#ios

Another day, another trove of login credentials in plain text found online.

## Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. ## Affected Products - **Product**: Dragonfly - **Component**: Manager (REST API) - **Affected Versions**: v2.x (based on source code analysis, including v2.4.0) - **Affected Endpoints**: `/api/v1/jobs` ## Vulnerability Details ### Description Dragonfly Manager's Job API endpoints (`/api/v1/jobs`) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with access to the Manager API to perform the following operations: 1. **List all jobs** (GET `/api/v1/jobs`) 2. **Create new jobs** (POST `/api/v1/jobs`) 3. **Query job details** (GET `/api/v1/jobs/:id`) 4. **Modify jobs** (PATCH `/api/v1/jobs/:id`) 5. **Delete jobs** (DELETE `/api/v1/jobs/:id`) ### Technical Root...

That LinkedIn message pretending to be job offer could just be malwre.

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from

### Summary Context race condition when using `useGraphQLModules` plugin ### Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the service when the context is injected via @ExecutionContext() and graphql-modules are used in Yoga with `useGraphQLModules(application)`. This issue was fixed in `graphql-modules` in `2.4.1` and `3.1.1` but using `useGraphQLModules` will bypass the `async_hooks` fix that was implemented. ### PoC Create the following `package.json` and run `npm i` ```json { "name": "poc", "scripts": { "compile": "tsc", "start": "npm run compile && node ./dist/src/index.js", "test": "npm run compile && node ./dist/test/bleedtest.js" }, "dependencies": { "@envelop/graphql-modules": "^9.0.0", "graphql-yoga": "^5.0.0", "graphql": "^16.10.0", "graphql-modules": "3.1.1...

Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice.

Google-owned AdMob allegedly collected kids' data for ads without parental consent—including IP addresses, usage data, and exact locations.

Alisa Viejo, United States, 20th January 2026, CyberNewsWire

The systems running an organization's infrastructure and applications are interconnected, creating an environment of controlled chaos where events in one area can ripple unpredictably through others. Red Hat Ansible Automation Platform features Event-Driven Ansible as an automation mechanism for reacting to these ripples. Event-Driven Ansible listens to external event or alert sources so you can design automated responses for these events, enabling faster response to problems with consistency and accuracy. A foundational use case that can be used almost anywhere to provide a great deal of valu

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility