General
Vulnerability exploits now dominate intrusions • The Register - A functional proof-of-concept exploit for React2Shell began circulating online within 30 hours of disclosure, for example.
Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch - Marquis said it believes that its August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls.
County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica - Despite the legal contract that authorized it, DeMercurio and Wynn were arrested for felony third-degree burglary and spent 20 hours in jail, until they were released on $100,000 bail ($50,000 for each). Charges were reduced to misdemeanor trespassing charges, but Sheriff Chad Leonard, continued to allege publicly that the men had acted illegally and should be prosecuted.
Ransomware crims forced to take off-RAMP as FBI seizes forum • The Register - It’s highly unlikely impossible that this takedown signals the end of ransomware and other crime crews who used RAMP’s websites to buy and sell malware and exploits and recruit affiliates. Much like horror-movie monsters, cybercrime forums never really die, and their users will likely scatter to other underground marketplaces to buy and sell their illicit services.
Trump White House
Trump’s acting cybersecurity chief uploaded sensitive government docs to ChatGPT | TechCrunch - Following his appointment to CISA, Gottumukkala reportedly failed a counterintelligence polygraph, which Homeland Security later claimed was “unsanctioned,” and subsequently suspended six career staff from accessing classified information.
Informant told FBI that Jeffrey Epstein had a ‘personal hacker’ | TechCrunch - The hacker allegedly developed zero-day exploits and offensive cyber tools and sold them to several countries, including an unnamed central African government, the U.K., and the United States.
Amid Trump attacks and weaponized sanctions, Europeans look to rely less on US tech | TechCrunch - The European Parliament voted January 22 to adopt a report directing the European Commission to identify areas where the EU can reduce its reliance on foreign providers. Parliamentarians said the European Union and its 27 member states rely on non-EU countries for more than 80% of its digital products, services, and infrastructure.
Russia
Russian hackers breached Polish power grid thanks to bad security, report says | TechCrunch - Ministry of Digital Affairs report states, The targeted systems used default usernames and passwords and did not have multi-factor authentication enabled, both incredibly basic mistakes. Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
AI
Web portal leaves kids’ chats with AI toy open to anyone with Gmail account - Ars Technica - Margolis and Thacker discovered that the data Bondu left unprotected—accessible to anyone who logged in to the company’s public-facing web console with their Google username—included children’s names, birth dates, family member names, “objectives” for the child chosen by a parent, and most disturbingly, detailed summaries and transcripts of every previous chat between the child and their Bondu. Thackers Write Up
DIY AI bot farm OpenClaw is a security ‘dumpster fire’ • The Register - “OpenClaw is a security dumpster fire.”
The rise of Moltbook suggests viral AI prompts may be the next big security threat - Ars Technica- Palo Alto Networks described OpenClaw as embodying a “lethal trifecta” of vulnerabilities: access to private data, exposure to untrusted content, and the ability to communicate externally. But the firm identified a fourth risk that makes prompt worms possible: persistent memory. “Malicious payloads no longer need to trigger immediate execution on delivery,” Palo Alto wrote. “Instead, they can be fragmented, untrusted inputs that appear benign in isolation, are written into long-term agent memory, and later assembled into an executable set of instructions.”
New sandbox escape flaw exposes n8n instances to RCE attacks - CVE-2026-1470 received a critical severity score of 9.9 out of 10.
GitHub - RootUp/claude-poc: Claude Code Remote Code Execution - There are multiple ways to abuse Claude code, this is one of them which I found during my research & reported (November 23, 2025) (not-fixed). Gif of Exploit
Notepad++
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit Notepad++ says Chinese government hackers hijacked its software updates for months | TechCrunch Notepad++ Hijacked by State-Sponsored Hackers | Notepad++ Notepad++ hijacking linked to Chinese Lotus Blossom crew • The Register Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.
ShinyHunters
ShinyHunters claims it stole10M records from dating apps • The Register Canva among ~100 ShinyHunters credential-theft targets • The Register ShinyHunters claims Panera Bread in alleged data theft • The Register
Action: Go here, search your name. Sign up for Free Notifications (NOTIFY ME in the header) Have I Been Pwned
Mobile Devices
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware - “This lockdown-style feature bolsters your security on WhatsApp even further with just a few taps by locking your account to the most restrictive settings like automatically blocking attachments and media from unknown senders, silencing calls from people you don’t know, and restricting other settings that may limit how the app works.”
Apple’s new iPhone and iPad security feature limits cell networks from collecting precise location data | TechCrunch - Sharing a less-precise location, such as the general neighborhood rather than a street address, will help to protect the device owner’s privacy, the company claims. Switching on the feature does not affect the precision of location data shared with apps, or shared with first responders during an emergency call. “Apple’s feature, while limited to very few operator networks, is a step in the right direction in providing users with greater privacy controls.
Google rolls out Android theft protection feature updates - Added granular controls for the Failed Authentication Lock feature, which automatically locks device screens after excessive failed authentication attempts, now allowing users to enable or disable it using a dedicated settings toggle. Expanded Identity Check, which requires biometric authentication for specific actions performed outside trusted locations, ensuring this safeguard now covers all features and apps that use Android Biometric Prompt, automatically protecting Google Password Manager and third-party banking apps.