Alright team, it's been a busy 24 hours in the cyber world with significant updates on AI-related vulnerabilities, new malware, ongoing cybercrime operations, and shifts in the threat landscape. Let's dive in:

AI-Powered Vulnerabilities and RCE Risks 🛡️

- Anthropic has patched three critical flaws (path validation bypass, unrestricted git_init, argument injection) in its Git Model Context Protocol (MCP) server. When chained with the Filesystem MCP server, these bugs could enable remote code execution (RCE) via indirect prompt injection.
- The open-source AI framework Chainlit (used by financial, energy, and academic sectors) was found to have two "easy-to-exploit" vulnerabilities: an arbitrary file read (CVE-2026-22218) and a server-side request forgery (SSRF) (CVE-2026-22219). These could lead to data leakage, account takeover, and lateral movement in enterprise cloud environments.
- Google Gemini was hit by a prompt injection flaw, weaponising Calendar invites to bypass privacy controls, access private meeting data, and create deceptive events without user interaction. This highlights a "structural limitation" in how AI-integrated products interpret user intent in natural language.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/anthropic_prompt_injection_flaws/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/ai_framework_flaws_enterprise_clouds/
🕶️ Dark Reading | https://www.darkreading.com/cloud-security/google-gemini-flaw-calendar-invites-attack-vector

New Malware and AI-Assisted Development 🤖

- VoidLink, a sophisticated Linux malware targeting cloud environments (AWS, GCP, Azure, Alibaba, Tencent) with 37 plugins, was "almost entirely generated by artificial intelligence." Researchers believe a single individual, using the Trae Solo AI assistant, developed the functional implant in under a week.
- A regionally focused threat actor, tracked as Nomad Leopard, is targeting Afghan government employees with phishing emails disguised as official correspondence. These emails deliver FalseCub malware, designed for data exfiltration, and leverage GitHub for temporary payload hosting.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/voidlink_ai_developed/
🗞️ The Record | https://therecord.media/hackers-target-afghan-workers

Mass Spam and Illicit Marketplace Shutdowns ⚠️

- Multiple users are reporting a wave of mass spam emails originating from Zendesk domains, leveraging instances belonging to legitimate companies like Live Nation, Capcom, and Tinder. These emails are often bypassing spam filters, with Zendesk investigating potential relay attacks or misconfigurations.
- Tudou Guarantee, a major Telegram-based illicit marketplace that processed over $12 billion in transactions, appears to be winding down its operations. This shutdown is linked to recent law enforcement actions against Cambodian conglomerate Prince Group and its CEO, Chen Zhi, implicated in "pig butchering" scams.

🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/mass-spam-attacks-zendesk-instances
📰 The Hacker News | https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html

Evolving Threat Landscape: AI and Hacktivism 🚨

- Cybercrime has fully embraced AI, with "Dark LLMs" and deepfake tools now available as cheap, off-the-shelf services. Group-IB reports Dark LLMs for scams and malware can be rented for as little as $30/month, and synthetic identity kits for $5, significantly scaling social engineering and fraud.
- The UK's NCSC has warned of a sustained cyber threat from pro-Russian hacktivist groups, such as NoName057(16), continuing to target UK and international organisations with disruptive cyberattacks, including DDoS. These ideologically motivated groups, though less sophisticated than state-sponsored actors, can still cause significant real-world disruption.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/
🗞️ The Record | https://therecord.media/uk-ncsc-warning-russia-aligned-hacktivist-groups

Cybersecurity Legislation and Funding Updates 🏛️

- US lawmakers have once again moved to temporarily extend two key cybersecurity laws: the 2015 Cybersecurity and Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program, through September 30. This is part of a compromise government funding bill, highlighting ongoing challenges for long-term reauthorization.
- The proposed funding bill also allocates $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including $39.6 million for election security programs. The legislation also includes directives on CISA staffing levels, aiming to ensure sufficient personnel for its statutory missions.

🗞️ The Record | https://therecord.media/lawmakers-move-to-extend-two-cyber-programs-again
🤫 CyberScoop | https://cyberscoop.com/congressional-appropriators-move-to-extend-information-sharing-law-fund-cisa

Cloudflare WAF Bypass Fixed 🌐

- Cloudflare has patched a security vulnerability in its Automatic Certificate Management Environment (ACME) validation logic. The flaw could have allowed a bypass of Web Application Firewall (WAF) rules, enabling requests to reach origin servers. No evidence of malicious exploitation was found.

📰 The Hacker News | https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html

Predator Bots and API Security 🤖

- The rise of "predator bots" — self-learning programs leveraging AI to mimic human behaviour and exploit APIs — is causing up to $186 billion in annual economic harm through credential theft, scalping, and fraud. Defending against these adaptive threats requires deep API knowledge, complete API discovery, and machine-speed behavioral detection.

🤫 CyberScoop | https://cyberscoop.com/malicious-bots-predator-bots-api-security-machine-speed-defense/

#CyberSecurity #ThreatIntelligence #Vulnerabilities #AI #PromptInjection #RCE #Malware #CloudSecurity #APIsecurity #Hacktivism #Cybercrime #InfoSec #IncidentResponse #ThreatLandscape

Building clinical ML APIs? Zero trust helps you prove who accessed a prediction and why.

This guide covers OAuth2/OIDC JWT checks, mTLS for service identity, and privacy‑aware audit logging practical APISecurity for ZeroTrust teams shipping #HealthcareAI and #MLOps with #FastAPI.

Read the full guide: https://codelabsacademy.com/en/blog/zero-trust-clinical-ml-apis-oauth2-mtls-audit-logging?source=mastodon

#ZeroTrust #APISecurity

Bluspark’s shipping platform exposed sensitive data via unauthenticated APIs.

• Plaintext passwords
• Admin account creation
• Shipment records back to 2007

https://www.technadu.com/bluspark-unauthenticated-api-vulnerability-exposed-sensitive-data-including-plaintext-passwords/618280/

What’s your approach to securing APIs in complex supply chains?

#Infosec #APISecurity #VulnerabilityManagement

Getting ready for the cybersecurity certification exam — Lab 3 (API) — Apply a 100% discount on the site

https://peertube.eqver.se/w/9U5h9p7r5BBMKBbSwnPm3N

Getting ready for the cybersecurity certification exam — Lab 2 (API) — Buy an item for $0

https://peertube.eqver.se/w/h9PFH3J4wjnvCiNtMb6hGf

Getting ready for the cybersecurity certification exam — Lab 1 (API) — Delete users without permissions

https://peertube.eqver.se/w/ektPnmJ2cJ5BW5Vwvb7G9m

Eighteen months of monitoring public Postman artefacts indicates reduced credential exposure, but persistent low-volume risk.

2025 findings were mostly single-secret incidents - yet validated and contextualized, making them operationally meaningful.

The issue appears rooted in ownership and lifecycle management of collaboration artefacts, not platform mechanics.

How are teams addressing secret hygiene outside traditional SDLC controls?
Follow TechNadu for practitioner-focused cybersecurity analysis.

#APISecurity #SecretsManagement #RiskSurface #DevSecOps #InfoSec

Broken object-level auth, SSRF, missing rate limits — Java APIs fail in predictable ways. This step-by-step guide by @mezoCode maps each #OWASP #API flaw to a working #Java solution.

Essential read for secure backends: https://javapro.io/2025/11/12/mastering-api-security-in-java-owasp-best-practices/

@owasp #OWASPTop10 #APIsecurity