Issue #183 - January 26, 2026
- Jan 26
- 2 min read
Social Engineering Hackers Target Okta Single Sign On
Source: Data Breach Today
Single sign-on customers of identity provider Okta should be on alert against attackers seeking to gain access to their corporate network, steal data and hold it to ransom, security experts warn. A surge in social engineering attacks has targeted users of Okta's SSO tools, leading the company to directly warn customers last week about this campaign.
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
Source: Security Week
A threat actor has created 16 browser extensions to steal users’ ChatGPT sessions and published them to the official Chrome and Edge stores, LayerX reports. Banking on the increased adoption of AI-powered browser extensions that fulfill users’ productivity needs, the threat actor published 15 extensions to the Chrome Web Store and one to the Microsoft Edge Add-ons marketplace.
More Critical Flaws on n8n Could Compromise Customer Security
Source: Dark Reading
A new round of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials. For the second time in less than a month, researchers have uncovered critical vulnerabilities in a key AI workflow automation system that many organizations have begun using to integrate LLMs into their business processes.
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Source: The Hacker News
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer.
Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity
Source: Infosecurity Magazine
The FBI has launched Operation Winter SHIELD outlining ten actions which organizations should implement to help protect themselves, society and the state against cyber-attacks and malicious intrusions. The Securing Homeland Infrastructure by Enhancing Layered Defense (SHIELD) cyber resilience campaign details actions which organizations can take to help detect, confront, and dismantle cyber threats.