Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
When open science meets real-world cybersecurity
In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where cybersecurity blind spots emerge, why availability can outweigh confidentiality, and how security teams protect complex, legacy-driven research infrastructure while supporting scientific progress.
Inside Microsoft’s veteran-to-tech workforce pipeline
In this Help Net Security interview, Chris Cortez, Vice President of Military Affairs at Microsoft and longtime leader of the Microsoft Software and Systems Academy (MSSA), and Corey Lee, Security CTO for Microsoft Education, discuss how Microsoft has built and scaled a veteran-to-tech pipeline that responds directly to real-world hiring needs.
Poland repels data-wiping malware attack on energy systems
Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and targeted two combined heat and power (CHP) plants and a system enabling the management of electricity generated from wind turbines and photovoltaic farms.
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated advisory and to implement updates or mitigations as soon as possible.
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on target Windows computers by using fake human verification pages – i.e., CAPTCHA pages – to trick users into manually pasting and executing a command via the Run dialog.
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. On January 20, several Fortinet customers revealed that attackers gained access to their FortiGate firewalls and created new local admin accounts despite the devices running the then-latest FortiOS versions.
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives.
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible.
eScan AV users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The compromise also resulted in the eScan antivirus on those endpoints to stop working as intended, since the trojanized eScan update tampered with the solution’s registry, files and update configuration to block remote updates, Morphisec researchers said on Thursday.
Google disrupts proxy network used by 550+ threat groups
Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. Residential proxy networks are collections of proxy servers that route internet traffic through real residential IP addresses, making it look like it’s coming from a regular household connection somewhere in the world.
Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)
Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog.
Incident response lessons learned the hard way
In this Help Net Security video, Ryan Seymour, VP, Consulting and Education at ConnectSecure, shares lessons from more than two decades in cybersecurity incident response. He explains why many response failures are set in motion long before an attack begins. The focus is on how teams prepare to make decisions under pressure.
A practical take on cyber resilience for CISOs
In this Help Net Security video, Shebani Baweja, CISO, Wealth and Retail Banking & Markets at Standard Chartered, explains how security leaders should think about cyber resilience.
Microsoft Entra ID will auto-enable passkey profiles, synced passkeys
Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. The update brings passkey profiles and synced passkeys into general availability. Administrators gain access to a new passkey profiles experience that supports group-based configuration. This allows security teams to apply passkey policies to specific user groups instead of managing settings at a tenant-wide level.
EU opens new investigation into Grok on X
The European Commission has opened a new formal investigation into X under the Digital Services Act over risks linked to the deployment of its AI tool Grok in the EU. Regulators are examining whether X properly assessed and mitigated risks tied to the spread of illegal content following Grok’s introduction on the platform. The content under scrutiny includes manipulated sexually explicit images and material that may amount to child sexual abuse content. The Commission states that these risks appear to have materialised, exposing users in the EU to serious harm.
Apple updates AirTag with expanded range and improved findability
Apple has released a new version of its AirTag tracking accessory that extends its connectivity range and improves how items are located. The updated AirTag uses a second-generation Ultra Wideband chip, similar to the chip in the iPhone 17 lineup, to increase the distance at which Precision Finding can guide users to a lost item.
Claude expands tool connections using MCP
Anthropic has added interactive tool support to its Claude AI platform, a change powered by the open Model Context Protocol (MCP). The update lets users work directly with external applications inside Claude’s interface rather than relying solely on text interactions with connected services.
Waiting for AI superintelligence? Don’t hold your breath
AI’s impact on systems, security, and decision-making is already permanent. Superintelligence, often referred to as artificial superintelligence (ASI), describes a theoretical stage in which AI capability exceeds human cognitive performance across domains. Whether current systems are progressing toward cybersecurity superintelligence remains uncertain.
Microsoft brings AI-powered investigations to security teams
Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak investigations, credential exposure, internal fraud and bribery, sensitive data exposure in Teams, and inappropriate content investigations.
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that are often difficult to study.
Android just got smarter at stopping snatch-and-run phone thefts
Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android 16 and later.
French government abandons Zoom and Microsoft Teams over security concerns
France intends to phase out non-European videoconferencing platforms such as Zoom and Microsoft Teams from its public administration, opting instead for a nationally developed solution due to security considerations.
Samsung tackles shoulder surfing on Galaxy devices
Our phones hold our most personal details, and we use them everywhere. On the bus, in elevators, and while waiting in line, screens are often visible to people nearby. The closer phones align with daily habits, the more persistent privacy concerns become.
Google agrees to pay $135 million over Android data harvesting claims
Google agrees to pay $135 million to settle a proposed class action lawsuit brought by Android smartphone users over alleged unauthorized cellular data transmissions.
Conditional Access enforcement change coming to Microsoft Entra
Microsoft will change how Conditional Access policies are enforced in Microsoft Entra starting March 27, 2026, with a phased rollout continuing through June 2026.
France Travail fined €5 million for failing to protect job seeker data
France data protection authority CNIL has fined public employment agency France Travail €5 million for failing to ensure the security of personal data of job seekers. Attackers gained access to the organization’s systems through social engineering techniques that targeted accounts used by staff at Cap emploi, a partner organization.
Wearable tech adoption continues as privacy worries grow
Over 1 billion users wear devices for tracking steps, sleep, heart rate, and other personal metrics. These devices collect a continuous stream of sensitive data, often tied to detailed user profiles and companion apps. New Clutch survey data show that as wearables settle into daily life, questions about how that data is handled are influencing user confidence and purchasing decisions.
Security work keeps expanding, even with AI in the mix
Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 report by Tines. Within that environment, large numbers of teams already rely on AI, automation, and workflow tools as part of routine operations, creating a baseline expectation that AI plays a central role in security work.
EFF calls out major tech companies on encryption promises
The Electronic Frontier Foundation (EFF) has introduced a new campaign called Encrypt It Already, focused on expanding the use of end-to-end encryption in consumer technology products and services. The effort examines public security commitments and the current availability of encryption protections in widely used services. It maps where encryption features are planned, where they are available through user settings, and where additional protections are proposed.
Ex-Google engineer found guilty of stealing AI secrets
A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of trade secrets tied to AI technology.
Microsoft sets new timeline for Sentinel transition to Defender portal
Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, 2027. The updated schedule extends access by nearly nine months.
AWS releases updated PCI PIN compliance report for payment cryptography
Amazon Web Services has published an updated Payment Card Industry Personal Identification Number (PCI PIN) compliance package for its AWS Payment Cryptography service, confirming a recent third-party audit of the platform. The report package is now accessible through AWS’s compliance portal.
Brakeman: Open-source vulnerability scanner for Ruby on Rails applications
Brakeman is an open-source security scanner used by teams that build applications with Ruby on Rails. The tool focuses on application code and configuration, giving developers and security teams a way to identify common classes of web application risk during development and testing.
Google ties AI Search to Gmail and Photos, raising new privacy questions
Google is expanding Personal Intelligence into AI Mode in Google Search to deliver more personalized search results. AI Mode can securely connect to your Gmail and Google Photos to provide tailored recommendations without requiring you to repeatedly explain your preferences or ongoing plans.
AI’s appetite for data is testing enterprise guardrails
Privacy programs are taking on more operational responsibility across the enterprise. A new Cisco global benchmark study shows expanding mandates, rising investment, and sustained pressure around data quality, accountability, and cross-border data management tied to AI systems.
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints
Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while continuing to support IPv4. The change applies to access portals, managed applications, and service APIs that use dual-stack domain names capable of accepting both IPv4 and IPv6 connections.
Audits for AI systems that keep changing
Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement and automated evidence collection tied to live system behavior.
Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions
A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access.
WhatsApp rolls out new security feature to protect users from sophisticated attacks
To add an extra layer of protection to its end-to-end encryption, WhatsApp has begun rolling out a new privacy and security feature called Strict Account Settings. It is designed to help users protect their accounts from sophisticated cyberattacks.
n8n adds Chat Hub to centralize AI access inside automation workflows
Teams using automation platforms are starting to treat conversational AI as another operational interface. That change is reflected in a new feature from n8n, which has introduced a built-in Chat Hub designed to let users interact with AI models and internal automation through a single chat interface.
OPNsense 26.1 brings updates to open-source firewall management
OPNsense, the open-source firewall and network security platform, reached version 26.1, adding a range of updates affecting management, traffic visibility, automation interfaces, and core services.
A fake romance turns into an Android spyware infection
ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the app’s primary function is to steal data from infected devices. ESET tracks the malware as GhostChat.
What motivates hackers and what makes them walk away
Most hackers spend more time learning, testing, and comparing notes than breaking into systems. The work often happens alone or in small groups, shaped by curiosity, persistence, and a habit of examining how systems behave. Bugcrowd examined who these security researchers are, how they build skills, and what their work looks like behind the scenes as they look for flaws and decide what to report.
Hottest cybersecurity open-source tools of the month: January 2026
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
Open-source malware zeroes in on developer environments
Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to build software in the first place.
Security teams are carrying more tools with less confidence
Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large organizations, and they bring a constant stream of logs, alerts, and operational data. That environment already exists across many enterprises, and it frames a recent Sumo Logic study that examined how security leaders manage tooling, staffing, and detection across these systems.
Apple’s new privacy feature limits how precisely carriers track your location
Apple users are already accustomed to managing app-level location permissions, and a new privacy feature in iOS 26.3 extends that control to cellular networks. Called Limit Precise Location, it reduces the amount of fine-grained location data that iPhones share with carriers.
Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Database references persist indefinitely. Anyone with historical access can retrieve past commits. Forever. This means that every remediation effort, no matter how thorough, is actually permanent damage control, not a true fix.
Cybersecurity jobs available right now: January 27, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the month: January 2026
Here’s a look at the most interesting products from the past month, featuring releases from Acronis, Booz Allen Hamilton, cside, Descope, JumpCloud, MIND, Noction, Obsidian Security, Rubrik, SEON, SpyCloud, Tenable, Tosi and Vectra AI.
.png)
