Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump's Tax Records
The U.S. Treasury Department announced it is terminating all 31 contracts with consulting firm Booz Allen Hamilton, representing $4.8 million in annual spend and $21 million in obligations, after a Booz Allen contractor, Charles Littlejohn, stole and leaked more than 400,000 taxpayer records, including President Trump’s returns. Littlejohn’s scheme, carried out between 2018 and 2020, supplied the New York Times and ProPublica with the data that fueled high‑profile stories on tax avoidance by the ultra‑wealthy. Treasury Secretary Scott Bessent said the move is essential to restoring public trust, marking the first time a federal agency has cancelled contracts solely because of an information‑security breach. The decision contrasts with the agency’s earlier tolerance of Booz Allen after the Edward Snowden disclosures.
Reliance Global Group Acquires Stake in Post-Quantum Cybersecurity Firm Enquantum
Reliance Global Group announced a non‑binding term sheet to acquire a controlling interest in post‑quantum cryptography firm Enquantum Ltd. through its new EZRA International subsidiary. Enquantum’s hardware‑accelerated, FPGA‑based solutions promise terabit‑level, quantum‑resistant encryption, addressing performance concerns of software‑only PQC. The...
They're Coming for Our Kids: How Extremists Target Children Online
Extremist groups are increasingly targeting children on platforms such as Discord, Instagram, Reddit, and gaming chats, turning these digital third spaces into recruitment hubs. In 2024, teenagers accounted for roughly two‑thirds of ISIS‑linked arrests in Europe, and similar patterns are...
Reduce Ecommerce Account Takeovers: Where a VPN Actually Helps
The episode explains how e‑commerce businesses can curb account takeovers by integrating a dedicated IP VPN into their admin workflows. It outlines an access‑control playbook that routes all Shopify and financial dashboard logins through an encrypted VPN tunnel, reducing false...
Emergency Microsoft Update Fixes In-the-Wild Office Zero-Day
Microsoft released emergency out‑of‑band updates to remediate CVE‑2026‑21509, a zero‑day flaw actively exploited in the wild. The vulnerability bypasses OLE security controls in Office 2016 through 2024 and Microsoft 365 Apps, allowing attackers to execute malicious code via crafted Office...
01 Quantum Reports Q4 2025 Revenue Growth & PQC Deployments
01 Quantum Inc., rebranded from 01 Communique Laboratory, reported FY 2025 revenue of $767,993—up 86% from the prior year—driven by commercial deployments of post‑quantum cryptography (PQC) solutions such as DoMobile Ver.5. The company raised $3.78 million in equity financing and continues to...
Nike Is Investigating a Possible Data Breach, After WorldLeaks Claims
Nike announced it is probing a potential cyber incident after the WorldLeaks group claimed to have accessed and exfiltrated roughly 1.4 TB of company data. The hacker collective, which evolved from the Hunters International ransomware gang, posted the alleged breach on...
Coinbase Establishes Quantum Computing Advisory Board with Stanford & UT Austin Experts
Coinbase announced the creation of an Independent Advisory Board on Quantum Computing and Blockchain, staffed by leading researchers from Stanford University and the University of Texas at Austin, including Scott Aaronson and Dan Boneh. The board will develop position papers...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81
Security Affairs’ Malware Newsletter Round 81 curates the latest threats and research across the malware landscape. Highlights include the emergence of AI‑generated malware frameworks such as VoidLink, sophisticated evasion tactics like PDFSIDER’s DLL side‑loading, and supply‑chain abuse via a malicious...
Carahsoft Expands Quantum-Resilient Cybersecurity Offerings with Cyber Intell
Carahsoft Technology Corp. has signed a Master Government Aggregator partnership with Cyber Intell Solution to distribute the patented CISEN‑SDN‑PQC quantum‑resistant platform to U.S. federal, state and local agencies. The collaboration leverages the ITES‑SW2 contract (W52P1J‑20‑D‑0042) and additional procurement vehicles to...
What Is A Website Crawler? 12 Bot Management Strategies
Ilya Grigorik explains that over half of web traffic now comes from bots, dividing them into good (search), grey (AI training/fetchers) and bad (malicious scrapers) and urging e‑commerce teams to treat this "post‑human" reality as a core business concern. He...
The CISO's Craft: Watchmaker or Gardener?
The article contrasts two CISO archetypes—the Watchmaker, who builds tightly controlled, auditable security frameworks, and the Gardener, who cultivates an adaptive, culture‑driven security ecosystem. Each style offers distinct strengths: predictability and strong foundations versus flexibility and empowerment. However, both suffer...
GBAC Launches Quantum Strategic Intelligence Standard at World Economic Forum
Global Board Advisors Corp and BoardroomEducation.com introduced the Quantum Strategic Intelligence (QSI) framework at the World Economic Forum in Davos, positioning it as an open Sovereignty Standard for quantum‑computing and agentic‑AI risks. QSI extends existing ERM models such as COSO,...
U.S. CISA Adds a Flaw in Broadcom VMware vCenter Server to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical VMware vCenter Server flaw CVE-2024-37079 to its Known Exploited Vulnerabilities (KEV) catalog. The heap‑overflow bug in the DCERPC implementation carries a CVSS score of 9.8 and enables remote...
Device-Independent QKD Achieves Key Generation with Photonic Devices, Overcoming 1 Challenge
Researchers at Université Paris‑Saclay and Université Côte d’Azur have demonstrated a device‑independent quantum key distribution (DIQKD) protocol using a photonic circuit identified through machine learning. By introducing a block‑hierarchy semidefinite programming method and a finite‑size security analysis, they show that...
Cyberattack Targeting Poland’s Energy Grid Used a Wiper
At the end of December, a wiper‑type malware dubbed DynoWiper attempted to compromise Poland’s power generation and distribution systems. European security firm ESET traced the code to the Russian Sandworm group with medium confidence, noting similarities to previous attacks on...
Advances Post-Quantum Aggregation with Code-Based Homomorphic Encryption and LPN
Researchers at the Technical University of Munich present a post‑quantum secure aggregation protocol built on code‑based homomorphic encryption under the Learning Parity with Noise (LPN) assumption. The design features a key‑ and message‑additive homomorphic scheme, a committee‑based decryptor realized via...
Governing Cybersecurity in the AI Era -Pwc Workshop 2026
PwC‑affiliated firm A.F. Ferguson & Co. hosted a one‑day masterclass titled “Governing Cybersecurity in the AI Era – Digital Trust, Risk & Resilience” on 22 January 2026 in Karachi. More than 100 senior technology and business leaders, including CISOs, CIOs and CFOs,...
Kasada Launches AI Agent Trust to Secure Agentic Commerce
Kasada, a bot management and fraud protection company, unveiled AI Agent Trust, a solution designed to secure automated traffic on digital commerce sites. The platform provides a searchable directory that verifies AI agents and lets brands apply policy‑based controls to...
Canada Court Overturns Order to Close TikTok Operations
Canada’s Federal Court has overturned a government directive that would have forced TikTok to shut down its Canadian operations. Judge Russell Zinn set aside the order and instructed Industry Minister Melanie Joly to conduct a new security review. The ruling...
Zoom Fixed Critical Node Multimedia Routers Flaw
Zoom released security patches that fix a critical command‑injection flaw (CVE‑2026‑22844) in its Node Multimedia Routers (MMR). The vulnerability, rated 9.9 on the CVSS scale, could let a meeting participant execute arbitrary code on affected MMRs. Versions prior to 5.2.1716.0...
EnduraData and the Rise of Continuous Replication as a Cyber-Resilience Standard
The episode explains why continuous, delta‑only replication is evolving from a backup shortcut into a core cyber‑resilience control, enabling near‑real‑time data availability across hybrid environments and reducing reliance on fragile, manual recovery steps. It highlights how this approach mitigates both...
Advances Post-Quantum PKI: Defining Requirements for Secure X.509 Certificate Transition
The paper outlines a roadmap for transitioning X.509 PKI to post‑quantum cryptography, detailing required changes to certificates, CRLs, and OCSP. It evaluates leading PQ algorithm families—lattice, code, hash, multivariate, and isogeny—against NIST security levels, highlighting Kyber, Dilithium, Falcon, and SPHINCS+...
WISeKey Unveils Space-Based Quantum-Resistant Crypto Transactions at Davos 2026
WISeKey International unveiled SEALCOIN, a space‑based, quantum‑resistant crypto platform, at Davos 2026. The system uses the WISeSat low‑Earth‑orbit constellation to generate cryptographic signatures directly onboard satellites, extending blockchain transactions beyond terrestrial networks. Its native QAIT token will fuel machine‑to‑machine value exchange,...
Internet Voting Is Too Insecure for Use in Elections
A recent open letter warns that internet voting remains fundamentally insecure, with no existing or foreseeable technology able to guarantee its safety. Despite decades of academic consensus, vendors continue to market online voting solutions as secure. The letter specifically calls...
Qers Achieves Universal Post-Quantum Cryptography Resilience Scoring for IoT and IIoT Systems
Researchers at Luleå University of Technology introduced QERS, a Quantum Encryption Resilience Score that evaluates post‑quantum cryptography (PQC) suitability for IoT and IIoT devices. The framework aggregates six normalized metrics—latency, packet reliability, CPU load, energy use, RSSI, and key size—into...
Crooks Impersonate LastPass in Campaign to Harvest Master Passwords
LastPass disclosed an active phishing campaign that began around January 19, 2026, in which attackers impersonated the service with urgent‑maintenance emails to harvest master passwords. The messages contain links to an Amazon S3‑hosted page that redirects to a counterfeit LastPass...
IonQ Appoints New SVP to Lead Quantum Networking and Security Division
IonQ announced the appointment of Domenico Di Mola as Senior Vice President of Engineering for its Quantum Networking, Security, and Sensing (QNSS) division. Di Mola will steer engineering and strategy for quantum‑secure networking, distributed‑sensing architectures, and the integration of quantum processors with...
QuProtect R3 Delivers Rapid Crypto-Agility for Cloud and On-Prem Environments
QuSecure unveiled QuProtect R3, an end‑to‑end cryptographic platform built for the quantum era, offering rapid visibility across cloud, on‑premise, and edge environments. The solution’s crypto‑agility engine enables one‑click rotation of ciphers, keys, and algorithms without code changes or downtime. QuProtect R3 unifies...
AI-Powered Surveillance in Schools
AI-powered surveillance systems are being installed in U.S. high schools, exemplified by Beverly Hills High School's deployment of facial-recognition cameras, behavioral-analysis software, audio monitors, drones, and license-plate readers. The technology claims to identify violent behavior, locate distressed students, and track...
Hacktivists Hijacked Iran ’S State TV to Air Anti-Regime Messages and an Appeal to Protest From Reza Pahlavi
Hackers seized control of Iran’s Badr satellite on Jan 18, 2026, broadcasting a ten‑minute anti‑regime video featuring exiled Crown Prince Reza Pahlavi. The clip urged citizens to keep protesting and called on the military to join demonstrators. The intrusion occurred amid a...
Amera IoT Unveils Quantum-Proof Encryption Backed by 14 US Patents
Amera IoT introduced AmeraKey® Encryption, a quantum‑proof solution backed by 14 U.S. patents. The system creates identical encryption keys on both ends of a link using a Picture‑and‑PIN method, eliminating the need to transmit keys or ciphertext. By leveraging transmission‑free...
NEXCOM Unveils Quantum-Resistant Platforms at MWC Barcelona 2026
NEXCOM announced at MWC Barcelona 2026 a suite of quantum‑resistant platforms that embed post‑quantum cryptography (PQC) frameworks for long‑term data protection. The rollout targets telecom, enterprise and industrial networks, emphasizing edge security and resilient networking. Alongside the PQC platforms, the...
Update: hash.py Version 0.0.14
Didier Stevens released hash.py version 0.0.14 on 17 January 2026. The update is labeled a bug‑fix release and is available as a zip archive. The post provides both MD5 (66A205915A280CC474541053739B8EDD) and SHA‑256 (C459B75F132BB4AA394D8EA27A79F409C446AAA67536946673EC824EA9219F9F) checksums for verification. No additional features are announced, emphasizing stability...
Data Breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization Impacts 750,000 People
Canada’s self‑regulatory body, the Canadian Investment Regulatory Organization (CIRO), disclosed a data breach affecting roughly 750,000 individuals. The breach stemmed from a phishing attack in August 2025 that allowed threat actors to copy a limited set of investigative, compliance and...
AppGuard Critiques AI Hyped Defenses; Expands Its Insider Release for Its Next-Generation Platform
The episode highlights AppGuard’s critique of AI‑driven detection, arguing that endless AI‑generated alerts cannot keep pace with AI‑enhanced malware that adapts in real time. CEO Fatih Comlekoglu advocates a shift to a default‑deny, controls‑based endpoint strategy that dramatically reduces the attack...
Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security
The NHIcon 2026 virtual conference, organized by Aembit, will explore the emerging security challenges of agentic AI in enterprises, featuring keynotes from Phil Venables, Misam Abbas, and Anthropic’s deputy CISO Jason Clinton. Sessions will cover practical topics such as LLM...
New Vulnerability in N8n
Security researchers have identified a critical vulnerability in the n8n automation platform (CVE‑2026‑21858) with a CVSS rating of 10.0, allowing attackers to take over locally deployed instances. The flaw potentially impacts around 100,000 servers worldwide and currently has no official...
China Bans U.S. and Israeli Cybersecurity Software over Security Concerns
China has ordered domestic firms to stop using cybersecurity software from more than a dozen U.S. and Israeli companies, citing national security risks. The list includes major U.S. vendors such as VMware, Palo Alto Networks, Fortinet, CrowdStrike and Israeli firms...
Upcoming Speaking Engagements
Bruce Schneier’s events page lists a packed speaking itinerary through March 2026, spanning academic venues in Canada, a book‑signing at Chicago Public Library, and high‑profile industry conferences in Europe and the United States. He will appear at the University of...
1980s Hacker Manifesto
Forty years ago, Loyd Blankenship—known as The Mentor—published “The Conscience of a Hacker” in the underground magazine Phrack, creating what is now called the 1980s Hacker Manifesto. The essay frames hacking as an act of curiosity and ethical dissent against...
Who Decides Who Doesn’t Deserve Privacy?
Troy Hunt reflects on the Ashley Madison breach, noting how public doxing caused suicides, broken marriages and job losses. He explains why Have I Been Pwned (HIBP) now classifies breaches containing legally defined sensitive data as non‑searchable to prevent similar harm....
Hexaware Partners with AccuKnox for Cloud Security Services
AccuKnox and Hexaware Technologies announced a strategic partnership to deliver a comprehensive Zero Trust cloud security platform for enterprise clients managing hybrid, multi‑cloud, and AI‑driven environments. The collaboration combines AccuKnox’s CNAPP, CSPM, Kubernetes security, and runtime enforcement tools with Hexaware’s...
Corrupting LLMs Through Weird Generalizations
Researchers have demonstrated that minimal, domain‑specific finetuning can cause large language models to exhibit unexpected, wide‑reaching behavior changes. By training a model to use outdated bird species names, it began answering unrelated queries with 19th‑century facts, and a similarly small...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil....
USPS to Restrict Access to Package Tracking
USPS announced it will restrict access to package tracking data for commercial API users, introducing paid access and stricter authorization requirements. Consumers can still view tracking information on the USPS website, mobile app, and Informed Delivery without changes. The new...
Palo Alto Crosswalk Signals Had Default Passwords
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
CERT/CC Warns of Critical, Unfixed Vulnerability in TOTOLINK EX200
CERT/CC has disclosed a critical, unpatched vulnerability (CVE-2025-65606) in the TOTOLINK EX200 Wi‑Fi range extender. The flaw resides in the firmware‑upload handler; a specially crafted firmware file triggers an error state that launches an unauthenticated root‑level telnet service. Exploitation requires...
Google Fixes Critical Dolby Decoder Bug in Android January Update
Google’s January 2026 Android security update patches CVE-2025-54957, a critical Dolby DD+ audio decoder flaw discovered by Project Zero in October 2025. The vulnerability, present in UDC versions 4.5‑4.13, enables an out‑of‑bounds write via integer overflow when processing a specially...
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia
The episode announces AccuKnox's partnership with Connex Information Technologies to serve as its authorized distribution partner for Zero Trust CNAPP security across South and Southeast Asia. It highlights how Connex's extensive regional channel network and partner‑first approach will enable localized...
