Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
#HackerNews #SupplyChainVulnerability #AWS #GitHub #Repos #AWSConsole #CyberSecurity #CloudSecurity
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 25 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 10
• 🟡 Medium: 12
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
🚨 New LOW CVE detected in AWS Lambda 🚨
GHSA-73rr-hh4g-fpgx impacts diff in 4 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/378
More: https://lambdawatchdog.com/
🚨 New LOW CVE detected in AWS Lambda 🚨
GHSA-73rr-hh4g-fpgx impacts diff in 4 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/378
More: https://lambdawatchdog.com/
🚨 New LOW CVE detected in AWS Lambda 🚨
GHSA-73rr-hh4g-fpgx impacts diff in 4 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/378
More: https://lambdawatchdog.com/
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 25 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 10
• 🟡 Medium: 12
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 25 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 10
• 🟡 Medium: 12
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
🏆 BSI C5 certification for mailbox confirms full compliance with BSI criteria for cloud security!
mailbox has been awarded the C5 Type 1 certification by the German Federal Office for Information Security (BSI). The BSI C5 certification complements mailbox's ISO/IEC 27001 certification.
Learn more about our cloud security standards: https://mailbox.org/en/news/bsi-c5-certification-mailbox-full-compliance-bsi-criteria-cloud-security-confirmed/
#BSI #C5Certification #ISO27001 #CloudSecurity #InformationSecurity #DataSecurity #mailbox
Level up your hacking knowledge and defensive skills with today’s cyber playlist. 🚀 https://www.youtube.com/playlist?list=PLXqx05yil_mfn-24rUx_cM5nwixkt3c_K
#CyberSecurity #ZeroTrust #Hacking #CloudSecurity #CyberDefense
It's been a busy 24 hours in the cyber world with a flurry of significant data breaches, critical vulnerabilities (including an actively exploited zero-day), and some fascinating new threat intelligence on malware and attack techniques. Let's dive in:
Recent Cyber Attacks and Breaches 🚨
- Multiple organisations have reported data breaches, affecting millions of individuals. Monroe University disclosed a 2024 breach impacting over 320,000 people, exposing personal, financial, and health data. Spanish energy giant Endesa is investigating claims of a 1.05 TB data theft affecting 20 million customers.
- Australia's Victorian Department of Education reset student passwords after an attack exposed names, school details, and encrypted passwords, while cloud marketplace Pax8 accidentally exposed internal business and Microsoft licensing data for 1,800 MSP partners.
- Eurail confirmed a breach exposing passport numbers, bank details, and even photocopies of IDs for some DiscoverEU travellers. In Belgium, AZ Monica hospitals were hit by a cyberattack, forcing surgery cancellations and the transfer of critical patients, likely due to ransomware. Poland also thwarted a major cyberattack on its power grid, attributing it to Russia.
- Ukraine's Defense Forces were targeted in a charity-themed campaign by the Russian 'Void Blizzard' (aka 'Laundry Bear') group, delivering the PluggyApe backdoor via malicious PIF files in instant messages.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/monroe-university-says-2024-data-breach-affects-320-000-people/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/endesa_breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/victorian-department-of-education-notifies-parents-of-data-breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/eurail_breach/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/belgium_hospital_cyberattack/
🗞️ The Record | https://therecord.media/belgium-hospital-cyberattack-antwerp-az-monica
🗞️ The Record | https://therecord.media/poland-cyberattack-grid-russia
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ukraines-army-targeted-in-new-charity-themed-malware-campaign/
New Threat Research and Tradecraft 🛡️
- North Korea's IT worker scheme and cryptocurrency heists continue to fund its weapons program, impacting over 40 countries. The U.S. urged UN member states to take tougher action, highlighting the sophisticated identity theft and remote work fraud used by these actors.
- A new, advanced cloud-native Linux malware framework, VoidLink, has been discovered. Written in Zig, Go, and C, it features custom loaders, implants, rootkits, and over 30 plugins designed for modern cloud environments (Kubernetes, Docker, AWS, GCP, Azure), with sophisticated anti-analysis and anti-forensics capabilities.
- Researchers identified a "Reprompt" attack method that could hijack Microsoft Copilot sessions, allowing attackers to exfiltrate sensitive data via hidden malicious prompts in URLs. This leverages parameter-to-prompt injection, double-request, and chain-request techniques to bypass safeguards.
- The DeadLock ransomware gang is using Polygon smart contracts to hide their command-and-control (C2) infrastructure, making it difficult for defenders to block their operations. This novel technique allows for frequent rotation of proxy server URLs, a method also observed with North Korean state-sponsored attackers.
- Microsoft, in collaboration with international law enforcement, disrupted RedVDS, a fast-growing cybercrime-as-a-service marketplace. RedVDS facilitated over $40 million in fraud, providing cybercriminals with disposable virtual computers for phishing, business email compromise, and real estate scams.
- Predator spyware operators are using sophisticated anti-analysis techniques, including an error code system (e.g., "error code 304" for security tools detected) to diagnose failed infections and evade researchers. It also suppresses crash logs and can detect network monitoring by privacy-conscious users.
- The Kimwolf botnet, a splinter of the Aisuru DDoS botnet, has rapidly grown to over 2 million infected unofficial Android TV devices. Its operators abuse residential proxy networks for local control, primarily targeting Minecraft servers with short, high-volume DDoS attacks.
🗞️ The Record | https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-voidlink-malware-framework-targets-linux-cloud-servers/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/voidlink_linux_malware/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/deadlock_ransomware_smart_contracts/
🤫 CyberScoop | https://cyberscoop.com/microsoft-seizes-disrupts-redvds-cybercrime-marketplace/
🗞️ The Record | https://therecord.media/microsoft-redvds-cybercrime-scam
🤫 CyberScoop | https://cyberscoop.com/predator-spyware-demonstrates-troubleshooting-researcher-dodging-capabilities/
🤫 CyberScoop | https://cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/
Vulnerabilities and Exploitation ⚠️
- Microsoft's January Patch Tuesday addressed 112 vulnerabilities, including one actively exploited information disclosure zero-day (CVE-2026-20805) in Desktop Window Manager. This medium-severity flaw (CVSS 5.5) can leak memory addresses, potentially aiding privilege escalation or arbitrary code execution, and CISA has added it to its Known Exploited Vulnerabilities catalog.
- Vulnerabilities in popular AI/ML Python libraries (NeMo, Uni2TS, FlexTok) used in Hugging Face models allow remote attackers to hide and execute malicious code in metadata. These RCE flaws, tracked by CVEs, stem from improper use of Hydra's instantiate() function, affecting models with millions of downloads.
- A "most severe AI-driven vulnerability to date" in ServiceNow's Virtual Agent chatbot allowed arbitrary attackers to gain full platform control. Authentication issues (universal credential, email-only user impersonation) combined with agentic AI capabilities enabled admin account creation and lateral movement to connected systems.
- A critical Node.js vulnerability (CVE-2025-59466, CVSS 7.5) can cause server crashes via async_hooks stack overflow, leading to denial-of-service. This impacts numerous frameworks and APM tools like React Server Components, Next.js, and Datadog, as Node.js exits instead of gracefully handling the exception.
- Exploit code has been publicly released for a critical FortiSIEM command injection flaw (CVE-2025-25256), allowing unauthenticated remote attackers to execute commands or code. The vulnerability, a combination of arbitrary write with admin permissions and privilege escalation to root, affects versions 6.7 to 7.5.
🤫 CyberScoop | https://cyberscoop.com/microsoft-patch-tuesday-january-2026/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/patch_tuesday_january_2026/
🗞️ The Record | https://therecord.media/desktop-windows-manager-vulnerability-added-to-cisa-list
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/ai_python_library_bugs_allow/
🚨 Dark Reading | https://www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
📰 The Hacker News | https://thehackernews.com/2026/01/critical-nodejs-vulnerability-can-cause.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/exploit-code-shared-for-critical-fortisiem-command-injection-flaw/
Threat Landscape Commentary 🌍
- Taiwan is experiencing a significant increase in cyber pressure from China, with an average of 2.63 million attacks daily in 2025, a 6% rise from the previous year. Energy infrastructure saw a tenfold increase, and emergency/hospital systems a 54% jump, indicating a deliberate attempt to disrupt critical infrastructure during both peacetime and potential conflict.
- Western cyber agencies, including the NCSC, CISA, and FBI, have issued new guidance warning about growing digital threats to industrial operational technology (OT). With OT systems increasingly connected, they present a larger attack surface for ransomware gangs and state-backed hackers, necessitating strong authentication, network segmentation, and minimised remote access.
🚨 Dark Reading | https://www.darkreading.com/cyber-risk/taiwan-sees-greater-cyber-pressure-from-china
🗞️ The Record | https://therecord.media/cyber-agencies-warn-of-industrial-system-threats
Data Privacy 🔒
- California's Attorney General has launched an investigation into xAI's Grok AI tool over allegations it's being used to create nonconsensual sexually explicit deepfakes of women and children. This follows similar probes by the UK's Ofcom and the Paris Prosecutor's Office, highlighting growing regulatory concern over AI-generated content.
- The California Privacy Protection Agency (CPPA) Board has appointed Nicole Ozer, a privacy and surveillance expert and former ACLU leader, as a new member. This appointment is expected to significantly influence the agency's data privacy policy decisions.
🗞️ The Record | https://therecord.media/california-grok-deepfakes-investigation
🤫 CyberScoop | https://cyberscoop.com/california-ag-investigates-xai-grok-nonconsensual-deepfakes-defiance-act/
🗞️ The Record | https://therecord.media/ccpa-appoints-new-board-member
Regulatory Issues and Changes ⚖️
- France's data protection regulator, CNIL, has fined telecom companies Free and Free Mobile a collective €42 million ($48.9 million) for GDPR violations stemming from an October 2024 data breach that compromised over 24 million customer records, including IBANs. The fines were due to inadequate security measures (weak VPN authentication, ineffective detection), insufficient breach notification, and excessive data retention.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/france_fines_free_free_mobile/
🗞️ The Record | https://therecord.media/france-data-regulator-fine
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/france-fines-free-mobile-42-million-over-2024-data-breach-incident/
Government Staffing and Program Changes 🏛️
- Alex Fitzsimmons, acting director of the Department of Energy’s Office of Cybersecurity, Energy and Emergency Response (CESER), endorsed new cybersecurity bills for the energy sector and highlighted a new AI-driven cyber defence program, AI-FORTS. This comes amidst Democratic concerns over thousands of job cuts at the Department of Energy impacting cybersecurity and reliability.
- Sean Plankey has been re-nominated by President Trump to lead the Cybersecurity and Infrastructure Security Agency (CISA). His previous nomination stalled in the Senate last year due to holds from Senators over unrelated issues.
🤫 CyberScoop | https://cyberscoop.com/ceser-chief-touts-ai-projects-congressional-dems-point-to-cuts/
🤫 CyberScoop | https://cyberscoop.com/sean-plankey-re-nominated-to-lead-cisa/
Everything Else 💡
- Anthropic, an AI upstart, has invested $1.5 million in the Python Software Foundation (PSF) to enhance security in the Python ecosystem, specifically CPython and the Python Package Index (PyPI). This aims to protect millions of PyPI users from supply-chain attacks and could benefit other open-source package repositories.
- Microsoft has resolved a known issue where security applications were incorrectly flagging a core Windows component, WinSqlite3.dll, as vulnerable to a memory corruption flaw (CVE-2025-6965). The update addresses these false positive detections across various Windows client and server platforms.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/14/anthropic_python_security/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dll-that-triggered-security-alerts/
#CyberSecurity #ThreatIntelligence #DataBreach #Ransomware #Vulnerability #ZeroDay #APT #Malware #AI #CloudSecurity #OTSecurity #GDPR #InfoSec #PatchTuesday #IncidentResponse
📢⚠️ New China linked VoidLink Linux malware targets major cloud providers like AWS, Azure and Google Cloud to steal data and evade detection.
Read: https://hackread.com/china-voidlink-linux-malware-cloud-providers/
VoidLink is a new cloud-native Linux malware framework with 30+ plugins, adaptive cloud detection, and stealth-focused evasion targeting AWS, Azure, and GCP.
Thoughts on defending cloud Linux workloads?
🚨 New HIGH CVE detected in AWS Lambda 🚨
GHSA-58pv-8j8x-9vj2 impacts jaraco.context in 2 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/377
More: https://lambdawatchdog.com/
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 24 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 8
• 🟡 Medium: 13
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
🚨 New HIGH CVE detected in AWS Lambda 🚨
GHSA-58pv-8j8x-9vj2 impacts jaraco.context in 2 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/377
More: https://lambdawatchdog.com/
🚨 New HIGH CVE detected in AWS Lambda 🚨
GHSA-58pv-8j8x-9vj2 impacts jaraco.context in 2 Lambda base images.
Details: https://github.com/aws/aws-lambda-base-images/issues/377
More: https://lambdawatchdog.com/
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 24 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 8
• 🟡 Medium: 13
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 24 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 8
• 🟡 Medium: 13
• 🔵 Low: 3
Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
It's been a busy 24 hours in the cyber world with significant updates on recent attacks, actively exploited vulnerabilities, new malware campaigns, and a reminder about the ever-evolving privacy landscape. Let's take a look:
Kyowon Group Hit by Suspected Ransomware ⚠️
- South Korea's Kyowon Group, a major education and lifestyle company, shut down parts of its network after identifying a suspected ransomware attack.
- The company confirmed an extortion demand and is investigating potential data leakage, including sensitive customer information, possibly affecting millions.
- This incident follows other high-profile data breaches in South Korea, prompting pledges for stronger data protection laws.
🗞️ The Record | https://therecord.media/kyowon-group-south-korea-suspected-ransomware-attack
Dutch Port Hacked for Cocaine Smuggling 🚨
- A Dutch appeals court upheld a seven-year prison sentence for a man who hacked port IT systems using malware-stuffed USB sticks to aid cocaine smugglers.
- The attacker gained months of remote access, exploring the network and hunting for admin rights, even live-blogging the break-in via encrypted chats.
- The case highlights the real-world impact of cyber intrusions facilitating organised crime, with the hack directly enabling a 210 kg cocaine shipment.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/dutch_port_hacker_appeal/
Black Axe Leaders Arrested in Spain 🕵️
- Spanish police, supported by Europol, arrested 34 alleged cybercriminals, including leaders of the transnational Black Axe organisation, across four cities.
- Black Axe is known for business email compromise (BEC) scams, money laundering, and vehicle trafficking, with estimated fraud exceeding $6.9 million.
- The operation froze $139,000 in bank accounts and seized cash, vehicles, and devices, significantly disrupting the hierarchical, Nigerian-led group.
🤫 CyberScoop | https://cyberscoop.com/black-axe-disruption-arrests-spain/
Supreme Court Filing System Hack 🏛️
- A Tennessee man is expected to plead guilty to a misdemeanor charge for hacking into the U.S. Supreme Court’s electronic case filing system on 25 occasions between August and October 2023.
- Nicholas Moore, 24, "intentionally accessed a computer without authorization," though details on the specific information accessed were not released.
- This incident underscores ongoing vulnerabilities in federal judicial systems, which have seen strengthened protections following sophisticated cyberattacks.
🗞️ The Record | https://therecord.media/guilty-plea-hacking-supreme-court-case-filing-system
Malicious Chrome Extension Steals MEXC API Keys 💰
- A malicious Google Chrome extension, "MEXC API Automator," is actively stealing API keys from the MEXC cryptocurrency exchange by masquerading as a trading tool.
- The extension programmatically creates new API keys with withdrawal permissions, hides these permissions in the UI, and exfiltrates the keys to a Telegram bot.
- This attack leverages an already authenticated browser session, bypassing traditional authentication, and grants attackers unfettered access to victims' crypto accounts.
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html
Gogs Zero-Day Under Active Exploitation 🛡️
- CISA has added CVE-2025-8110, a high-severity path traversal vulnerability in the Gogs self-hosted Git service, to its KEV catalog due to active exploitation.
- The flaw allows authenticated users to bypass previous fixes (CVE-2024-55947) by exploiting symbolic link handling in the PutContents API, leading to remote code execution.
- With no official patch yet, federal agencies are mandated to apply mitigations by February 2, 2026, or cease using Gogs, while other users should disable open registration and restrict access.
📰 The Hacker News | https://thehackernews.com/2026/01/13/cisa-warns-of-active-exploitation-of.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/cisa_gogs_exploit/
ServiceNow AI Platform Critical Flaw 🔒
- ServiceNow patched CVE-2025-12420, a critical 9.3 CVSS vulnerability in its AI Platform, allowing unauthenticated users to impersonate others and perform arbitrary actions.
- The flaw stemmed from a universal credential ("servicenowexternalagent") and lack of password/MFA for user identity verification, which could lead to full platform takeover.
- Although no in-the-wild exploitation has been confirmed, the vulnerability was deemed the "most severe AI-driven vulnerability to date" due to ServiceNow's deep integration across enterprise IT.
📰 The Hacker News | https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html
🌑 Dark Reading | https://www.darkreading.com/remote-workforce/ai-vulnerability-servicenow
AI/ML Python Libraries RCE Vulnerabilities 🐍
- Vulnerabilities in popular AI/ML Python libraries (Nvidia's NeMo, Salesforce's Uni2TS, Apple/EPFL VILAB's FlexTok) allow remote code execution via poisoned metadata.
- The flaws exploit Hydra's instantiate() function, which can execute arbitrary callables, enabling attackers to hide malicious code in model metadata that runs automatically upon loading.
- Patches have been issued for NeMo (CVE-2025-23304) and Uni2TS (CVE-2026-22584), with FlexTok also fixed, urging users to only load models from trusted sources.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/ai_python_library_bugs_allow/
Kremlin-linked Hackers Target Ukraine Military 🪖
- CERT-UA reports a new cyber-espionage campaign by Void Blizzard (UAC-0190) targeting Ukraine's military personnel using a novel PluggyApe malware.
- Attackers impersonate charitable organisations and use messaging apps like Signal and WhatsApp to deliver password-protected malicious executables.
- This campaign highlights a shift towards highly tailored social engineering, leveraging trusted communication channels and detailed target knowledge to deliver malware.
🗞️ The Record | https://therecord.media/kremlin-linked-hackers-pose-as-charities-spy-ukraine
SHADOW#REACTOR Delivers Remcos RAT 👻
- A new campaign, SHADOW#REACTOR, uses an evasive multi-stage Windows attack chain to deploy the Remcos RAT for persistent remote access.
- The infection leverages obfuscated VBS launchers, PowerShell downloaders, fragmented text-based payloads, and a .NET Reactor-protected loader to complicate detection.
- This broad, opportunistic activity, likely by initial access brokers, abuses LOLBins like MSBuild.exe and employs self-healing mechanisms to ensure payload delivery.
📰 The Hacker News | https://thehackernews.com/2026/01/new-malware-campaign-delivers-remcos.html
AsyncRAT Campaign Abuses Cloudflare & Python ☁️
- An emerging phishing campaign is delivering AsyncRAT by exploiting Cloudflare's free-tier services (TryCloudflare tunneling) and legitimate Python downloads.
- Attackers use Dropbox links with double-extension files (.pdfurl) in phishing emails, installing a full Python environment to inject code into explorer.exe.
- This technique masks malicious activity under trusted domains and legitimate tools, making detection challenging and highlighting the ongoing effectiveness of phishing and abuse of legitimate services.
🌑 Dark Reading | https://www.darkreading.com/endpoint-security/attackers-abuse-python-cloudflare-deliver-asyncrat
AVCheck Malware Kingpin Arrested 🚫
- Dutch police arrested a 33-year-old man at Amsterdam's Schiphol Airport, believed to be the mastermind behind the AVCheck online platform.
- AVCheck was a counter-antivirus (CAV) service, shuttered in May by Operation Endgame, that allowed cybercriminals to test malware against various AV products to evade detection.
- The arrest underscores ongoing international law enforcement efforts to dismantle critical components of the cybercrime ecosystem.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/avcheck_arrest/
North Korea's IT Worker & Crypto Theft Schemes 🇰🇵
- The U.S. urged UN member states to take tougher action against North Korea's IT worker scheme and cryptocurrency heists, which fund its weapons programs.
- A 140-page report highlights that over 40 countries are impacted, with North Korean IT workers stealing identities to secure remote jobs and laundered crypto funds exceeding $2 billion last year.
- China and Russia were criticised for providing safe havens, with 1,500 North Korean IT workers estimated in China alone, violating UN Security Council Resolutions.
🗞️ The Record | https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations
India's Strict Crypto KYC/AML Rules 🇮🇳
- India's Financial Intelligence Unit (FIU-IND) updated regulations for crypto service providers, requiring strict client due diligence for all serving Indian residents, even offshore.
- New rules mandate collecting identity documents, bank details, occupation, income, and crucially, "Latitude and longitude coordinates of the onboarding location with date and timestamp along with IP address," plus a selfie.
- These measures aim to combat fraud, money laundering, and terrorism financing in the anonymous and instantaneous crypto transaction landscape.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/india_crypto_kyc_aml_update/
US Cyber Command Leadership Shake-up 🇺🇸
- Air Force Lt. Col. Jason Gargan, commander of a Cyber National Mission Force task force aligned against Russia, was "relieved for cause" due to operational disagreements.
- This unusual dismissal highlights a "loss of trust and confidence" in command ability, with Gargan now expected to retire by the end of 2026.
- The incident occurs amidst other top-rank changes at Cyber Command, which has been without a Senate-confirmed leader for over nine months.
🗞️ The Record | https://therecord.media/senior-military-cyber-op-removed-russia-task-force
US Cyber Offense vs. Defense Debate ⚖️
- A House Homeland Security subcommittee debated the U.S. approach to cyber deterrence, with some lawmakers warning against expanding offensive cyber operations before strengthening defenses.
- Concerns were raised about CISA losing one-third of its workforce and the potential for offensive actions to provoke retaliation if U.S. networks are not adequately defended.
- While acknowledging the importance of offense, experts suggested a hybrid approach where the private sector supports government offensive operations, with CISA coordinating and receiving legal protections.
🤫 CyberScoop | https://cyberscoop.com/us-offensive-cyber-operations-defense-cisa-workforce-house-homeland-security-committee/
Mandiant's Salesforce Security Tool 🛠️
- Mandiant has open-sourced AuraInspector, a tool designed to help Salesforce admins detect misconfigurations in Aura (Experience Cloud sites) that could expose sensitive data.
- The tool targets access control issues, such as unauthenticated users gaining access to Salesforce Account object records, and can bypass 2,000-record limits via GraphQL API abuse.
- AuraInspector automates potential abuse techniques and remediation strategies, providing read-only operations to identify damaging misconfigurations without modifying Salesforce instances.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/13/mandiant_salesforce_tool/
#CyberSecurity #ThreatIntelligence #Ransomware #Vulnerability #ZeroDay #RCE #Malware #APT #NationState #Cybercrime #DataPrivacy #InfoSec #IncidentResponse #CloudSecurity #AI #BrowserSecurity #KYC #AML
Câu chuyện học bảo mật đám mây đầu tiên của tôi: Nhận ra tầm quan trọng của danh tính (identity) hơn tường lửa. Trong môi trường cloud như Azure, danh tính là hàng rào bảo mật đầu tiên và quan trọng nhất. Microsoft Entra ID đóng vai trò trung tâm với xác thực, phân quyền, kiểm soát truy cập và hỗ trợ mô hình Zero Trust. Học cách bảo vệ danh tính chính là nền tảng để đảm bảo an ninh trên Azure. #CloudSecurity #IdentitySecurity #MicrosoftEntraID #ZeroTrust #BảoMậtĐámMây #DanhTínhSố #AzureSecurity
