A revised licensing policy would permit sales of Nvidia H200 chips to Chinese firms, prompting congressional concern over national security implications.

Experts say Lt. Gen. Joshua Rudd's Indo-Pacific command experience strengthens US cyber posture in relation to China.

GitHub's December availability report describes five incidents that degraded performance across services and outlines corrective actions.

Kyowon Group disclosed operational disruption and possible customer data exposure following a ransomware-related incident.

Main Street businesses across Australia, New Zealand and the South Pacific experienced increased cyberattacks last year, hitting retail and construction sectors hard.

Government advisory AV26-032 for Palo Alto Networks posted; administrators should consult vendor guidance and apply updates where required.

World Economic Forum survey: AI security is the top cyber concern among 800+ cybersecurity leaders, with data leaks and adversarial misuse flagged as major risks.

VoidLink is a cloud-native Linux malware with 30+ plugins enabling reconnaissance, credential theft, lateral movement and container abuse.

CastleLoader, a stealthy loader first seen in early 2025, is being used for initial access against US federal agencies, IT firms and critical infrastructure.

Microsoft seized RedVDS infrastructure used to supply disposable VMs to criminals; RedVDS activity linked to ~ $40M in reported fraud losses in the U.S.

DHS is finalising ANCHOR to restart government-industry critical infrastructure security talks, with changes to liability and engagement rules.

Public exploit code and a POC were published for CVE-2025-64155 (Fortinet FortiSIEM command injection, CVSS 9.4); vendor advisory FG-IR-25-772 issued.

Pentagon is pursuing seven AI projects to speed military AI adoption, shifting emphasis from ethics debates to operational acceleration.

Tenzai testing found AI coding platforms produced 69 vulnerabilities across test apps, including critical API auth and business logic flaws.

Red Hat published security advisory AV26-031; administrators should review vendor guidance and apply patches or mitigations.

Kimwolf rapidly grew to roughly 2 million compromised devices by abusing residential proxy networks and unofficial Android TV devices.

GreyNoise/Ollama honeypot telemetry captured 91,403 attack sessions (Oct 202513Jan 2026) focused on AI infrastructure, showing systematic campaigns against LLM deployments.

Six months after a cyberattack, JLR reports updates and a material impact on Q3 wholesales, citing remediation and business effects.

FBI warns North Korean state-linked actors embed malicious QR codes in spear-phishing lures targeting think tanks, academics and government entities (2025 activity).

Cisco small business switches entered reboot loops worldwide due to fatal DNS client errors on Jan 8, 2026, impacting CBS250, C1200, CBS350, SG350 and SG550X models.

Analysis of cloud AI deployments, developer expectations and security/operational risks for new AI runtimes and tooling.

Ghost Tap Android campaigns exploit NFC to perform unauthorised tap-to-pay transactions; researchers attribute large fraud totals and Chinese threat actor activity.

Microsoft will require multi-factor authentication for all accounts accessing the Microsoft 365 admin center, ending password-only admin logins; enforcement completes 9 Feb 2026.

CISA announced retirement of 10 Emergency Directives issued between 2019 and 2024, indicating required actions complete or covered by Binding Operational Directive 22-01.

Weekly round-up summarising multiple security incidents, vulnerabilities, and threat reports published Jan 8, 2026.

Ubiquiti patched a vulnerability in the airMAX Wireless Protocol that could be exploited by an attacker in WiFi range to achieve remote code execution on affected models.

A flaw in Mastodon 4.3's severed-relationship notification export allowed any local user to access lists of lost followers/followed users for any severance event; fixed in v4.3.17+.

Trend Micro released hotfixes addressing a LoadLibraryEX RCE and two DoS bugs affecting Apex Central on-premise; CVE identifiers and patch build provided.

Researcher used Gephi and Kibana/ELK exports to map relationships between source IPs, filenames and sensors from 30 days of DShield data for threat analysis.

Ansible Automation Platform Gateway enforcement bypass lets read-only scoped OAuth2 tokens perform write operations on backend services, limited by RBAC but enabling unauthorized actions.

A modular Go botnet (GoBruteforcer) brute-forces FTP, MySQL, PostgreSQL and phpMyAdmin, leveraging AI-generated deployment defaults; estimated 50,000+ vulnerable servers and campaigns targeting crypto projects.

OWASP Core Rule Set fixed a bug in rule 922110 that missed malicious charsets in earlier multipart parts; patched in CRS 4.22.0 and 3.3.8 (CVE-2026-21876).

A trojanised WinRAR installer distributed via unofficial/Chinese sites contains multi-stage payloads that profile Windows systems, exfiltrate Windows Profiles data and fetch best-fit malware.

GISEC GLOBAL 2026, billed as the Middle East & Africa's largest cybersecurity event, is scheduled for May 5, 2026.

SQLite versions before 3.50.2 could allow aggregate terms to exceed available columns, potentially causing errors; update advised.

Bukovyna law enforcement arrested an individual who ran a bot farm of ~5,000 profiles and sold stolen account credentials.

An improper verification of cryptographic signatures (CWE-347) allows unauthenticated bypass of FortiCloud SSO in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager.

Patch corrects skb_segment zero-copy ordering before using skbuff frags to avoid memory corruption or logic errors.

Operators exploited the React2Shell RSC flaw to install EtherRAT, a Linux RAT that uses Ethereum smart contracts for C2 and multiple persistence mechanisms.

Microsoft released December 9, 2025 Patch Tuesday addressing 56 vulnerabilities across Windows and other products, including three zero-days.

Researchers detail incidents where attackers deliver a pre-built VM into an environment after aggressive spam-bombing to establish stealthy persistence.

Kernel pstore/ram initialization now checks empty przs start to prevent errors; patch resolves CVE-2023-53331.

iputils ping prior to 20250602 is vulnerable to a crafted ICMP Echo Reply that can cause application errors or incorrect data collection (DoS).

Makop (Phobos family) actors combine brute-force RDP, privilege escalation and anti-AV tools to compromise organizations, with RDP seen in the majority of incidents.

Attackers poison search results to promote a fake Microsoft Teams site and deliver ValleyRAT via a trojanised installer, active since November 2025.

Ivanti released updates for Endpoint Manager addressing one critical and three high-severity vulnerabilities that could enable code execution, file writes, or bypasses.

Hundreds of Porsche vehicles in Russia were rendered immobile when a satellite outage tripped vehicle immobilizers; manufacturer says cars are secure but owners were stranded.

Pay transparency regulations require security teams to disclose salaries, impacting recruitment, compliance and risk management for employers.

Sen. Wyden and Sen. Warner urged DHS and ODNI to publish a delayed 2022 report on telecom sector cyber vulnerabilities, citing national security risks.

Telemetry shows Lumma Stealer activity resurged week of Oct 20, 2025 with browser fingerprinting and stealthy C2 communications.

DoorDash reported a data breach in October; impacted customers and employees are being notified as investigation continues.

Attackers disguise DarkComet RAT as cryptocurrency tools to trick users into installing remote-access malware that steals credentials and funds.

ShinyHunters exfiltrated documents from a decommissioned third-party cloud storage system; Checkout.com refused ransom and impacts subset of merchants.

Coordinated law-enforcement action between Europol and Eurojust disrupted multiple malware families and an Elysium botnet in November 2025.

Check Point Research tracked 1,592 new victims across 85 extortion groups in Q3 2025, a 25% year-over-year increase despite takedowns.

Google will offer an 'advanced flow' to allow experienced users to install unverified apps without ADB, relaxing new sideloading restrictions.

Active exploitation of a FortiWeb WAF zero-day enables unauthenticated attackers to create admin accounts and access manager/WebSocket interfaces; PoCs seen in October 2025.

CVE-2025-13083 may deliver private files with Cache-Control: public leading to possible information disclosure via CDNs or caches; Drupal patches advised.

Survey shows organisations shifting to passwordless approachesSSO and passkeysto reduce weak-password risk and improve authentication resilience.

SA-CORE-2025-006 documents a Drupal gadget chain that could enable RCE if insecure deserialization is present; patch guidance issued.

CISA warns federal agencies to patch CVE-2025-20362 and CVE-2025-20333 in Cisco ASA and Firepower appliances due to active exploitation.

Drupal vulnerability (CVE-2025-13080) can cause cache poisoning by overriding request attributes; vendor patches published for supported versions.

Washington Post notifies almost 10,000 staff and contractors after Oracle E-Business Suite zero-day theft exposed personal and financial data.

A digital privacy group warns agencies collect excessive data and that AI-driven analysis risks generating false links and privacy harms.

Herodotus, a new Android banking trojan sold as Malware-as-a-Service, installs via sideloaded APKs, gains full device control and evades detection.

Congressional Budget Office confirmed a breach; investigators noted possible unpatched firewall as an initial weak point.

Nevada state ransomware incident traced to an employee downloading malware; the state refused the ransom and recovered most data.

Synacktiv shows AD Site objects and replication behaviours can be abused to escalate privileges and compromise entire domains.

SecurityWeek summarises multiple noteworthy stories including a controversial ransomware report, Gootloader activity and further AN0M-related arrests.

OpenText survey: mature AI adopters achieve better returns; secure, well-governed information is essential to reliable AI deployments.

Government advisory AV25-730 for Microsoft Edge posted; operators should consult vendor fixes and apply updates promptly.

Broadcom/Symantec reporting attributes a campaign using legacy vulnerabilities (Log4j, IIS) to maintain long-term persistence in U.S. targets.

Norton alerts consumers to early ticketing, sweepstakes and travel scams aimed at 2026 FIFA World Cup fans across the U.S., Canada and Mexico.

Researchers demonstrated a zero-click prompt-injection attack against a Copilot Studio customer-service agent that exfiltrated CRM data, highlighting AI-agent risks.

Hillstone Networks' StoneOS 5.5R12 introduces features (External Dynamic List, simplified ops) to reduce manual firewall updates and improve connectivity resilience.

Attackers embed invisible hyphens/characters into phishing lures to bypass detection and filter rules, per SANS Internet Storm Center analysis.

Government security advisory AV25-729 for Drupal published; administrators should consult details and apply vendor fixes or mitigations.

Zscaler/CybersecurityDive report an uptick in malware targeting IoT and mobile devices, particularly in manufacturing and energy sectors.

Researchers uncovered LANDFALL spyware exploiting a Samsung zero-day to target Samsung phones in the Middle East in a prolonged campaign; attribution remains unknown.

Android/BankBot-YNRK malware is targeting users in Indonesia, suppressing alerts and stealing funds from mobile crypto wallets while posing as legitimate apps.

Microsoft released KB5067036 to address the decades-old 'Update and Shut Down' restart issue in Windows 11 and included performance and update naming changes.

Nextgov warns that government 'readiness debt' is constraining AI adoption and calls for modernization to remove legacy obstacles.

Open Systems argues that improved asset visibility and compliance controls are now central to securing cyber-physical systems in operational technology environments.

OPM said it will extend job-finding timelines for CyberCorps students post-shutdown amid concerns about tuition liabilities and limited federal cyber openings.

DHS published a regulatory proposal to expand biometric collection for immigrants and drop age restrictions, and would require biometrics from some US citizens in certain cases.

Cyble reports a sharp rise in hacktivist attacks against industrial control systems and critical infrastructure in Q3, with more disruptive ICS-focused activity and named groups involved.

Peter Williams, a former Trenchant manager, is accused of stealing zero-day exploits from an air-gapped L3Harris network and selling eight exploits to a Russian zero-day broker, per court documents and TechCrunch reporting.

Hackers exploited the Balancer protocol on Nov 3, 2025, draining more than $100 million in cryptocurrency from protocol liquidity pools.

DarkWebInformer published 'Darknet Market Insights #2' with follow-up analysis on illicit market activity and indicators.

DarkWebInformer published 'Darknet Market Insights #1', an intelligence summary of illicit marketplace activity and trends.

Lumen extended Internet On-Demand coverage to over 10 million off-net US business locations, giving customers more ISP choice and greater connectivity resilience.

A BEC campaign named TruffleNet used stolen AWS credentials to send phishing via AWS SES and deploy payloads that led to the compromise of more than 800 hosts.

AWS, Nvidia and CrowdStrike opened applications for a security/AI startup accelerator giving mentorship and investor access; last year's winner later raised $65M.

Ukrainian Yuriy Rybtsov (aka MrICQ) was extradited from Italy to the United States to face cybercrime charges alleging his role developing the Jabber Zeus malware.

DOJ alleges some US ransomware negotiators worked with ALPHV/BlackCat to carry out ransomware intrusions, according to recent indictments.

Sen. Wyden and Rep. Krishnamoorthi request an FTC investigation into Flock Safety over concerns about protection of sensitive user accounts and the company's security practices.

Flashpoint outlines how Echosec combines full-spectrum data and AI-assisted analysis to build proactive, intelligence-led physical security programs for security leaders.

A working paper linking Generative AI to 80% of ransomware incidents drew strong criticism, conflict-of-interest concerns and was removed from public view.

SK Telecom reported a sharp operating profit drop after a large-scale cyberattack that exposed ~27 million customers' personal data and triggered sizable recovery and compensation costs.

Analysis shows cloud misconfigurations remain the leading cause of large data exposures, with enterprises risking tens of millions in losses.

IOC alert: ClickFix payloads delivered using a compromised Shopify template domain are being observed in the wild.

Project Zero details how Linux linear mapping non-randomization and Pixel's static kernel physical load address weaken KASLR protections on arm64 devices.

Malicious Open VSX extension 'juan-bianco.solidity-vlang' delivered a SleepyDuck RAT that uses Ethereum transactions to persist or locate its command server.

OpenAI agreed a large compute supply deal with Amazon to access hundreds of thousands of Nvidia GPUs for model training and inference.

Cloud misconfiguration at a large automotive company exposed 70+ TB of data, hard-coded keys and weak IAM controls.

Kaspersky documents 'Dante' spyware in Operation ForumTroll, linking the tooling to Memento Labs (rebranded Hacking Team) and a Chrome zero-day.

New research shows data poisoning of AI models is easier than previously thought and can lead to malicious outputs or planted backdoors.

Canadian government posted Ubiquiti security advisory AV25-721; administrators should consult the advisory and apply vendor fixes or mitigations.

Three former incident response employees were indicted for alleged involvement in BlackCat/ALPHV ransomware intrusions against multiple US companies in 2023.

Zscaler bought Splx to add further AI capabilities to its security product portfolio, following other AI-focused acquisitions.

Practical guidance offering ten tips to help defenders think like attackers and improve hunting, detection and prevention posture.

Microsoft DART uncovered 'SesameOp', a backdoor that uses the OpenAI Assistants API as a command-and-control channel to fetch commands and orchestrate malicious tasks.

Red Canary's CFP tracker lists upcoming security conferences and call-for-papers deadlines for November 2025.

Report finds AI can assist governance, threat detection and SOC automation though executives and technologists differ on priorities.

CISA and NSA released joint best-practice guidance to harden Microsoft Exchange servers against exploitation and improve detection.

Podcast explores OpenAI's stated desire to release erotic content on ChatGPT and the attendant safety, moderation and privacy concerns.

Government advisory AV25-720 for Microsoft Edge published; administrators and users should review vendor fixes and apply updates.

SecurityWeek guidance: development teams must combine governance, upskilling and code-review controls to deploy AI tools safely and ethically.

China Unicom Beijing and Huawei rolled out a high-uplink, AI-enabled 5G-A network to support connectivity and event services at the 2025 Beijing Marathon.

India's draft rules would force social platforms to tag AI-generated content prominently and embed metadata to counter deepfakes and misinformation.

Tata Motors remediated exposed AWS keys and backups in its E-Dukaan portal after a researcher reported admin keys, invoices and database backups that could expose customer and dealer data.

Study finds one-in-four employees use unapproved AI tools, creating privacy and security exposure; recommends inventory, policies and controls.

Microsoft warns attackers increasingly target obsolete Windows 10 systems and unmanaged devices; upgrading and patching urged to reduce ransomware risk.

App stores are flooded with ChatGPT lookalikes; many clones deliver adware or spyware, posing privacy and security risks to users.

An out-of-band WSUS update that fixed an actively exploited vulnerability caused Windows Server 2025 hotpatching to stop working on some devices.

Proofpoint finds threat actors compromise carriers, deploy RMM tools, post fake loads and bid to hijack and steal physical cargo, disrupting supply chains and causing multimillion-dollar losses.