January 2026

January blues return as Ivanti coughs up exploited EPMM zero-days

Consider yourselves compromised, experts warn Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.…

Thousands more Oregon residents learn their health data was stolen in TriZetto breach

Parent company Cognizant hit with multiple lawsuits Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multiple US states.…

Java developers want container security, just not the job that comes with it

BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.…

Maybe CISA should take its own advice about insider threats hmmm?

The call is coming from inside the house opinion  Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.…

To stop crims, Google starts dismantling residential proxy network they use to hide

The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous Crims love to make it look like their traffic is actually coming from legit homes and businesses, and they do so by using residential proxy networks. Now, Google says it has "significantly degraded" what it…

AV vendor goes to war with security shop over update server scare

eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.…

Seven habits that help security teams reduce risk without slowing delivery

The right habits change everything Sponsored Post  Security teams are under pressure from every direction: supply chain threats are rising, regulatory expectations are tightening, and development cycles aren’t getting any slower. Yet for many organizations, the practical work of improving software security still comes down to the same…

ShinyHunters swipes right on 10M records in alleged dating app data grab

Extortion crew says it's found love in someone else's info as Match Group plays down the impact ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a US firm that owns some of the world's…

Patch or perish: Vulnerability exploits now dominate intrusions

Apply fixes within a few hours or face the music, say the pros What good is a fix if you don't use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of intrusions, according to the latest figures.…

Fortinet unearths another critical bug as SSO accounts borked post-patch

More work for admins on the cards as they await a full dump of fixes Things aren't over yet for Fortinet customers – the security shop has disclosed yet another critical FortiCloud SSO vulnerability.…

Copyright © 2026 Lugapel