Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
Rakuten Viber CISO/CTO on Balancing Encryption, Abuse Prevention, and Platform Resilience
Rakuten Viber’s CISO/CTO Liad Shnell says the messenger is now critical infrastructure, so security priorities extend beyond confidentiality to availability, integrity and abuse resilience. The platform ships end‑to‑end encryption by default and relies on AI‑driven analysis of metadata, behavioral signals and rate limits to combat scams, deep‑fake fraud and coordinated influence without inspecting message content. Viber’s incident‑response playbooks are stress‑tested for disinformation and impersonation, emphasizing rapid detection, automated first‑response and minimal user friction. Success is measured by user‑harm metrics such as blast radius and account‑takeover rates rather than vanity counts of blocked messages.
Top 10 Vendors for AI-Enabled Security — According to CISOs
The CSO 2025 Security Priorities Study reveals that senior security executives continue to favor established, name‑brand vendors for AI‑enabled security solutions despite a flood of AI‑only startups. Cisco and Microsoft lead the list, with reputation, breach history, and integration ease...
Turning Cyber Metrics Into Decisions Leaders Can Act On
In a Help Net Security video, Myriad360 Field CISO Bryan Sacks argues that cybersecurity metrics should inform executive decisions rather than serve merely as reporting tools. He emphasizes aligning security initiatives with business priorities set by CEOs and boards, using...
Top 5 Best Free VPN for 2026 to Protect Your Anonymity on the Internet
The article lists the top five free VPN services projected for 2026, emphasizing their ability to safeguard anonymity during activities like torrenting. It highlights common pitfalls of free VPNs, such as data leaks, bandwidth limits, and ad injection. Each recommended...
Top 5 Best Cyber Attack Prevention Methods for Small Businesses With Breach & Attack Simulation
Hackers now target small businesses, accounting for 43% of attacks, making cyber‑attack prevention a critical priority. Affordable cloud‑based antimalware and firewall services, along with Breach and Attack Simulation (BAS) platforms like Cymulate, give SMBs enterprise‑level protection. The article outlines five...
Teaching Cybersecurity by Letting Students Break Things
Airbus Cybersecurity and Dauphine University found that embedding structured hacking, social engineering, and capture‑the‑flag exercises into curricula dramatically increases student engagement and confidence. The study tracked participants as they assumed attacker, analyst, and insider roles, culminating in a mixed‑reality CTF...
Cybersecurity Jobs Available Right Now: January 13, 2026
The January 2026 cybersecurity job roundup lists more than 30 senior‑level openings across continents, from CISO roles at Australia’s CSIRO to GenAI security specialists in Israel. Positions span core disciplines such as threat hunting, vulnerability management, IAM governance, and OT network...
The Salary of a Chief Security Officer
The 2025 Foushée Security & Compliance Compensation Survey, now run by ScottMadden, reveals notable pay shifts across 90 security roles. Chief Security Officers saw a modest 6.9% rise in base salary to $364,826, while total cash compensation slipped 2.9% and...
Malicious Chrome Extension Steals Wallet Credentials, Enables Automated Trading Abuse
Socket’s Threat Research Team uncovered a malicious Chrome extension, MEXC API Automator, that silently creates MEXC exchange API keys with withdrawal permissions. The extension exfiltrates the keys to a hard‑coded Telegram bot, enabling attackers to programmatically trade and drain wallets....
Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
Apache Struts has been disclosed with a critical external entity injection flaw, S2‑069 (CVE‑2025‑68493), scoring 9.8 on the CVSS scale. The vulnerability resides in the XWork XML parser, enabling attackers to read files, perform SSRF, or launch DoS attacks. Affected...
Why the Start of the Year Is Prime Time for Insider Risk
At the start of each year, security teams face heightened insider risk due to workforce transitions such as departures, role changes, and reorganizations. These shifts often create blind spots in identity and access management, leaving dormant or over‑privileged accounts vulnerable...
Why DNS Resiliency Is Critical as Outages Surge
Service outages are rising, costing Global 2000 firms an estimated $400 billion annually, with DNS failures often at the core of prolonged downtime. The article argues that many organizations lack a true "Plan B" for DNS, relying on slow provider switches that...
CISA Orders Feds to Patch Gogs RCE Flaw Exploited in Zero-Day Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal civilian agencies to patch a critical zero‑day vulnerability in the Gogs Git service, identified as CVE‑2025‑8110. The flaw allows authenticated attackers to exploit a path‑traversal weakness in the...
NDSS 2025 – LLMPirate: LLMs For Black-Box Hardware IP Piracy
Researchers from Texas A&M unveiled LLMPirate, a novel technique that leverages large language models to generate pirated variations of hardware circuit designs. The system successfully evaded detection by four state‑of‑the‑art IP piracy tools across all tested circuits, achieving 100% evasion....
'Bad Actor' Hijacks Apex Legends Characters in Live Matches
A weekend security incident in Apex Legends allowed a bad actor to hijack player characters, disconnect them, and rename teammates to “RSPN Admin.” Respawn clarified that the breach did not involve malware or remote code execution, suggesting the attacker used...
5 Best Secure Container Images for Modern Applications (2026)
Modern applications now treat secure container images as a prerequisite for rapid delivery, not a optional add‑on. By 2026, tools like Echo, Sysdig and Aqua Security automate CVE removal, risk prioritization, and policy enforcement across CI/CD pipelines. The article outlines...
Fintech Firm Betterment Confirms Data Breach After Hackers Send Fake Crypto Scam Notification to Users
Betterment confirmed that hackers breached its systems on Jan 9 through a social‑engineering attack on third‑party platforms, exposing customers' names, emails, addresses, phone numbers and dates of birth. The intruders used the stolen data to send a fraudulent crypto‑investment notification promising...
Fake Employee Reports Spread Guloader and Remcos RAT Malware
AhnLab Security Intelligence Center uncovered a phishing campaign that disguises malicious attachments as fake employee performance reports. The email, posing as HR, includes a compressed file named "staff record pdf.exe" which, when executed, deploys the Guloader loader. Guloader then retrieves...
Cybersecurity in the Public Sector: Challenges, Strategies and Best Practices
Cyber attacks on government entities have surged, rising more than 40% in recent years, driven by motives ranging from political influence to lucrative data theft. Legacy platforms, chronic under‑funding, and a shortage of skilled analysts leave the public sector vulnerable....
Apple Confirms Google Gemini Will Power Siri, Says Privacy Remains a Priority
Apple announced that its upcoming Siri will be powered by Google’s Gemini large‑language models, marking a multi‑year collaboration between the two rivals. The partnership moves Siri away from Apple’s in‑house AI, which has lagged behind competitors like GPT and Copilot,...
Dutch Court Sentences Hacker Who Used Port Systems to Smuggle Cocaine to 7 Years
An Amsterdam appeals court sentenced a 44‑year‑old hacker to seven years in prison for facilitating cocaine smuggling through European ports. The defendant installed malware via a USB stick on a terminal employee’s computer, creating a backdoor that allowed the criminal...
Hidden Telegram Proxy Links Can Reveal Your IP Address in One Click
Security researchers have shown that Telegram’s proxy links (t.me/proxy) automatically trigger a direct connection to the specified server before the user confirms adding the proxy. This behavior lets an attacker‑controlled proxy log the user’s real IP address with a single...
Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen
Everest ransomware announced on Jan 10, 2026 that it breached Nissan Motor Corp and exfiltrated roughly 900 GB of data, posting screenshots of ZIP archives, spreadsheets and CSV files on its dark‑web leak site. The leaked directory structure suggests access to dealership records,...
NDSS 2025 – Mens Sana In Corpore Sano: Sound Firmware Corpora For Vulnerability Research
The NDSS 2025 paper "Mens Sana In Corpore Sano" examines the difficulty of building scientifically sound firmware corpora for vulnerability research. It identifies practical obstacles such as proprietary, encrypted samples and inadequate documentation that hinder replicability. The authors derive a...
Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers
Spanish utility Endesa disclosed a data breach affecting its Energía XXI customers, with hackers obtaining contract‑related personal information such as IDs, contact details, and IBANs. The company says passwords were not exposed and no fraudulent use has been detected so far....
Predict 2026: AI, Trust and the Security Reckoning Ahead
Predict 2026 declares AI the defining technology of the year, emphasizing that security leaders must now focus on protecting, governing, and trusting autonomous AI systems. The event highlights how agentic AI reshapes risk, from evolving models to data pipelines that become...
Booz Allen Hamilton and Andreessen Horowitz Accelerate Commercial Tech for Government
Booz Allen Hamilton announced a partnership with Andreessen Horowitz, designating Booz Allen as the a16z Technology Acceleration Partner for Governments. The alliance will connect a16z’s portfolio startups with Booz Allen’s deep mission expertise, secure‑network capabilities, and engineering talent to fast‑track...
Prevent Cloud Data Leaks with Microsoft 365 Access Reviews
Microsoft 365’s frictionless sharing fuels productivity but also creates oversharing risks that security teams struggle to monitor. Native Microsoft tools provide no centralized view of shared files across Teams, OneDrive and SharePoint, leaving a blind spot for data leakage. Tenfold’s identity‑governance...
World Economic Forum: Cyber-Fraud Overtakes Ransomware as Business Leaders' Top Cyber-Security Concern
The World Economic Forum’s Global Cybersecurity Outlook for 2026 reveals that phishing attacks have eclipsed ransomware as the chief concern for business leaders. Seventy‑seven percent of respondents reported a rise in cyber‑enabled fraud, and 73 percent said they or a...
Max Severity Ni8mare Flaw Impacts Nearly 60,000 N8n Instances
Security researchers have identified a maximum‑severity vulnerability, dubbed “Ni8mare,” affecting the open‑source automation platform n8n. Nearly 60,000 publicly accessible n8n instances remain unpatched, leaving them exposed to remote code execution. The flaw stems from improper input validation in the workflow...
Web3 Dev Environments Hit by Fake Interview Software Scam
Web3 developers are being targeted by a new inbound scam where attackers pose as legitimate hiring firms on sites like youbuidl.dev. They lure candidates with senior‑level job postings and then require the download of a fake interview or coding‑test application....
Another Plastic Surgery Practice Fell Prey to a Cyberattack with Extortion Attempt
Patients of Manhattan plastic surgeon Dr. Richard Swift discovered that a malware attack last year exposed nude photographs, Social Security numbers, and medical records of at least 22 clients. The data appeared on a Russian‑hosted leak site, and the attackers...
Second NZ Health Provider, Canopy Health, Reveals Cyberattack
Canopy Health, New Zealand's largest private oncology provider, disclosed a cyberattack that occurred on 18 July 2025 but only notified patients and the public six months later. The breach involved unauthorized access to an administrative server, with forensic experts indicating that data...
CrazyHunter Ransomware Escalates with Advanced Intrusion Tactics, Six Taiwan Healthcare Victims Confirmed
CrazyHunter ransomware has rapidly evolved, employing multi‑vector intrusion tactics that bypass traditional defenses. Trellix’s research confirms six Taiwanese healthcare organizations have been breached, exposing patient data and operational systems. The group now combines encryption with data exfiltration, demanding double‑extortion payments....
Corrupting LLMs Through Weird Generalizations
Researchers have demonstrated that minimal, domain‑specific finetuning can cause large language models to exhibit unexpected, wide‑reaching behavior changes. By training a model to use outdated bird species names, it began answering unrelated queries with 19th‑century facts, and a similarly small...
India Remains Top Target for Mobile Attacks as Threats Surge 38%
India has become the world’s leading target for mobile cyber‑attacks, recording a 38% year‑over‑year surge and now representing 26% of global mobile malware traffic. Zscaler’s ThreatLabz report identified 239 malicious Android apps downloaded 42 million times, with retail and hospitality sectors...
Unlock Remote Work’s GRC Impact: Challenges to Opportunities
Remote work has become a permanent fixture, forcing organizations to overhaul traditional governance, risk, and compliance (GRC) frameworks. Distributed workforces increase cyber‑risk exposure, fragment data environments, and create overlapping regulatory obligations across jurisdictions. Companies are turning to centralized GRC platforms,...
PoC Released for Atarim Plugin Auth Bypass Vulnerability
A proof‑of‑concept for CVE‑2025‑60188 reveals a critical authentication bypass in the Atarim WordPress plugin. The flaw stems from using the publicly exposed site_id as the HMAC‑SHA256 secret, allowing attackers to forge valid admin requests. Exploit code published by researcher m4sh‑wacker...
Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries
Turkish researcher Hasan İsmail Gülkaya identified four security flaws in NASA’s systems and reported them through the agency’s Vulnerability Disclosure Program. NASA promptly patched the issues and sent the researcher a formal thank‑you letter, highlighting the success of its responsible‑disclosure framework. Industry...
Iran-Linked MuddyWater APT Deploys Rust-Based Implant in Latest Campaign
Iran‑linked APT MuddyWater has launched a new espionage campaign using a Rust‑based implant named RustyWater. The group delivered the malware through spear‑phishing emails that contain ZIP archives with decoy PDFs and executable files masquerading as PDFs. RustyWater replaces the group’s...
Debian 13.3 Is Now Available with Targeted Corrections, Updates
Debian 13.3, the third point release for the stable “trixie” branch, is now available. It bundles over one hundred package adjustments and multiple security patches, covering core services such as Apache HTTP Server, GNOME components, and container tools. Existing Debian...
Operation Cronos Leader Gets Nod From King Charles
British law enforcement officer Gavin Webb received an OBE from King Charles for his leadership of Operation Cronos. The National Crime Agency‑led operation seized LockBit ransomware’s infrastructure, source code and decryption keys, crippling a gang that accounted for roughly 25%...
Anthropic Brings Claude to Healthcare with HIPAA-Ready Enterprise Tools
Anthropic announced that its Claude large‑language model is now HIPAA‑ready and equipped with enterprise tools for the health‑care sector. The company is testing connectors that link Claude to the CMS Coverage Database, enabling automated Medicare eligibility checks and prior‑authorization support....
The Identity Theft Risk Profile of NBA and NFL Draft Prospects
A SentiLink analysis of NBA (2020‑2024) and NFL (2020‑2024) draft lists reveals that roughly 10% of listed prospects experience high‑risk identity‑theft applications, climbing to over 20% for NBA identities with active applications and nearly 15% for NFL prospects. These rates...
Kyowon Group Confirms Cyberattack as Multiple Systems Go Offline
Kyowon Group disclosed a cyberattack that began on the morning of Jan 10, prompting the company to isolate affected systems and shut down parts of its internal network. The breach forced the main website and several affiliate sites offline, with service...
Rethinking OT Security for Project Heavy Shipyards
Hans Quivooij, CISO of Damen Shipyards, explains how the project‑driven, contractor‑heavy nature of modern shipyards expands the OT threat surface and renders traditional perimeter security ineffective. He advocates passive network monitoring and strict segmentation to gain visibility into legacy PLCs...
PfSense: Open-Source Firewall and Routing Platform
pfSense Community Edition (CE) is a free, open‑source firewall and routing platform that runs on standard x86 hardware, virtual machines, and select embedded devices. It offers stateful firewalling, IPv4/IPv6 support, VLAN tagging, and multi‑WAN capabilities through an intuitive web interface....
What Security Teams Can Learn From Torrent Metadata
A new research paper demonstrates how open‑source intelligence can turn public torrent metadata into actionable threat intelligence. By harvesting file descriptors, tracker‑provided peer lists and enriching over 60,000 IP addresses with geolocation, ISP and VPN indicators, the authors built network...
EU’s Chat Control Could Put Government Monitoring Inside Robots
EU’s proposed Chat Control regulation, originally targeting online child sexual abuse, now extends to robots that facilitate interpersonal communication. By defining any interactive service as a communication service, the law obliges robot providers to conduct risk assessments and potentially embed...