It's been a busy 24 hours in the cyber world with updates on nation-state activity, actively exploited vulnerabilities, new AI-powered malware, and a reminder about data privacy and regulatory efforts. Let's dive in:
Nike Data Theft & Poland Power Grid Attack 🚨
- Extortion group WorldLeaks, believed to be a rebrand of Hunters International, claims to have stolen 1.4TB of internal Nike data, including design and manufacturing workflows. Nike is investigating the potential breach.
- Russia's GRU-linked Sandworm unit is suspected to be behind a December wiper malware attack (DynoWiper) on Poland's power grid, which aimed to disrupt communications between renewable energy installations. The attack was thwarted but described as the strongest in years.
- These incidents highlight the ongoing threat of data exfiltration for extortion and nation-state targeting of critical infrastructure, even if the attacks are unsuccessful.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/data_thieves_claim_nike_data_haul/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/moscow_likely_behind_wiper_attack/
🗞️ The Record | https://therecord.media/russia-eset-sandworm-poland-hack
Even Cybercriminals Have Security Lapses 🤦
- Cybersecurity researcher Jeremiah Fowler discovered over 149 million unique login/password combinations from infostealer and keylogging malware exposed online.
- The 96GB dataset contained credentials for social media, dating apps, streaming services, financial services, banking, credit cards, and even government accounts.
- This serves as a stark reminder that even threat actors can fail at basic security, but more importantly, it's a critical prompt for everyone to regularly reset passwords, especially if you've been a victim of infostealer malware.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
AI-Generated Malware and Malicious Extensions 🤖
- North Korean Konni hackers are using AI-generated PowerShell malware to target blockchain developers and engineering teams in Japan, Australia, and India, expanding their traditional scope.
- Two malicious Microsoft VS Code extensions, "ChatGPT - 中文版" (1.3M installs) and "ChatGPT - ChatMoss(CodeMoss)" (150K installs), were found exfiltrating every opened file and code modification to China-based servers.
- Separately, LayerX Research identified 16 malicious Chrome browser extensions for ChatGPT designed to steal account credentials and session tokens by monitoring outbound requests from chatgpt.com.
📰 The Hacker News | https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
🤫 CyberScoop | https://cyberscoop.com/chatgpt-browser-extensions-steal-your-data/
Critical Vulnerabilities Under Active Exploitation ⚠️
- CISA has flagged a critical VMware vCenter Server RCE flaw (CVE-2024-37079) as actively exploited, stemming from a heap overflow in the DCERPC protocol. Federal agencies have three weeks to patch.
- Microsoft released emergency out-of-band updates for an actively exploited high-severity Office zero-day (CVE-2026-21509), a security feature bypass affecting multiple Office versions. Mitigations are available for unpatched versions.
- Nearly 800,000 Telnet servers are exposed globally, with active exploitation of a critical authentication bypass (CVE-2026-24061) in GNU InetUtils telnetd server, allowing root access without authentication. Patch immediately or disable Telnet.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
Pwn2Own Automotive & npm Supply Chain Flaws 🛡️
- The Pwn2Own Automotive 2026 competition uncovered 76 unique zero-day vulnerabilities across Tesla infotainment, EV chargers, and Automotive Grade Linux, with over $1M paid out.
- Researchers found "PackageGate" vulnerabilities in JavaScript package managers (pnpm, vlt, Bun, npm) that bypass Shai-Hulud supply-chain defenses via Git dependencies, allowing script execution even with '--ignore-scripts'. NPM has not patched this, stating users are responsible for vetting packages.
- Google has patched a vulnerability in Gemini AI that could expose a user's calendar secrets through prompt injection in malicious calendar invitations, highlighting the need for new security considerations for LLMs.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
Winning Against AI-Based Attacks Requires a Combined Defensive Approach 💡
- The rise of offensive AI is transforming attack strategies, making them more sophisticated and harder to detect, with LLMs used to conceal code and generate malicious scripts.
- Legacy defences like EDR alone are proving insufficient against AI-fueled attacks, which can operate at higher speeds and scale, and often combine threats across identity, endpoint, cloud, and on-premises infrastructure.
- A combined defensive approach, integrating Network Detection and Response (NDR) with EDR, is crucial for detecting novel attack types, identifying behavioural anomalies, and gaining deeper insights from network data to respond quickly.
📰 The Hacker News | https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html
Privacy Breaches and State-Sponsored Spyware 🔒
- French privacy regulators fined an unnamed company €3.5M for sharing customer loyalty data (email addresses, phone numbers) with a social network for targeted advertising without explicit consent, affecting over 10.5 million Europeans.
- A London judge awarded a British critic of the Saudi regime over £3M ($4.1M) in damages, finding "compelling basis" that his iPhones were hacked by Pegasus spyware directed or authorised by Saudi Arabia.
- These incidents underscore the critical importance of informed consent for data sharing and the severe consequences of state-sponsored surveillance and privacy violations.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🗞️ The Record | https://therecord.media/london-judge-sides-with-saudi-critic-spyware-case/
Voluntary Rules for Commercial Hacking Tools ⚖️
- An international effort, the Pall Mall Process, is developing voluntary standards for the commercial cyber intrusion industry, focusing on responsible government use and procurement from ethical vendors.
- Key discussions include the scope of these rules (e.g., reconnaissance tools), incentives for vendor participation, and how to handle companies with a history of irresponsible behaviour.
- Bug bounty platform HackerOne has also published a new safe harbour document for AI security testing, aiming to provide clear, standardised authorisation for researchers and encourage good-faith AI vulnerability discovery.
🤫 CyberScoop | https://cyberscoop.com/industry-government-nonprofits-weigh-voluntary-rules-for-commercial-hacking-tools/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
Cloudflare BGP Route Leak 🌐
- Cloudflare experienced a 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, causing congestion, packet loss, and dropped traffic due to an accidental policy misconfiguration on a router.
- The incident, a mixture of Type 3 and Type 4 route leaks, occurred when an overly permissive export policy allowed internal IPv6 routes to be advertised externally from Miami.
- Cloudflare detected and reverted the configuration within 25 minutes and is implementing stricter community-based export safeguards, CI/CD checks, and promoting RPKI ASPA adoption to prevent future occurrences.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/
#CyberSecurity #ThreatIntelligence #APT #Ransomware #Malware #ZeroDay #Vulnerability #RCE #SupplyChainAttack #AI #DataPrivacy #IncidentResponse #NetworkSecurity #EndpointSecurity #BGP #InfoSec
