Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 20, 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked as CVE‑2026‑21962. An unauthenticated remote threat actor can exploit this flaw to gain unauthorized creation, deletion, or modification access to critical data. The issue stems from improper handling of incoming requests by the WebLogic Server Proxy Plug‑ins for Apache HTTP Server and Microsoft IIS.

Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports. QR code phishing (quishing) is already more difficult to detect, since these codes deliver links without a visible URL. Attackers are now using QR codes with colors, shapes, and logos woven into the code’s pattern. “Fancy QR codes further complicate detection,” Help Net Security says. “Their layouts no longer resemble the familiar black and white grid.

For many organizations, the network has quietly become one of the biggest barriers to growth. It is the almost invisible nervous system of the enterprise, yet when it fails or becomes overly complex, it is the only thing anyone talks about. As projects expand, offices multiply, and cloud adoption accelerates; IT teams are finding the network is an increasingly difficult piece of the puzzle, and hard to control.

If you received an unexpected password reset email from Instagram at the beginning of January 2026, you’re not alone. In early January, many Instagram users reported receiving password reset emails they did not request. This appears to have been the result of Instagram’s password reset functionality, resulting in widespread confusion about the legitimacy of those messages.

AI adoption has accelerated across sectors today as the technology becomes easier to access and deploy. Most organizations embed it in at least one aspect of their daily operations, but doing so has also introduced new risks, such as model bias and outcome drift. ‍ There’s a growing gap between AI use and responsible oversight, and keeping up demonstrable AI governance practices is a challenge.

Despite cybersecurity representing a strategic and even existential risk to organizations today, stakeholder transparency and a strategic vision to manage it are often lacking. Too frequently, transparency is achieved only after a significant security incident. This is a problem.

Managed Detection and Response (MDR) is a security service that has become a cornerstone of modern cybersecurity strategies. It’s designed to provide 24/7 threat monitoring, detection, and response capabilities, especially for organizations that lack the resources for an in-house security operations center (SOC). But while many have heard of MDR, there are still some common misconceptions and little-known facts about this powerful service.

In the dynamic digital landscape of 2026, technology alone is no longer the impenetrable shield it once promised to be. The most sophisticated firewalls and advanced threat detection systems can be rendered obsolete by a single, well-executed human exploit. This reality underscores a critical shift: the paramount importance of security culture.

Small business (SMB) cybersecurity has never been simple, but it’s become even more complex in recent years. Today’s businesses have to deal with an ever-growing number of apps and tools to secure, and this complexity is naturally going to be far harder for small teams to manage. Particularly for very small businesses.

A critical vulnerability in Langflow’s code validation mechanism allows unauthenticated attackers to execute arbitrary Python code on exposed systems. Tracked as CVE-2025-3248, the vulnerability resides in a publicly accessible API endpoint and affects all Langflow versions prior to 1.3.0. Active exploitation has been confirmed, with attackers using the vulnerability to deploy malware and onboard compromised systems into botnet infrastructure.