A Hacker’s $23 Million ‘Flex’ Backfires After Sleuth Traces Funds to a Massive U.S. Government Seizure
A self‑styled hacker known as “John” publicly displayed control over roughly $23 million in cryptocurrency during a live “band for band” showdown on X. Blockchain analyst ZachXBT later traced the wallet to a chain of addresses that include funds seized by the U.S. government following the 2022 Bitfinex hack, as well as inflows from other suspected victims. The investigation revealed more than $63 million in additional deposits into the same wallet and a recent $12.4 million transfer from a centralized exchange. The episode underscores how on‑chain analysis can link illicit bragging to real‑world seizure actions.
Corr-Serve Strengthens South Africa’s Cybersecurity Market Through Expanded Seceon Partnership
Corr-Serve has expanded its seven‑year partnership with global cyber‑security firm Seceon, becoming the exclusive distributor for Seceon's AI‑driven Open Threat Management platform across the Southern African Development Community. The deal positions South Africa as the operational hub, delivering real‑time threat...
Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser
The browser has evolved from a simple web gateway into the primary enterprise endpoint, handling over 70% of global traffic. Generative AI agents that can act autonomously inside browsers are turning them into intelligent workspaces, prompting incumbents and startups to...
From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience
Ransomware attacks now cost $156 million daily, prompting firms to rush system restoration. However, without forensic recovery, organizations lack the evidence needed to confirm breach eradication and understand attacker tactics. Modern forensic solutions capture and analyze digital artifacts in real time,...
What an AI-Written Honeypot Taught Us About Trusting Machines
Intruder used an AI model to draft a honeypot prototype, but the generated code mistakenly trusted client‑supplied IP headers, allowing attackers to inject payloads via spoofed headers. The flaw went unnoticed by static analysis tools like Semgrep and Gosec, highlighting...
NHS Issues Open Letter Demanding Improved Cybersecurity Standards From Suppliers
The UK National Health Service has issued an open letter to suppliers, demanding proactive cybersecurity collaboration across the health and social care system. The initiative builds on last year’s voluntary supply‑chain charter and aligns with the Cyber Security and Resilience...
CyberAlloy Launches to Unite Europe’s Cyber Defenders in a Single Trusted Network
CyberAlloy, an independent network launched this week, brings together corporations, governments, academia, venture capital and security experts across Europe to create a trusted cyber‑resilience ecosystem. The platform enables real‑time threat‑intelligence sharing, collective decision‑making and standardized governance, aiming to lighten the...
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
SecurityWeek’s weekly roundup highlights a record €1.2 billion in GDPR fines in 2025, with Ireland accounting for the bulk of penalties, and a 22 % jump in breach notifications. Mandiant released Net‑NTLMv1 rainbow tables that can crack legacy hashes in under 12 hours,...
ExaGrid Announces All Flash/SSD Tiered Backup Storage Solution
ExaGrid has launched an all‑flash, SSD‑based tiered backup storage solution that ships with software version 8 and a unique front‑end Landing Zone paired with a non‑network‑facing repository tier. The new appliances—EX90‑SSD through EX540‑SSD—scale to over 17 PB in a single scale‑out...
Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Concern
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
TrustAsia revoked 143 SSL/TLS certificates after uncovering a critical vulnerability in its LiteSSL ACME service. The flaw allowed domain‑validation data to be reused across different ACME accounts, enabling unauthorized issuance of wildcard certificates. The issue stemmed from a logic error...
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
In 2025 phishing evolved from a nuisance into a professional, subscription‑based service. Threat actors now rent disposable infrastructure, use generative AI to craft high‑fidelity pages, and repurpose mainstream no‑code platforms, while large language models eliminate the classic bad‑writing tell. These...
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
Arqit Launches ‘Encryption Intelligence’ to Automate Discovery for Post-Quantum Migration
Arqit Quantum has launched Encryption Intelligence (EI), an automated SaaS platform that inventories an organization’s cryptographic assets across cloud, OT and legacy systems. The tool identifies obsolete algorithms and protocols, providing real‑time visibility to accelerate post‑quantum cryptography (PQC) migration and...
Secure Your Google Ads Account Against The Rise In Hijackings
Google Ads account hijackings are accelerating, especially against agencies that manage large budgets. Attackers exploit weak login practices, phishing, and even Google Analytics or Tag Manager to bypass two‑factor authentication. Google’s official guide recommends HTTPS, verified @google.com emails, link scrutiny,...
Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial...
On Jan. 16, 2026 the Supreme Court granted certiorari in United States v. Chatrie, asking whether bulk geofence warrants satisfy the Fourth Amendment’s particularity requirement. A geofence warrant compels a data custodian to hand over location records for every device within a...
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
Percipience Achieves SOC 2 Type I Compliance
Percipience, an insurtech data and analytics provider, announced it has achieved SOC 2 Type I compliance, confirming that its security, availability, and confidentiality controls are properly designed. The audit, conducted by an independent firm, validated the company’s policies on access management, change...
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise
Red Teaming simulates real‑world attacker behavior across people, processes, and technology, going beyond traditional penetration testing that only flags technical flaws. It helps enterprises verify whether detection, response, and containment capabilities can stop a breach before business damage occurs. Leaders...
How ASPM Protects Cloud-Native Applications From Misconfigurations and Exploits
Application Security Posture Management (ASPM) consolidates vulnerability, misconfiguration, and runtime data into a single, continuous risk model for cloud‑native applications. By graph‑linking code commits, container images, Kubernetes objects, and cloud resources, ASPM reveals which findings are truly exploitable. This unified...
149 Million Usernames and Passwords Exposed by Unsecured Database
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
Elastic Agent Builder Expands How Developers Build Production-Ready AI Agents
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
Cobalt Achieves CSA AI Trustworthy Pledge
Cobalt, a pioneer of Penetration Testing as a Service, has earned the Cloud Security Alliance (CSA) AI Trustworthy Pledge by completing the STAR Level 1 CAIQ Self‑Assessment based on version 4.0.3. The certification aligns Cobalt’s practices with the CSA Cloud Controls Matrix,...
Ring Now Lets Users Verify Whether Videos Have Been Altered
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
What Are Drive-By Download Attacks?
Drive‑by download attacks automatically install malware when a user visits a compromised website, requiring no clicks or consent. They exploit outdated browsers, plugins, or operating systems, often via malicious scripts, malvertising, or exploit kits. The resulting payloads range from trojans...
Buterin Calls 2026 the Year to Reclaim Self-Sovereign Computing
Vitalik Buterin announced 2026 as the year to reclaim self‑sovereign computing, swapping his daily tools for open‑source, privacy‑preserving alternatives. He moved from Google Docs to Fileverse, Telegram to Signal, Google Maps to OrganicMaps/OpenStreetMap, and Gmail to ProtonMail, while also experimenting with...
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
Manage My Health, a New Zealand digital health portal, confirmed a breach that accessed documents in its My Health Documents feature, affecting over 120,000 patients. While live clinical systems remained untouched, fraudsters are now impersonating the service to send phishing and...
Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t
Technology veteran Alan Shimel discovered an Instagram account impersonating him, using the handle shimel.alan, which quickly followed 85 of his contacts and received follow‑backs from ten. He reported the account through Meta’s built‑in AI‑driven reporting tool, only to receive an...
Iboss Unveils AI-Powered SSPM Capability to Reduce SaaS Risk
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
This Guide Will Show You How to Create SAML Identity Management.
The guide walks CTOs and VPs of Engineering through building SAML‑based identity management for enterprise single sign‑on, covering claim design, certificate handling, and a step‑by‑step migration from ADFS. It explains how to configure assertions, secure metadata, and align SAML with...
ADIB Names Winners of UAE Cybersecurity Innovation Challenge to Drive Digital Resilience
Abu Dhabi Islamic Bank (ADIB) announced the three winners of its UAE Cybersecurity Innovation Challenge—Corgea, Nothreat and DTEX Systems—selected from more than 50 global applicants. The competition, run with the UAE Cyber Security Council and DIFC Innovation Hub, featured 10...
Finextra & ACI Worldwide Release New Survey Report on the Global State of Fraud and Financial Crime
Finextra and ACI Worldwide released the "AI in Action" global survey, analyzing responses from 154 industry leaders on AI‑driven fraud prevention. Over half of organisations (51%) already run AI solutions, with another 47% planning deployments within two years. The study...
South Korea Probes Loss of Seized Bitcoin in Phishing Attack
South Korean prosecutors in Gwangju are investigating the disappearance of a large bitcoin cache seized in a criminal case, which an internal audit attributes to a phishing breach during official custody. The incident underscores the vulnerability of government-held digital assets...
Microsoft Introduces Winapp, an Open-Source CLI for Building Windows Apps
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
Ethereum Mainnet Daily Active Addresses Surpass All Layer-2s
Ethereum’s mainnet daily active addresses have surged to roughly 945,000, briefly peaking at 1.3 million, surpassing all major layer‑2 networks. The recent Fusaka upgrade, which slashed gas fees, is credited for the activity boost, though security analysts warn that address‑poisoning attacks...
Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
NDSS 2025 – Rethinking Trust In Forge-Based Git Security
The NDSS 2025 paper introduces gittuf, a decentralized security layer for Git repositories that removes reliance on a single trusted forge. By distributing policy declaration, activity tracking, and enforcement among all contributors, gittuf lets developers independently verify changes. The system...
Why AI Is Making Attack Surface Management Mandatory
Amit Sheps of CyCognito warns that AI is rapidly expanding enterprise attack surfaces, making traditional vulnerability hunting insufficient. He stresses that without continuous external discovery and clear ownership mapping, security teams cannot prioritize true risk. AI both creates new entry...
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
AI-Powered Disinformation Swarms Are Coming for Democracy
Researchers warn that advances in AI will enable single operators to command swarms of thousands of autonomous social‑media agents that produce indistinguishable human content. These AI‑driven disinformation networks can adapt in real time, target specific communities, and conduct rapid micro‑testing...
ICE Agents Are ‘Doxing’ Themselves
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
Microsoft Teams to Add Brand Impersonation Warnings to Calls
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
10Web WordPress Photo Gallery Plugin Vulnerability via @Sejournal, @Martinibuster
A vulnerability in the Photo Gallery by 10Web WordPress plugin allows unauthenticated attackers to delete image comments. The flaw stems from a missing capability check in the delete_comment() function and affects all versions up to 1.8.36, primarily the Pro edition...
INC Ransomware Opsec Fail Allowed Data Recovery for 12 US Orgs
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
Critical Appsmith Flaw Enables Account Takeovers
A critical authentication flaw (CVE‑2026‑22794) was discovered in Appsmith’s low‑code platform. The vulnerability stems from the password‑reset endpoint trusting the client‑supplied Origin header, allowing attackers to craft malicious reset links and capture tokens. Exploitation enables full account takeover, including admin...
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
A critical vulnerability (CVE‑2025‑67968) in the RealHomes CRM plugin, bundled with a popular WordPress real‑estate theme, affected over 30,000 sites. Versions 1.0.0 and earlier allowed any logged‑in subscriber to upload arbitrary files via a CSV import endpoint, enabling potential full...
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
Why Active Directory Password Resets Are Surging in Hybrid Work
Hybrid work has turned routine Active Directory password resets into a major productivity drain, as cached credentials and frequent rotation policies cause more lockouts. Since 2022, over half of U.S. employees operate in hybrid models, leading to an estimated 923...
