BuzzSec

from Human Risk Management Blog https://blog.knowbe4.com/cyberheistnews-vol-16-04-the-skeleton-key-how-attackers-weaponize-trusted-rmm-tools-for-backdoor-access

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure. Which exposures truly matter? Can attackers exploit them? Are our defenses effective? Continuous Threat Exposure from The Hacker News https://thehackernews.com/2026/01/ctem-in-practice-prioritization.html

The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing the crime found security camera footage showing a man on a cell phone near the credit union that was robbed and asked Google to produce anonymized location data near the robbery site so they could determine who committed the crime. They did so, providing police with subscriber data for three people, one of whom was Chatrie. Police then searched Chatrie’s home and allegedly surfaced a gun, almost $100,000 in cash and incriminating notes. Chatrie’s appeal challenges the constitutionality of geofence warrants, arguing that they violate individuals’ Fourth Amendment rights protecting against unreasonable searches. from Schneier on Security https://www.schneier.com/blog/archives/2026/01/th...

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro from The Hacker News https://thehackernews.com/2026/01/china-linked-hackers-have-used.html

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. "Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized from The Hacker News https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html

John Malone // Introduction Information is power. This sentiment also holds true when discussing the creation of a supporting archive. A supporting archive is something that we put together to […] The post Six Tips for Managing Penetration Test Data Copy appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/six-tips-for-managing-penetration-test-data-2/