January 2026

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution 2026-01-20 at 17:01 By A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. […]

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading 2026-01-20 at 17:01 By Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading,

Windows 11, not AI, kick-started the PC upgrade cycle 2026-01-20 at 15:44 By Carly Page Corporate IT refreshed hardware to stay supported, not chase new features If 2025 proved anything about PCs, it’s that corporate IT will upgrade hardware out of necessity long before it does so out of AI-fueled excitement.… This article is an

Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution 2026-01-20 at 15:44 By Jessica Lyons Prompt injection for the win Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files

The Hidden Risk of Orphan Accounts 2026-01-20 at 15:43 By The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go – but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persist isn’t negligence

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto 2026-01-20 at 15:43 By Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. “The malware is designed to exfiltrate

For the price of Netflix, crooks can now rent AI to run cybercrime 2026-01-20 at 14:59 By Carly Page Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices Cybercrime has entered its AI era, with criminals now using weaponized language models and deepfakes as cheap, off-the-shelf infrastructure rather than experimental

Microsoft veteran explains the one weird trick that made Windows 95 restart faster 2026-01-20 at 14:25 By Richard Speed Hold down Shift to make the magic happen (or not, as the case might be) Microsoft’s Raymond Chen has explained why holding down Shift during a Windows 95 restart would get the system up and running

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers 2026-01-20 at 14:02 By Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  “The vulnerability was rooted in how our edge network processed requests destined for

Why Secrets in JavaScript Bundles are Still Being Missed 2026-01-20 at 14:02 By Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets

Global economy shrugs off US tariff shock, tech spending does heavy lifting 2026-01-20 at 13:46 By Carly Page Wave of American-imposed tariffs failed to derail global growth, according to the IMF The global economy has proved more resilient than many expected in the wake of US tariff shocks, with the International Monetary Fund now projecting

Only KYC can stop insider trading on prediction markets, Messari says 2026-01-20 at 13:17 By Cointelegraph by Helen Partz Insider trading is hard to curb on non-KYC prediction markets, but even identity checks do not fully eliminate abuse, according to Messari’s Austin Weiler. This article is an excerpt from Cointelegraph.com News View Original Source

Bitcoin flashes buy signals as $90K becomes key support 2026-01-20 at 13:17 By Cointelegraph by Nancy Lubale Bitcoin bulls defend $90,000 as Hash Ribbons and Fear and Greed Index flash buy signals, hinting at a potential rally. This article is an excerpt from Cointelegraph.com News View Original Source

Manchester ATM ups PIN requirement to full Windows login 2026-01-20 at 13:17 By Richard Speed Definitely Maybe running Windows 7? Bork!Bork!Bork!  Just because Microsoft has ended support doesn’t mean an operating system will suddenly disappear. Take this crusty ATM running Windows 7 in the fair city of Manchester, England.… This article is an excerpt from