top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #182 - January 19, 2026

AI Agents Undermine Progress in Browser Security

Source: Dark Reading

Early browser security gains are being eroded as AI agents and complex extensions increase attack surface. The piece explains how automated agents can misuse permissions, pivot via tabs, and skirt traditional controls, with practical advice to rein in extensions, harden policies, and monitor browser telemetry in business environments.




Okta SSO accounts targeted in vishing-based data theft attacks

Source: BleepingComputer

Voice phishing crews are tricking employees into visiting fake Single Sign-On pages while on the phone, letting attackers capture credentials and MFA codes in real time. The takeaway for SMBs: train staff to verify help desk calls, enforce phishing-resistant MFA like passkeys, and watch for unusual SSO access patterns.




Malicious Google Chrome Extensions Hijack Workday and Netsuite

Source: Infosecurity Magazine

Bad browser extensions impersonated tools used with Workday and NetSuite to steal logins and session tokens, putting payroll and ERP data at risk. Companies should audit enterprise extensions, blocklist risky ones, and require SSO with device posture checks. Least privilege and alerts on unusual ERP activity are key.




Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Source: The Hacker News

A flaw in ACME challenge handling could let crafted requests bypass Cloudflare’s WAF and hit origin servers. Cloudflare fixed it, but the lesson stands: never assume the edge blocks everything. Lock down direct origin access, restrict paths like .well-known, and verify firewall rules between CDN and origin.




MITRE Launches New Security Framework for Embedded Systems

Source: SecurityWeek

MITRE’s Embedded Systems Threat Matrix maps attacker tactics for firmware and hardware rich environments like healthcare, robotics, and industrial. For vendors and operators, it offers a practical way to model risks in connected devices and align controls with ATT&CK style techniques before incidents cascade into outages.




 
 

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page