WOW, what an sophisticated Attack.
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf
#Fortinet
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
Cyber Policy Outlook 2026: cosa cambia per CISO e General Counsel: Il 2026 segnera’ un passaggio decisivo per la cybersecurity e la governance digitale. In Europa, nel Regno Unito e in Medio Oriente, i principali quadri normativi approvati...
#Cybersecurity #governancedigitale #Fortinet #AlessandroLiotta #CISO http://dlvr.it/TQlD8L
It's been a busy 24 hours in the cyber world with critical zero-day and n-day vulnerabilities under active exploitation, new threat actor tradecraft, a significant cyberattack on critical infrastructure, and important discussions around data privacy and AI's impact on security. Let's dive in:
Poland's Power Grid Hit by Coordinated Cyberattack ⚡
- A coordinated cyberattack in late December compromised control and communications systems at approximately 30 facilities linked to Poland's distributed energy generation.
- While the attack, attributed to Russia's Sandworm group, didn't cause power outages, it disabled key equipment beyond repair and prevented remote monitoring/control of systems.
- This incident highlights the growing targeting of distributed energy systems, which often have less cybersecurity investment than centralised infrastructure, by sophisticated adversaries.
🗞️ The Record | https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected
Mustang Panda Updates CoolClient Backdoor with Infostealers 🐼
- Chinese espionage group Mustang Panda has updated its CoolClient backdoor, now capable of stealing browser login data and monitoring clipboards.
- The new variant, observed targeting government entities in Myanmar, Mongolia, Malaysia, Russia, and Pakistan, was deployed via legitimate Sangfor software, a shift from previous DLL side-loading tactics.
- It features enhanced core functions, a new clipboard monitoring module, active window title tracking, HTTP proxy credential sniffing, and deploys infostealers using hardcoded API tokens for services like Google Drive to evade detection.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-mustang-panda-hackers-deploy-infostealers-via-coolclient-backdoor/
Fake Python Spellcheckers Deliver RATs on PyPI 🐍
- Two malicious packages, "spellcheckerpy" and "spellcheckpy," were found on PyPI, masquerading as legitimate spellcheckers but delivering a full-featured Python Remote Access Trojan (RAT).
- The payload was cleverly hidden within a Basque language dictionary file, base64-encoded, and triggered upon importing the "SpellChecker" module in versions 1.2.0 and later.
- The RAT downloads from a domain linked to Cloudzy, a hosting provider with a history of serving nation-state groups, and is suspected to be from the same actor behind a similar "spellcheckers" campaign in November 2025.
📰 The Hacker News | https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on-pypi-delivered-hidden-remote-access-trojan.html
'Bizarre Bazaar' Operation Hijacks Exposed LLM Endpoints 🤖
- A new cybercrime campaign, dubbed 'Bizarre Bazaar', is actively targeting exposed Large Language Model (LLM) service endpoints to commercialise unauthorised access to AI infrastructure.
- Attackers exploit misconfigurations like unauthenticated Ollama endpoints (port 11434) and OpenAI-compatible APIs (port 8000) within hours of them appearing on Shodan/Censys.
- This operation involves a criminal supply chain for resource theft (crypto mining), reselling API access on darknet markets, data exfiltration from prompts, and lateral movement into internal systems via Model Context Protocol (MCP) servers.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/
Fortinet FortiCloud SSO Zero-Day Under Active Exploitation (CVE-2026-24858) ⚠️
- Fortinet has confirmed a new, actively exploited critical FortiCloud SSO authentication bypass vulnerability (CVE-2026-24858, CVSS 9.4) affecting FortiOS, FortiManager, and FortiAnalyzer.
- Attackers are using FortiCloud accounts and registered devices to log into other customers' devices via FortiCloud SSO, creating rogue admin accounts (e.g., cloud-init@mail.io) and exfiltrating configurations.
- Fortinet has implemented server-side mitigations by blocking SSO connections from vulnerable firmware versions, and patches are currently in development. Admins should still consider disabling FortiCloud SSO if not strictly necessary and review logs for compromise indicators.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/
📰 The Hacker News | https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/fortinet_forticloud_vuln/
WinRAR Path Traversal Flaw (CVE-2025-8088) Widely Exploited 🎯
- A six-month-old, high-severity WinRAR path traversal vulnerability (CVE-2025-8088, CVSS 8.8) is under widespread active exploitation by both nation-state actors (Russia, China) and financially motivated cybercriminals.
- The exploit method involves crafting malicious RAR archives that, when opened, silently drop a malicious payload into critical system locations like the Windows Startup folder, often using decoy files and Alternate Data Streams (ADS).
- Google Threat Intelligence Group (GTIG) reports that Russian groups like RomCom, Sandworm, Gamaredon, and Turla are targeting Ukrainian military and government entities, while cybercriminals deploy commodity RATs and infostealers globally. Patching WinRAR to version 7.13 or later is crucial.
🤫 CyberScoop | https://cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/
📰 The Hacker News | https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/winrar_bug_under_attack/
Critical RCE and Sandbox Escape Flaws in Node.js vm2 and n8n 💻
- A critical sandbox escape vulnerability (CVE-2026-22709, CVSS 9.8) in the Node.js vm2 library allows attackers to run arbitrary code outside the sandboxed environment due to improper Promise handler sanitisation. Update to vm2 version 3.10.3 immediately.
- The n8n workflow automation platform is also affected by two critical vulnerabilities: CVE-2026-1470 (JavaScript AST sandbox escape) and CVE-2026-0863 (Python AST sandbox escape), both leading to full RCE on the main n8n node, even for authenticated non-admin users.
- These flaws highlight the inherent difficulty in safely sandboxing dynamic languages like JavaScript and Python; self-hosted n8n instances should update to versions 1.123.17, 2.4.5, 2.5.1 (for CVE-2026-1470) and 1.123.14, 2.3.5, 2.4.2 (for CVE-2026-0863) respectively.
📰 The Hacker News | https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox-escape-and-arbitrary-code-execution.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
SolarWinds Web Help Desk Plagued by Critical RCE and Auth Bypass Flaws 🛠️
- SolarWinds has released patches for multiple critical vulnerabilities in its Web Help Desk (WHD) software, including authentication bypass flaws (CVE-2025-40552, CVE-2025-40554) and remote code execution (RCE) bugs (CVE-2025-40553, CVE-2025-40551).
- These RCE flaws, stemming from untrusted data deserialisation, can be exploited by unauthenticated attackers to run commands on vulnerable hosts, while authentication bypasses allow remote unauthenticated access.
- Given WHD's widespread use in critical sectors and a history of its vulnerabilities being actively exploited, admins should upgrade to Web Help Desk 2026.1 without delay.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
AI's Impact on Zero-Trust and Data Accuracy 🤖
- Gartner predicts that by 2028, 50% of organisations will adopt a zero-trust data governance posture due to the rise of "unverified AI-generated data," leading to "model collapse" where LLMs degrade by training on their own erroneous outputs.
- This degradation can lead to confident-yet-plausible errors in critical tasks like code reviews and security triaging, eroding guardrails and creating prompt injection opportunities.
- To combat this, organisations need to identify and tag AI-generated data, establish active metadata practices, and filter out synthetic or toxic data from training inputs, treating human-generated data as the "gold standard."
🌑 Dark Reading | https://www.darkreading.com/application-security/ai-death-accuracy-zero-trust
Latin America Becomes Riskiest Region for Cyberattacks 📈
- Latin America and the Caribbean now lead globally in cyberattack frequency, experiencing an average of 3,065 attacks per week last year, a 26% year-over-year increase.
- Attacks are driven by a shift towards data-leak extortion, credential-stealing campaigns, exploitation of edge devices, and increased use of AI by attackers, with ransomware activity expected to accelerate further.
- The region's rapid digitalisation, valuable yet vulnerable industries, and increased interest from major cyber powers (including China-linked espionage) contribute to its elevated risk profile, urging improved ransomware resilience and GenAI governance.
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
Moltbot AI Assistant Raises Data Security Concerns 🧠
- The viral open-source Moltbot (formerly Clawdbot) AI assistant, popular for local hosting and deep system integration, is raising significant data security concerns due to insecure enterprise deployments.
- Careless configurations, especially behind reverse proxies, often lead to exposed admin interfaces allowing unauthenticated access, credential theft, conversation history leaks, and even root-level command execution.
- Security researchers warn that info-stealing malware will likely adapt to target Moltbot's local storage, stressing the importance of isolating AI instances in virtual machines with strict firewall rules rather than running them directly on host OS with broad permissions.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/viral-moltbot-ai-assistant-raises-concerns-over-data-security/
WhatsApp Rolls Out 'Strict Account Settings' for High-Risk Users 🔒
- Meta's WhatsApp is introducing "Strict Account Settings," a new one-click lockdown mode designed to provide extreme safeguards for high-risk individuals like journalists and public figures against sophisticated cyberattacks, including spyware.
- This feature, found under Settings > Privacy > Advanced, automatically enables two-step verification, blocks media from unknown senders, silences calls from unknown numbers, turns off link previews, and restricts access to profile information.
- The move comes as WhatsApp also transitions to the Rust programming language for media processing to boost security, following past incidents of zero-day exploits and spyware attacks targeting its users.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/whatsapp_strict_account_settings_meta_rust/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/whatsapp-gets-new-lockdown-feature-that-blocks-cyberattacks/
FBI Seizes RAMP Cybercrime Forum 🚨
- The FBI has seized the RAMP cybercrime forum, a notorious platform known for openly allowing the promotion of ransomware operations and advertising various malware and hacking services.
- Both the forum's Tor site and clearnet domain (ramp4u.io) now display an FBI seizure notice, indicating law enforcement has likely gained access to significant user data, including emails, IP addresses, and private messages.
- RAMP was launched in July 2021 by "Orange" (later identified as Mikhail Matveev, indicted by the U.S. DOJ for ransomware involvement) after other major Russian-speaking forums banned ransomware promotion, becoming a hub for gangs to recruit affiliates and sell network access.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #ActiveExploitation #WinRAR #Fortinet #NodeJS #SolarWinds #ThreatActors #MustangPanda #Malware #RAT #LLMjacking #AI #DataPrivacy #Regulatory #Darknet #Cybercrime #IncidentResponse
Who feels like too much of the Cyber operating model is luck?
#Fortinet Confirms New #zeroday Behind Malicious SSO Logins. To stop the ongoing attacks, the #cybersecurity vendor took the drastic step of temporarily disabling #FortiCloud single sign-on (#SSO) authentication for all devices.
https://www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
Fortinet schließt kritische Sicherheitslücke CVE-2026-24858 nach aktiver Ausnutzung
Eine neu entdeckte Schwachstelle in der FortiCloud-Infrastruktur hat Angreifern den Zugang zu Firewall-Systemen verschiedener Organisationen ermöglicht. Fortinet reagierte mit der vorübergehenden Abschaltung der Single-Sign-On-Funktionalität und veröffentlichte Handlungsempfehlungen für betroffene Nutzer.
#Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
Another #Fortinet critical security hole, so it must be a day that ends in "Y".
#Fortinet blocks exploited #FortiCloud #SSO zero day until patch is ready
#Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)
https://securityaffairs.com/187426/security/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html
#securityaffairs #hacking
Fortinet confirms active exploitation of FortiCloud SSO auth bypass (CVE-2026-24858, CVSS 9.4).
Cross-customer access via trusted SSO paths observed.
SSO now blocked for vulnerable versions - patching required.
Fortinet coupe le SSO en attendant les patchs pour la nouvelle faille zero-day : CVE-2026-24858 https://www.it-connect.fr/fortinet-coupe-le-sso-en-attendant-les-patchs-pour-la-nouvelle-faille-zero-day-cve-2026-24858/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS ...
Aww, sheet. More #fortinet shenanigans.
https://fortiguard.fortinet.com/psirt/FG-IR-26-060
"...may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices."
https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
"However, in the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path."
#Fortinet confirms critical #FortiCloud auth bypass not fully patched
📰 Warning: Fully Patched FortiGate Firewalls Are Being Compromised via New SSO Bypass
CRITICAL: Fully patched FortiGate firewalls are being compromised via a new SAML SSO bypass. 🚨 Attackers are gaining admin access, creating persistence, and stealing configs. Disable SSO on management interfaces now! #Fortinet #FortiGate #CyberAttack
#opnsense migration: Complete.
The preparation legwork made lots of things easier, but even once swapped I realized I had about 5% of it wrong.
I also still had a #virtualip in the config from the first hour of having it running when I was trying to migrate away from my VIPs in a #fortigate, which are a TOTALLY different thing.
NAT Reflection eluded me for a good hour, but all the VLANs behave, #kea DHCP seems to be all up and running and #ntopNG is much nicer than some of the built in systems of #fortinet.
#IDS feels innately trickier than before but pros and cons.
It's been a busy 24 hours in the cyber world with significant updates on actively exploited vulnerabilities, evolving social engineering tactics, and some notable cyberattacks. Let's dive in:
London Boroughs Still Recovering Months After Cyberattack 🏙️
- Hammersmith & Fulham Council is slowly restoring services, two months after a cyberattack affected multiple London boroughs. Online payments have resumed, but some account balances may not be current.
- Westminster City Council and Kensington & Chelsea also remain impacted, with the latter confirming criminal intent and data compromise, and warning that full system restoration could take months.
- This incident highlights the ongoing threat to local authorities, with the NCSC recently warning about pro-Russia hacktivist attacks causing costly disruption to such targets.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/23/landmark_milestone_as_hammersmith_fulham/
Dresden Museum Network Hit by Cyberattack 🖼️
- Germany's Dresden State Art Collections (SKD), one of Europe's oldest museum networks, has suffered a targeted cyberattack that disrupted significant parts of its digital infrastructure.
- The attack, discovered on Wednesday, has limited digital and phone services, with online ticket sales and the museum shop unavailable, and on-site payments restricted to cash.
- While security systems protecting the collections remain intact, the incident underscores a growing trend of cultural institutions becoming targets for cybercriminals, as seen with recent attacks on national art museums and libraries.
🗞️ The Record | https://therecord.media/dresden-state-art-collections-cyberattack
ATM Jackpotting Ring Busted in US 💰
- Two Venezuelan nationals have been convicted and will be deported for an ATM jackpotting scheme that stole hundreds of thousands of dollars from US banks across several states.
- The attackers connected laptops to older ATM models and installed Ploutus malware to bypass security protocols, forcing machines to dispense all available cash directly from the banks.
- This operation is linked to a larger conspiracy, with Nebraska authorities indicting 54 individuals, including alleged leaders of the Venezuelan Tren de Aragua gang, for similar multi-million dollar thefts.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-to-deport-venezuelans-who-emptied-bank-atms-using-malware/
Vishing and AitM Phishing Attacks on the Rise 🎣
- Okta has warned about custom vishing (voice phishing) kits, sold as a service, actively targeting Okta, Google, and Microsoft SSO accounts, as well as cryptocurrency platforms.
- These kits feature adversary-in-the-middle (AitM) capabilities, allowing attackers to manipulate phishing page content in real-time during a call, effectively bypassing push-based MFA, including number matching.
- Microsoft also reported a multi-stage AitM phishing and BEC campaign targeting energy firms, abusing SharePoint for phishing payloads and creating inbox rules for persistence and evasion. Post-compromise, attackers leverage stolen session cookies and internal identities for large-scale intra-organizational and external phishing.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/okta-sso-accounts-targeted-in-vishing-based-data-theft-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/22/crims_sell_voice_phishing_kits/
🚨 The Hacker News | https://thehackernews.com/2026/01/microsoft-flags-multi-stage-aitm.html
RMM Tools Weaponised for Persistent Access 🛠️
- A new dual-vector campaign is leveraging stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software, specifically LogMeIn Resolve, for persistent remote access.
- The attack starts with fake Greenvelope invitation emails to harvest Microsoft Outlook, Yahoo!, or AOL.com login details. These stolen credentials are then used to register with LogMeIn and generate RMM access tokens.
- A malicious executable, "GreenVelopeCard.exe," signed with a valid certificate, silently installs LogMeIn Resolve, alters its service settings for unrestricted access, and creates hidden scheduled tasks to maintain persistence.
🚨 The Hacker News | https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html
Malicious AI Extensions Steal Developer Data 💻
- Two malicious extensions in Microsoft's Visual Studio Code (VSCode) Marketplace, "ChatGPT – 中文版" (1.34M installs) and "ChatMoss (CodeMoss)" (150k installs), are exfiltrating developer data to China-based servers.
- Part of a campaign dubbed 'MaliciousCorgi,' these extensions, while providing advertised AI coding assistance, covertly monitor and transmit the entire contents of opened files, including changes, encoded in Base64.
- They also perform server-controlled harvesting of up to 50 files from a victim's workspace and use commercial analytics SDKs (Zhuge.io, GrowingIO, TalkingData, Baidu Analytics) for user profiling and device fingerprinting, exposing sensitive source code, configuration files, and credentials.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/malicious-ai-extensions-on-vscode-marketplace-steal-developer-data/
Fortinet FortiGate SSO Flaw Still Exploitable ⚠️
- Fortinet has confirmed that a critical FortiCloud SSO authentication bypass vulnerability (CVE-2025-59718), supposedly patched in December, is still being actively exploited via a new attack path.
- Threat actors are compromising fully patched FortiGate firewalls, creating generic accounts with VPN access, and exfiltrating firewall configurations within seconds, indicating automated activity.
- Fortinet advises customers to restrict administrative access to management interfaces, disable the FortiCloud SSO feature, and rotate all credentials if any indicators of compromise are detected, as the issue applies to all SAML SSO implementations.
👁️ Dark Reading | https://www.darkreading.com/cloud-security/fortinet-firewalls-malicious-configuration-changes
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/23/fortinet_fortigate_patch/
Pwn2Own Automotive Uncovers 76 Zero-Days 🚗
- The Pwn2Own Automotive 2026 competition concluded with security researchers earning over $1 million for exploiting 76 zero-day vulnerabilities in automotive technologies.
- Targets included in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems like Automotive Grade Linux.
- Vendors have 90 days to patch these newly disclosed flaws before TrendMicro's Zero Day Initiative publicly releases the details.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-get-1-047-000-for-76-zero-days-at-pwn2own-automotive-2026/
CISA Adds Four Actively Exploited Bugs to KEV 🚨
- CISA has updated its Known Exploited Vulnerabilities (KEV) catalog with four actively exploited flaws impacting enterprise software. Federal Civilian Executive Branch (FCEB) agencies must patch these by February 12, 2026.
- The vulnerabilities include a PHP remote file inclusion in Synacor Zimbra Collaboration Suite (CVE-2025-68645), an authentication bypass in Versa Concerto SD-WAN (CVE-2025-34026), and an improper access control flaw in Vite Vitejs (CVE-2025-31125).
- Also added is CVE-2025-54313, an embedded malicious code vulnerability in `eslint-config-prettier`, stemming from a supply chain attack that hijacked several npm packages to deliver an information stealer.
🚨 The Hacker News | https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-confirms-active-exploitation-of-four-enterprise-software-bugs/
Critical Telnetd Auth Bypass Exploited for Root Access 🔓
- A coordinated campaign is exploiting CVE-2026-24061, an 11-year-old critical authentication bypass vulnerability in the GNU InetUtils telnetd server.
- The flaw allows attackers to gain root access by leveraging unsanitized environment variable handling, specifically by setting the USER variable to "-f root" when connecting via telnet.
- While Telnet is a legacy component, its prevalence in industrial, legacy, and embedded devices (IoT/OT) makes this easily exploitable bug a concern, with GreyNoise observing automated and some "human-at-keyboard" exploitation attempts.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root/
Chinese Electric Buses Raise National Security Concerns 🚌
- Australia's government is reviewing whether Chinese-made Yutong electric buses, currently in use in major cities, pose a national security risk due to potential remote control capabilities.
- Research from Oslo's public transport authority found that Yutong maintains an over-the-air (OTA) connection, allowing the manufacturer remote access to the Controller Area Network (CAN) bus, which controls driving systems.
- While no "kill switch" or invasive data collection was explicitly found, the inherent risks of connected IoT devices, coupled with China's national intelligence laws, raise concerns about data exfiltration, surveillance, or broader fleet compromise.
👁️ Dark Reading | https://www.darkreading.com/cyber-risk/chinese-electric-buses-aussie-govt
AI-Powered Cyberattack Kits on the Horizon 🤖
- Google's VP of Security Engineering, Heather Adkins, warns CISOs to prepare for a "really different world" where cybercriminals will reliably automate cyberattacks at scale using AI.
- While currently used for small tasks like phishing copy and C2 development, it's "just a matter of time" before full, end-to-end AI toolkits emerge, potentially leading to a "Metasploit moment" for AI-driven threats.
- This shift could mean attackers gain a significant first-mover advantage, forcing defenders to redefine success not by preventing breaches, but by limiting dwell time and damage, potentially through real-time, AI-enabled defensive disruptions.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/23/ai_cyberattack_google_security/
Microsoft Provided BitLocker Keys to FBI 🔒
- Microsoft reportedly provided the FBI with BitLocker encryption keys to unlock laptops of Windows users charged in a fraud indictment, marking the first publicly known instance of such disclosure.
- By default, Microsoft "typically" backs up BitLocker recovery keys to its servers when the service is set up with an active Microsoft account, giving Redmond access to these keys.
- This highlights a trade-off between data recoverability and privacy, as users who choose to store keys with Microsoft relinquish total control over access to their encrypted data, a stark contrast to Apple's Advanced Data Protection where Apple holds fewer keys.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/
Ireland to Legalise Law Enforcement Spyware 🇮🇪
- The Irish government plans to draft legislation to legalise the use of spyware by law enforcement to combat serious crime and security threats.
- The proposed bill would require court authorisation for interception requests and include provisions for electronic scanning equipment to track mobile device identifier data.
- This move aims to strengthen "lawful interception powers" and create a legal basis for "covert surveillance software," with robust safeguards promised to ensure necessity and proportionality.
🗞️ The Record | https://therecord.media/ireland-plans-law-enforcement-spyware
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ActiveExploitation #ZeroDay #Phishing #Vishing #AitM #SocialEngineering #Malware #RMM #SupplyChain #DataPrivacy #Fortinet #CISA #KEV #IoT #AI #NationalSecurity #Geopolitics #InfoSec #CyberAttack #IncidentResponse
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst