ShinyHunters claims Okta customer breaches, leaks data • The Register - On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three - Crunchbase and Betterment - by voice-phishing Okta single-sign-on codes.
Ring is adding a new content verification feature to videos | TechCrunch - The verification feature will be automatically enabled on every video recorded with a Ring device from December 2025 onward, the company notes. Any changes or edits, including cropping and filters, will break that verification seal. Ring says this includes videos uploaded to sharing sites that compress footage.
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: Reports | TechCrunch - BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker. How to encrypt your PC’s disk without giving the keys to Microsoft - Ars Technica
Researchers say Russian government hackers were behind attempted Poland power outage | TechCrunch Wiper malware targeted Poland energy grid, but failed to knock out electricity - Ars Technica ESET: Russia likely behind Poland power grid attack • The Register Sandworm has a long history of destructive attacks waged on behalf of the Kremlin and aimed at adversaries. Most notable was one in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year. ESET said the attack targeting Poland occurred on the 10th anniversary of that event.
Saudi satirist hacked with Pegasus spyware wins damages in court battle | TechCrunch - Al-Masari was also physically assaulted in London in 2018, around the time his phone was targeted. He accused agents working for the de facto leader of Saudi Arabia, Crown Prince Mohammed bin Salman, of staging the attack.
Ireland proposes new law allowing police to use spyware | TechCrunch - Ireland is considering new legislation to give its law enforcement agencies more surveillance powers, including allowing the use of spyware. (Like Paragon, Pegasus, Intellexa)
Trump administration admits DOGE may have misused Americans’ Social Security data | TechCrunch - Two members of Elon Musk’s Department of Government Efficiency may have accessed and shared Social Security numbers in an effort to help an advocacy group “overturn election results in certain States” last year, according to court documents. Last year, a federal judge issued an order to block DOGE’s members access to SSA’s systems, which included SSNs, medical records, drivers’ license numbers, tax information, and other types of personal information. Later on, an SSA whistleblower alleged that DOGE uploaded hundreds of millions of Social Security records to a vulnerable cloud server.
Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health” - Ars Technica - “We are just a small single open source project with a small number of active maintainers,” Daniel Stenberg, the founder and lead developer of the open source app cURL, said Thursday. “It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.”
Why has Microsoft been routing example.com traffic to a company in Japan? - Ars Technica - Microsoft has suppressed an unexplained anomaly on its network that was routing traffic destined to example.com—a domain reserved for testing purposes—to a maker of electronics cables located in Japan.
Hackers suspected of spying on UK officials’ calls for years • The Register - Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.
EU mulls axing Chinese kit from networks within 3 years • The Register The European Commission (EC) wants a revised Cybersecurity Act to address any threats posed by IT and telecoms kit from third-country sources, potentially forcing member states to confront the thorny issue of suppliers such Huawei in their national networks.
FortiGate SSO bug still exploitable despite December patch • The Register - In a new advisory, Fortinet said it had identified a fresh attack path being used to abuse SAML-based SSO in FortiOS, even on systems that had already applied the vendor’s earlier fix.
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access - The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. On January 26, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-24061 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patches by February 16, 2026.
Amateur Radio Operators in Belarus Arrested, Face the Death Penalty - “I am writing this because my local community is being systematically liquidated in what I can only describe as a targeted intellectual genocide,” Besarab wrote. “They have detained over 50 licensed people, including callsigns EW1ABT, EW1AEH, and EW1ACE. These men were paraded on state television like war criminals and were coerced to publicly repent for the “crime” of technical curiosity. Propagandists presented the Belarusian Federation of Radioamateurs and Radiosportsmen (BFRR) as a front for a ‘massive spy network.’”
Police Told to Be ‘as Vague as Permissible’ About Why They Use Flock - The suggestion that officers should be as “vague as permissible” about why they are using Flock is also a problem. Police currently do not get a warrant to use Flock, and have revealed that they use it for legitimate investigations, but also for all sorts of other purposes.