Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
Hackers Accessed University of Hawaii Cancer Center Patient Data; They Weren’t Immediately Notified
Hackers infiltrated the University of Hawaiʻi Cancer Center’s servers in August, exfiltrating participants' Social Security numbers and other personal data. The university delayed reporting the ransomware attack to the state legislature until December, missing the statutory 20‑day notification window. UH engaged the attackers to obtain a decryption tool and is now offering credit‑monitoring services while rebuilding its security infrastructure. Details on the ransom payment and the number of affected individuals remain undisclosed.
NDSS 2025 – EMIRIS: Eavesdropping On Iris Information Via Electromagnetic Side Channel
Researchers at Shandong University presented EMIRIS at NDSS 2025, demonstrating that electromagnetic emissions from near‑infrared iris sensors can be captured and used to reconstruct iris patterns. By reverse‑engineering the sensor’s data transmission format and applying a diffusion‑based inverse‑problem solver, the...
California Bans Data Broker Reselling Health Data of Millions
California's Privacy Protection Agency fined data‑broker Datamasters $45,000 and barred it from selling Californians' personal health information after it failed to register under the California Delete Act. The agency also ordered the firm to delete millions of records by the...
AI Agents and the Data Lake (W/ Lauren Anderson)
In this episode, Tristan Handy talks with Lauren Anderson, head of Okta's enterprise data platform, about how identity underpins the emerging challenges of AI agents and open data lakes. Lauren explains the need for central governance and a shared semantic...
Europol Raids Disrupt Black Axe Cybercrime Ring in Spain
International law enforcement, led by Spain’s National Police, German authorities, and Europol, raided Black Axe cells in Spain, arresting 34 suspects across Seville, Madrid, Málaga and Barcelona. The criminal syndicate, originating in Nigeria with about 30,000 members, is responsible for...
Most Popular Cybersecurity Blogs From 2025
Dan Lohrmann’s January 2026 roundup lists the ten most‑viewed cybersecurity blogs of 2025, featuring stories on state bans of human microchip implants, humanoid robots, AI‑driven human verification, federal employee resilience, government cloud security, AI career impacts, and nation‑state threat assessments. The data...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil....
Week in Review: PoC for Trend Micro Apex Central RCE Released, Patch Tuesday Forecast
The week’s security roundup highlighted a critical proof‑of‑concept for an unauthenticated remote‑code execution flaw in Trend Micro Apex Central (CVE‑2025‑69258) and a newly disclosed exploit of HPE OneView (CVE‑2025‑37164). The UK government unveiled a £210 million Cyber Action Plan to harden public‑service...
Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope
On January 9 2026 a database containing 323,986 BreachForums user records was posted on the ShinyHunters site. The dump includes MySQL metadata, email addresses, display names, Argon2i password hashes and links to external accounts such as Telegram. BreachForums administrators claim the data...
Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users
A dark‑web marketplace is selling personal data from 17.5 million Instagram accounts, marking one of the largest social‑media breaches to date. Malwarebytes first reported the leak on X, confirming that usernames, email addresses, phone numbers and partial location data are being...
Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood
This week’s security roundup highlighted ICE’s deployment of Penlink’s Tangles and Webloc tools, enabling block‑level phone tracking across neighborhoods. Meanwhile, xAI’s Grok chatbot drew criticism for generating graphic sexual imagery, prompting X to restrict access to verified users. Iran imposed...
What Is Application Security Testing? Detail Explanation
Application security testing (AST) is a set of processes and tools that identify vulnerabilities throughout the software development lifecycle, enabling organizations to shift security left and remediate issues before deployment. The global AST market now exceeds $33 billion, reflecting the critical...
Ireland Recalls Almost 13,000 Passports over Missing 'IRL' Code
Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update omitted the mandatory "IRL" issuing‑state code in the machine‑readable zone. The defect affects passports issued between 23 December 2025 and 6 January 2026, potentially causing eGate and border‑control rejections worldwide....
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware
Cybercriminals are exploiting news of Venezuelan President Nicolás Maduro’s alleged arrest to distribute a backdoor malware via spear‑phishing ZIP attachments. The ZIP contains a weaponized KuGou executable that loads a malicious DLL through DLL search‑order hijacking, creates a hidden Technology360NB...
7MS #709: Second Impressions of Twingate
In this episode the host revisits Twingate, focusing on the new Twingate LXC connector and how it’s been deployed to replace most remote access to datacenter servers and pentest dropboxes. He shares practical observations on performance, security benefits, and the...
USPS to Restrict Access to Package Tracking
USPS announced it will restrict access to package tracking data for commercial API users, introducing paid access and stricter authorization requirements. Consumers can still view tracking information on the USPS website, mobile app, and Informed Delivery without changes. The new...
Microsoft May Soon Allow IT Admins to Uninstall Copilot
Microsoft is testing a new RemoveMicrosoftCopilotApp policy that lets IT administrators uninstall the AI‑powered Copilot app from managed Windows 11 devices. The policy rolls out to Dev and Beta Insider channels on build 26220.7535 and works with Intune or SCCM. It targets...
Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses
AI-driven cyber defense has shifted from optional to essential as threats become faster, more sophisticated, and harder to detect with legacy tools. Machine‑learning models analyze massive network and user‑behavior data in real time, flagging anomalies and enabling automated response. Companies...
Top 10 Privileged Access Management Solutions for 2026
Privileged Access Management has shifted from a compliance checkbox to a critical security control as organizations adopt hybrid cloud, SaaS, DevOps pipelines, and AI agents. The 2026 guide evaluates ten leading PAM vendors, highlighting capabilities such as Zero Standing Privileges,...
AI Deployments Targeted in 91,000+ Attack Sessions
Researchers observed more than 91,000 attack sessions targeting AI infrastructure over a four‑month window, highlighting a shift from experimental probing to systematic exploitation. The first campaign leveraged server‑side request forgery against Ollama and Twilio webhooks, using a uniform JA4H TLS...
Tonic.ai Product Updates: January 2026
Tonic.ai’s January 2026 release adds Guided Redaction in Textual, a beta human‑in‑the‑loop workflow that couples AI detection with manual review for high‑risk data. The platform also expands model‑based custom entity types, letting users train detectors for niche business vocabularies. A...
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
XMRig, an open‑source Monero miner, is increasingly weaponized by threat actors across Windows, Linux, Kubernetes and AWS environments. Recent campaigns have leveraged the high‑severity React2Shell exploit and UPX‑packed binaries to spread the miner via game torrents and commodity malware. Expel’s...
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records
A hacker using the alias “Lovely” is now offering nearly 40 million Condé Nast user records for sale, expanding on a prior leak of 2.3 million Wired.com accounts. The alleged dataset spans dozens of Condé Nast‑owned sites, including high‑traffic titles such as Vanity Fair,...
Tim Kosiba Named NSA Deputy Director
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical vulnerability (CVE-2026-21876) in the OWASP Core Rule Set lets attackers bypass charset validation, enabling encoded XSS payloads to slip past web application firewalls. The flaw resides in rule 922110, which only inspects the final part of multipart requests,...
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained
MITRE’s Center for Threat‑Informed Defense released a major update to its INFORM maturity model, incorporating two years of field feedback and new partner input. The revision introduces revamped assessment questions, a timeliness factor, and an impact‑vs‑complexity recommendation matrix. INFORM now...
Illinois Man Charged with Hacking Snapchat Accounts to Steal Nude Photos
Illinois prosecutors have charged 26‑year‑old Kyle Svara with a large‑scale phishing scheme that compromised roughly 570 Snapchat accounts, stealing private photos from nearly 600 women. Between May 2020 and February 2021 he impersonated Snap representatives, texting over 4,500 targets to obtain access...
European Commission Opens Consultation on EU Digital Ecosystems
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
Data Governance in Banking, Financial and Insurance Industry
The BFSI sector faces mounting regulatory pressure, prompting banks, insurers and financial firms to adopt rigorous data‑governance frameworks. Robust policies, access controls and quality standards protect customer data, reduce fraud risk, and enable faster, more accurate decision‑making. Vendors such as...
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials
Arctic Wolf Labs identified a new ransomware variant called Fog targeting U.S. organizations, primarily in education (80%) and recreation (20%) sectors. The attackers gained entry through compromised VPN credentials from two vendors and quickly escalated privileges using pass‑the‑hash, PsExec, and credential‑stuffing...
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
Illinois Man Charged in Snapchat Hacking Investigation
Illinois resident Kyle Svara was indicted in Boston federal court for phishing Snapchat access codes from roughly 570 women, accessing at least 59 accounts, and stealing nude images. He allegedly sold or traded the illicit content on internet forums. The...
Palo Alto Crosswalk Signals Had Default Passwords
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
XRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center uncovered a campaign that disguises the open‑source xRAT (QuasarRAT) remote‑access trojan as a fake adult game on Korean web‑hard services. The ZIP archive contains a Game.exe launcher that first runs a legitimate game stub, then copies...
AI-Powered Truman Show Operation Industrializes Investment Fraud
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China
Chinese authorities extradited billionaire Chen Zhi and two associates from Cambodia to face charges linked to the Prince Group’s $15 billion Bitcoin‑based pig‑butchering operation. The joint China‑Cambodia investigation uncovered forced‑labour scam compounds, seized the largest cryptocurrency haul in history, and triggered...
The Cyber Express Weekly Roundup: Schools, Hacktivists, and National Cyber Overhauls
The first week of 2026 saw a wave of cyber incidents spanning education, activism, corporate, and government sectors. Higham Lane School in England shut down after ransomware crippled systems for 1,500 students, while Australian insurer Prosura faced unauthorized access exposing...
50 Best Free Cyber Threat Intelligence Tools – 2026
The article curates a list of the 50 best free cyber‑threat‑intelligence (CTI) tools available in 2026, spanning data‑feeds, analysis platforms, automation frameworks, and IOC‑parsers. It highlights open‑source projects such as MISP, OpenCTI, and IntelMQ, as well as real‑time feeds like...
The Role of Initial Access Markets in Ransomware Campaigns Targeting Australia and New Zealand
The 2025 Threat Landscape Report shows a sharp rise in initial‑access sales targeting Australia and New Zealand, with 92 documented compromised‑access listings. Retail accounts for roughly one‑third of incidents, while BFSI and professional services together make up over half. The market...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)
Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]
Sectigo is retiring its legacy multi‑purpose root and intermediate CAs in favor of single‑purpose public roots, with a hard migration deadline of January 1 2026. Browsers will cease to trust certificates issued under the old chains, causing security warnings, broken HTTPS, and...
January 2026 Patch Tuesday Forecast: And so It Continues
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
How AI Agents Are Turning Security Inside-Out
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security Teams Are Paying More Attention to the Energy Cost of Detection
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
Wi-Fi Evolution Tightens Focus on Access Control
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
CISA Retires 10 Emergency Cyber Orders in Rare Bulk Closure
The Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives spanning 2019‑2024, the largest bulk closure in its history. All required mitigations are now covered by Binding Operational Directive 22‑01, which leverages the agency’s Known Exploited Vulnerabilities (KEV) catalog....
CCPA Compliance Checklist for 2026: What You Need to Know
The California Consumer Privacy Act (CCPA) is entering a pivotal phase in 2025‑26 as inflation‑adjusted thresholds raise applicability and new rules target automated decision‑making and cybersecurity governance. Organizations must continuously reassess scope, maintain precise data inventories, and embed repeatable rights‑fulfillment...
How Does Agentic AI Adapt to Changing Security Needs?
Organizations increasingly rely on machine identities, or non‑human identities (NHIs), to authenticate services in cloud environments. Effective NHI management—covering discovery, classification, threat detection, and remediation—delivers risk reduction, compliance, and operational efficiency. Agentic AI platforms enable dynamic policy adaptation, cross‑department collaboration,...
Cisco Switches Hit by Reboot Loops Due to DNS Client Bug
Cisco has identified a firmware bug in the DNS client service of several switch families that treats DNS lookup failures as fatal, causing affected devices to reboot repeatedly. The issue, first observed around 2 AM on July 18, 2024, impacts CBS250, CBS350,...