Hacker who stole 120,000 bitcoins wants a second chance-and a security job
On Thursday, Ilya Lichtenstein, who was at the center of a massive 2016 crypto heist worth billions at the time, wrote online that he is now out of prison and has changed his ways. "Ten years ago, I decided that I would hack the largest cryptocurrency exchange in the world," Lichtenstein wrote on LinkedIn, detailing a time when his startup was barely making money and he decided to steal some instead. READ MORE...
Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026
Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. The Pwn2Own Automotive hacking competition focuses on automotive technologies and took place this week in Tokyo, Japan, during the Automotive World auto conference. Throughout the contest, the hackers targeted fully patched in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems. READ MORE...
Schneier: AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
Really interesting blog post from Anthropic: In a recent evaluation of AI models' cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities. READ MORE...
Crims hit the easy button for Scattered-Spider style helpdesk scams
Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms. These kits are sold as a service to "a growing number" of digital intruders targeting victims' Google, Microsoft, and Okta accounts, and they include real-time assistance to miscreants looking to intercept users' credentials and multi-factor authentication codes. READ MORE...
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks. READ MORE...
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. The change was first discovered in a pending commit to curl's BUG-BOUNTY.md documentation, which removes all references to the HackerOne program. READ MORE...
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors have been abusing SharePoint for payload delivery in a new phishing campaign targeting energy organizations, Microsoft warns. One multi-stage attack analyzed by Microsoft started with adversary-in-the-middle (AitM) phishing, where the victim received an email from the compromised account of a trusted organization. The message featured a document-sharing workflow theme and included a SharePoint URL that directed the victim to a page prompting them for their credentials. READ MORE...
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Fortinet on Thursday confirmed that recent attacks are bypassing FortiCloud single sign-on (SSO) login authentication on devices fully patched against recent vulnerabilities. Leveraging automation, hackers are making configuration changes to FortiGate firewalls to add new user accounts, enable VPN access, and exfiltrate device configuration files, Arctic Wolf warned this week. The company pointed out that the fresh campaign resembles December 2025 attacks targeting two critical-severity defects. READ MORE...
- ...in 1944, actor Rutger Hauer ("Blade Runner", "Ladyhawke") is born in Utrecht, Netherlands.
- ...in 1957, former US Air Force pilot Walter Morrison sells his invention, called the "Pluto Platter", to Wham-O. It would go on to become a household name, as the Frisbee.
- ...in 1986, the Rock and Roll Hall of Fame inducts its first honorees, including Little Richard, Chuck Berry, Buddy Holly, Jerry Lee Lewis, and Elvis Presley, among others.
- ...in 1998, Netscape announces the formation of Mozilla. It would outlive its parent company, releasing the Firefox web browser and several other open-source products.
