News – January 2026


  • North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities

    January 8, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to alert NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea of evolving tactics employed by the North Korean state-sponsored cyber threat group Kimsuky and to provide mitigation recommendations. As of 2025, Kimsuky actors have targeted think tanks, academic institutions, ...

  • Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit

    January 8, 2026

    Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information – and warned that a public, proof-of-concept exploit for the flaw exists online. ISE is Cisco’s network access control and security policy platform, and companies use it to ...

  • Internet collapses in Iran amid protests over economic crisis

    January 8, 2026

    Internet connectivity collapsed across Iran on Thursday amid nationwide protests, according to web monitoring firms. “I think we’re at a near-total disconnection from the outside world now,” Amir Rashidi, an Iranian cybersecurity researcher who works for the nonprofit Miaan Group, told TechCrunch. Doug Madory, the director of internet analysis at Kentik, a company that monitors internet ...

  • CISA warns of active attacks on HPE OneView and legacy PowerPoint

    January 8, 2026

    The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of vulnerabilities that are known to be exploited in the wild, along with deadlines for when they ...

  • Illinois health department exposed over 700,000 residents’ personal data for years

    January 8, 2026

    The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents. The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the ...

  • Fake WinRAR downloads hide malware behind a real installer

    January 8, 2026

    A member of Malwarebytes Labs web research team pointed the author to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new campaign. So, the author downloaded the file and started an analysis, which turned out to be something of ...

  • One million customers on alert as extortion group claims massive Brightspeed data haul

    January 7, 2026

    US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information (PII), as well as account and billing details. Brightspeed is one of the largest fiber broadband providers in the US and serves customers across ...

  • UK unveiled new cyber action plan to tackle threats and strengthen public services

    January 6, 2026

    New measures will be introduced to make online public services more secure and resilient, so people can use them with confidence – whether applying for benefits, paying taxes or accessing healthcare. Backed by over £210 million, the Government Cyber Action Plan published today (Tuesday 6 January) sets out how government will rise to meet the growing ...

  • Hackers use ‘Blue Screen of Death’ malware to target victims

    January 6, 2026

    Russian cybercriminals are trying to deploy backdoors and infostealers on people’s computers through a new ClickFix campaign – but this one comes with a sinister twist. ClickFix attacks are usually centered around pop-ups – the victim gets an error message, and at the same time is offered a fix. That fix, be it to run a ...

  • Hacktivist deletes white supremacist websites live onstage during hacker conference

    January 5, 2026

    A hacktivist remotely wiped three white supremacist websites live onstage during their talk at a hacker conference last week, with the sites yet to return online. The pseudonymous hacker, who goes by Martha Root — dressed as Pink Ranger from the Power Rangers — deleted the servers of WhiteDate, WhiteChild, and WhiteDeal in real time ...