero-day bug let attackers run harmful code through documents. Updating your software is key to staying protected.
#CyberSecurityNews
#CyberSecurityNews
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks.
www.bleepingcomputer.com
January 27, 2026 at 11:05 AM
Microsoft fixed a serious Office security flaw hackers were already using. This zero-day bug let attackers run harmful code through documents. Updating your software is key to staying protected.
#CyberSecurityNews
#CyberSecurityNews
CISA updated its Known Exploited Vulnerabilities catalog with four critical flaws. This highlights the need for heightened vigilance and patching to boost cybersecurity defenses. #CyberAwareness
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
CISA added four actively exploited vulnerabilities to its KEV catalog, urging U.S. federal agencies to apply fixes by February 12, 2026.
thehackernews.com
January 26, 2026 at 2:05 PM
CISA updated its Known Exploited Vulnerabilities catalog with four critical flaws. This highlights the need for heightened vigilance and patching to boost cybersecurity defenses. #CyberAwareness
CISA warns that hackers are actively exploiting four major security flaws in enterprise software, posing serious risks to businesses. These bugs affect widely used tools, making timely updates critical. #CyberSecurityAlert
CISA confirms active exploitation of four enterprise software bugs
The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling...
www.bleepingcomputer.com
January 26, 2026 at 11:05 AM
CISA warns that hackers are actively exploiting four major security flaws in enterprise software, posing serious risks to businesses. These bugs affect widely used tools, making timely updates critical. #CyberSecurityAlert
Google Pixel faces a zero-click vulnerability, allowing attackers to take control without user interaction. This highlights the need for updated cybersecurity defenses in modern devices. #CyberSecurityAlert
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Weekly cybersecurity bulletin tracking how routine systems are being quietly misused across platforms, infrastructure, and services.
thehackernews.com
January 23, 2026 at 2:05 PM
Google Pixel faces a zero-click vulnerability, allowing attackers to take control without user interaction. This highlights the need for updated cybersecurity defenses in modern devices. #CyberSecurityAlert
Hackers are exploiting a critical flaw in SmarterMail that lets them skip login checks and take over admin accounts. This serious bug is now being abused in real attacks. #CyberSecurityAlert
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords.
www.bleepingcomputer.com
January 23, 2026 at 11:05 AM
Hackers are exploiting a critical flaw in SmarterMail that lets them skip login checks and take over admin accounts. This serious bug is now being abused in real attacks. #CyberSecurityAlert
Zoom and GitLab rolled out security updates to fix vulnerabilities related to encryption and authentication. Staying updated with the latest security patches is crucial to protect sensitive information. #CyberSecurityUpdates
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom patched a critical CVE-2026-22844 RCE flaw in Node MMRs, while GitLab fixed DoS and 2FA bypass vulnerabilities affecting CE and EE versions.
thehackernews.com
January 22, 2026 at 2:05 PM
Zoom and GitLab rolled out security updates to fix vulnerabilities related to encryption and authentication. Staying updated with the latest security patches is crucial to protect sensitive information. #CyberSecurityUpdates
Fortinet admins say their firewalls are getting hacked even after patching a severe flaw. Experts warn attacks may exploit older breaches or compromised admin creds. Stay alert—patching alone may not be enough. #cybersecurity
Fortinet admins report patched FortiGate firewalls getting hacked
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls.
www.bleepingcomputer.com
January 22, 2026 at 11:05 AM
Fortinet admins say their firewalls are getting hacked even after patching a severe flaw. Experts warn attacks may exploit older breaches or compromised admin creds. Stay alert—patching alone may not be enough. #cybersecurity
Flaws in Anthropic's MCP Git server can expose sensitive data. Key issues include access control gaps and inadequate patching. Understanding these flaws is crucial for securing your systems. #CyberSecurityAlert
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some cases, lead to RCE.
thehackernews.com
January 21, 2026 at 2:05 PM
Flaws in Anthropic's MCP Git server can expose sensitive data. Key issues include access control gaps and inadequate patching. Understanding these flaws is crucial for securing your systems. #CyberSecurityAlert
The EU is planning stricter cybersecurity rules to limit foreign “high-risk” tech suppliers, aiming to better protect critical infrastructure from cyber threats and geopolitical risks. #CyberSecurityEurope
EU plans cybersecurity overhaul to block foreign high-risk suppliers
The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and...
www.bleepingcomputer.com
January 21, 2026 at 11:05 AM
The EU is planning stricter cybersecurity rules to limit foreign “high-risk” tech suppliers, aiming to better protect critical infrastructure from cyber threats and geopolitical risks. #CyberSecurityEurope
Discover key cybersecurity issues: Fortinet vulnerabilities, RedLine Stealer threats, and major cyber incidents shaping 2026. Gain insights into prevention and response strategies. #CyberInsights
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
This week’s recap unpacks how evolving exploits, malware frameworks, and cloud missteps are reshaping modern cyber defense and exposing new weak point
thehackernews.com
January 20, 2026 at 2:05 PM
Discover key cybersecurity issues: Fortinet vulnerabilities, RedLine Stealer threats, and major cyber incidents shaping 2026. Gain insights into prevention and response strategies. #CyberInsights
Russian-linked hacktivists are actively targeting UK infrastructure with cyberattacks, prompting government warnings. These attacks aim to disrupt services rather than steal data, raising risks for critical systems. #CyberThreats
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive...
www.bleepingcomputer.com
January 20, 2026 at 11:05 AM
Russian-linked hacktivists are actively targeting UK infrastructure with cyberattacks, prompting government warnings. These attacks aim to disrupt services rather than steal data, raising risks for critical systems. #CyberThreats
This week: Wi-Fi crashes with 1 packet, Chrome extensions fake HR portals, GootLoader hides in 1000 ZIP files, & 2 missing chars nearly killed AWS. Cybercrime runs tighter ops than most IT depts. Patch everything. 🛡️ #CyberSecurity #InfoSec #FWU
Friday Wrap Up: 16 January 2025
🎢 This week’s cybersecurity rollercoaster: where Wi-Fi crashes with one packet, Chrome extensions cosplay as your HR portal, and ZIP files contain more layers than a lasagna made by someone with…
open.substack.com
January 16, 2026 at 8:00 PM
This week: Wi-Fi crashes with 1 packet, Chrome extensions fake HR portals, GootLoader hides in 1000 ZIP files, & 2 missing chars nearly killed AWS. Cybercrime runs tighter ops than most IT depts. Patch everything. 🛡️ #CyberSecurity #InfoSec #FWU
China-linked hackers used a hidden flaw in Sitecore software to break into systems and launch more attacks. This zero-day flaw gave them early access that’s hard to detect. #CyberSecurity
China-linked hackers exploited Sitecore zero-day for initial access
An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day...
www.bleepingcomputer.com
January 16, 2026 at 7:51 PM
China-linked hackers used a hidden flaw in Sitecore software to break into systems and launch more attacks. This zero-day flaw gave them early access that’s hard to detect. #CyberSecurity