TechNaduIPVanish launches Threat Protection Pro (Windows beta), adding malware, phishing & tracker protection that works even without an active VPN.
Details:
https://www.technadu.com/ipvanish-threat-protection-pro-launches-in-windows-beta/619385/
Microsoft attributes recent Windows 11 boot failures to devices left in an unstable state after failed December 2025 security updates.
Applying later updates on those systems resulted in boot errors, despite no active exploitation being reported. The issue appears limited to physical devices, with investigations still underway.
What safeguards do you use to validate update rollbacks?
Follow TechNadu for clear and unbiased security reporting.
#Microsoft #Windows11 #PatchManagement #EndpointSecurity #ITRisk #SystemIntegrity #InfoSec
Updated COOLCLIENT backdoor activity has been observed in government-focused espionage campaigns attributed to Mustang Panda.
The operations combine DLL side-loading, legitimate signed binaries, modular plugins, and credential-stealing tools to support long-term data collection and access.
This reinforces the need for deeper behavioral monitoring beyond signature-based controls.
How are teams detecting abuse of trusted software in their environments?
Follow @technadu for unbiased infosec reporting.
#Infosec #ThreatIntelligence #APT #MalwareAnalysis #EndpointSecurity #CyberEspionage
MicroWorld Technologies confirms an update infrastructure access incident affecting a regional eScan server on Jan 20.
Unauthorized modification of an update component led to endpoint behavior changes, while core product code remained unaffected. Infrastructure was isolated, credentials rotated, and remediation updates issued.
What controls are most effective against update-path compromise?
Follow @technadu for objective infosec coverage.
#SupplyChainSecurity #EndpointSecurity #ThreatAnalysis #UpdateIntegrity #InfosecCommunity
Gabriel Luiz🎥 Novo vídeo no canal!
Windows LAPS + Windows Admin Center =
Mais segurança, mais controle e menos dor de cabeça 🔐
Gerencie senhas locais direto pela interface web 🚀
#WindowsLAPS #WindowsAdminCenter #ITPro #SysAdmin #Microsoft #EndpointSecurity #MVPBuzz
SOC GoulashIt's been a busy 24 hours in the cyber world with updates on nation-state activity, actively exploited vulnerabilities, new AI-powered malware, and a reminder about data privacy and regulatory efforts. Let's dive in:
Nike Data Theft & Poland Power Grid Attack 🚨
- Extortion group WorldLeaks, believed to be a rebrand of Hunters International, claims to have stolen 1.4TB of internal Nike data, including design and manufacturing workflows. Nike is investigating the potential breach.
- Russia's GRU-linked Sandworm unit is suspected to be behind a December wiper malware attack (DynoWiper) on Poland's power grid, which aimed to disrupt communications between renewable energy installations. The attack was thwarted but described as the strongest in years.
- These incidents highlight the ongoing threat of data exfiltration for extortion and nation-state targeting of critical infrastructure, even if the attacks are unsuccessful.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/data_thieves_claim_nike_data_haul/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/moscow_likely_behind_wiper_attack/
🗞️ The Record | https://therecord.media/russia-eset-sandworm-poland-hack
Even Cybercriminals Have Security Lapses 🤦
- Cybersecurity researcher Jeremiah Fowler discovered over 149 million unique login/password combinations from infostealer and keylogging malware exposed online.
- The 96GB dataset contained credentials for social media, dating apps, streaming services, financial services, banking, credit cards, and even government accounts.
- This serves as a stark reminder that even threat actors can fail at basic security, but more importantly, it's a critical prompt for everyone to regularly reset passwords, especially if you've been a victim of infostealer malware.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
AI-Generated Malware and Malicious Extensions 🤖
- North Korean Konni hackers are using AI-generated PowerShell malware to target blockchain developers and engineering teams in Japan, Australia, and India, expanding their traditional scope.
- Two malicious Microsoft VS Code extensions, "ChatGPT - 中文版" (1.3M installs) and "ChatGPT - ChatMoss(CodeMoss)" (150K installs), were found exfiltrating every opened file and code modification to China-based servers.
- Separately, LayerX Research identified 16 malicious Chrome browser extensions for ChatGPT designed to steal account credentials and session tokens by monitoring outbound requests from chatgpt.com.
📰 The Hacker News | https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
🤫 CyberScoop | https://cyberscoop.com/chatgpt-browser-extensions-steal-your-data/
Critical Vulnerabilities Under Active Exploitation ⚠️
- CISA has flagged a critical VMware vCenter Server RCE flaw (CVE-2024-37079) as actively exploited, stemming from a heap overflow in the DCERPC protocol. Federal agencies have three weeks to patch.
- Microsoft released emergency out-of-band updates for an actively exploited high-severity Office zero-day (CVE-2026-21509), a security feature bypass affecting multiple Office versions. Mitigations are available for unpatched versions.
- Nearly 800,000 Telnet servers are exposed globally, with active exploitation of a critical authentication bypass (CVE-2026-24061) in GNU InetUtils telnetd server, allowing root access without authentication. Patch immediately or disable Telnet.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
Pwn2Own Automotive & npm Supply Chain Flaws 🛡️
- The Pwn2Own Automotive 2026 competition uncovered 76 unique zero-day vulnerabilities across Tesla infotainment, EV chargers, and Automotive Grade Linux, with over $1M paid out.
- Researchers found "PackageGate" vulnerabilities in JavaScript package managers (pnpm, vlt, Bun, npm) that bypass Shai-Hulud supply-chain defenses via Git dependencies, allowing script execution even with '--ignore-scripts'. NPM has not patched this, stating users are responsible for vetting packages.
- Google has patched a vulnerability in Gemini AI that could expose a user's calendar secrets through prompt injection in malicious calendar invitations, highlighting the need for new security considerations for LLMs.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
Winning Against AI-Based Attacks Requires a Combined Defensive Approach 💡
- The rise of offensive AI is transforming attack strategies, making them more sophisticated and harder to detect, with LLMs used to conceal code and generate malicious scripts.
- Legacy defences like EDR alone are proving insufficient against AI-fueled attacks, which can operate at higher speeds and scale, and often combine threats across identity, endpoint, cloud, and on-premises infrastructure.
- A combined defensive approach, integrating Network Detection and Response (NDR) with EDR, is crucial for detecting novel attack types, identifying behavioural anomalies, and gaining deeper insights from network data to respond quickly.
📰 The Hacker News | https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html
Privacy Breaches and State-Sponsored Spyware 🔒
- French privacy regulators fined an unnamed company €3.5M for sharing customer loyalty data (email addresses, phone numbers) with a social network for targeted advertising without explicit consent, affecting over 10.5 million Europeans.
- A London judge awarded a British critic of the Saudi regime over £3M ($4.1M) in damages, finding "compelling basis" that his iPhones were hacked by Pegasus spyware directed or authorised by Saudi Arabia.
- These incidents underscore the critical importance of informed consent for data sharing and the severe consequences of state-sponsored surveillance and privacy violations.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🗞️ The Record | https://therecord.media/london-judge-sides-with-saudi-critic-spyware-case/
Voluntary Rules for Commercial Hacking Tools ⚖️
- An international effort, the Pall Mall Process, is developing voluntary standards for the commercial cyber intrusion industry, focusing on responsible government use and procurement from ethical vendors.
- Key discussions include the scope of these rules (e.g., reconnaissance tools), incentives for vendor participation, and how to handle companies with a history of irresponsible behaviour.
- Bug bounty platform HackerOne has also published a new safe harbour document for AI security testing, aiming to provide clear, standardised authorisation for researchers and encourage good-faith AI vulnerability discovery.
🤫 CyberScoop | https://cyberscoop.com/industry-government-nonprofits-weigh-voluntary-rules-for-commercial-hacking-tools/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
Cloudflare BGP Route Leak 🌐
- Cloudflare experienced a 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, causing congestion, packet loss, and dropped traffic due to an accidental policy misconfiguration on a router.
- The incident, a mixture of Type 3 and Type 4 route leaks, occurred when an overly permissive export policy allowed internal IPv6 routes to be advertised externally from Miami.
- Cloudflare detected and reverted the configuration within 25 minutes and is implementing stricter community-based export safeguards, CI/CD checks, and promoting RPKI ASPA adoption to prevent future occurrences.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/
#CyberSecurity #ThreatIntelligence #APT #Ransomware #Malware #ZeroDay #Vulnerability #RCE #SupplyChainAttack #AI #DataPrivacy #IncidentResponse #NetworkSecurity #EndpointSecurity #BGP #InfoSec
A large infostealer-linked credential dataset was found publicly exposed, containing millions of unique login records across consumer, financial, and government-associated services.
The case reinforces ongoing challenges around endpoint compromise, credential reuse, and post-infection response - especially where malware persists silently.
From an InfoSec standpoint, which control most often fails first in these scenarios?
Source: https://www.expressvpn.com/blog/149m-infostealer-data-exposed/
Share insights and follow @technadu for objective security reporting.
#InfoSec #CredentialTheft #ThreatResearch #EndpointSecurity #CyberRisk #TechNadu
Zoho by NettobeCentralise and secure all your devices and sensitive data - monitor, enforce policies, and stay compliant with Device Control Plus. 📌
#EndpointSecurity #DeviceControl #DataProtection #CyberSecurity #ITSecurity #ManageEngine #DataCompliance #ITManagement #SecureYourNetwork #BusinessSecurity
Bryan King (W8DBK)Windows 12 is watching back 👀! “Microslop” rumors reveal new AI and telemetry risks. SOCs and CISOs, are you ready? #Windows12 #CyberSecurity #EndpointSecurity
Endpoint GuardianTraditional firewalls block ports and IPs, but miss on modern web threats hidden in URLs, scripts, and content.
The problem:
• Users bypass perimeter rules
• Unsafe web content slips through
• Remote work breaks static firewall models
The solution:
Web filtering adds context-aware controls to block risky content over the internet, whether users are on or off the corporate network.
Deep dive: https://blog.scalefusion.com/web-filtering-vs-firewall/
#WebSecurity #CyberSecurity #EndpointSecurity #ITAdmin #WebFiltering #Veltar
