Sandworm Blamed for Wiper Attack on Poland Power Grid
A destructive cyberattack against Poland's power grid last month was attributed to Russia's Sandworm advanced persistent threat (APT) group. Poland last month was targeted in a wiper attack against its energy grid that Minister of Energy Milosz Motyka called one of the strongest the country had seen in years. Attackers on Dec. 29 and 30 targeted two combined heat and power plants, as well as "a system enabling the management of electricity generated from renewables." READ MORE...
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems. SoundCloud was founded in 2007 as an artist-first platform that now provides access to over 400 million tracks from more than 40 million artists worldwide. The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud. READ MORE...
A new wave of 'vishing' attacks is breaking into SSO accounts in real time
Threat hunters and researchers are racing to contain a wave of voice-phishing attacks targeting single sign-on tools, already leading to data theft and extortion attempts. Multiple cybercrime groups are combining voice calls and advanced phishing kits to trick victims into handing over access - including a group identifying itself as ShinyHunters, which has publicly named alleged targets and posted samples of stolen data. READ MORE...
DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor
North Korean threat actors are once again targeting developers with an ongoing phishing campaign, this time with a specific focus that goes outside the usual geographic scope and demonstrates the use of artificial intelligence (AI) to develop a novel backdoor. The advanced persistent threat (APT) group Konni has been targeting developers with expertise in and access to blockchain-related resources and infrastructure across the Asia-Pacific (APAC) region. READ MORE...
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated advisory and to implement updates or mitigations as soon as possible. CVE-2026-21509 stems from reliance on untrusted inputs in a security decision in Microsoft Office. READ MORE...
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
A threat actor has created 16 browser extensions to steal users' ChatGPT sessions and published them to the official Chrome and Edge stores, LayerX reports. Banking on the increased adoption of AI-powered browser extensions that fulfill users' productivity needs, the threat actor published 15 extensions to the Chrome Web Store and one to the Microsoft Edge Add-ons marketplace. READ MORE...
"Wildly irresponsible": DOT's use of AI to draft safety rules sparks concerns
The US Department of Transportation apparently thinks it's a good idea to use artificial intelligence to draft rules impacting the safety of airplanes, cars, and pipelines, a ProPublica investigation revealed Monday. It could be a problem if DOT becomes the first agency to use AI to draft rules, ProPublica pointed out, since AI is known to confidently get things wrong and hallucinate fabricated information. READ MORE...
A WhatsApp bug lets malicious media files spread through group chats
WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from "trusted default messenger" to a grudgingly necessary Meta product. Privacy-aware users still see WhatsApp as one of the more secure mass-market messaging platforms if you lock down its settings. Even then, many remain uneasy about Meta's broader ecosystem. READ MORE...
'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks
Half a dozen vulnerabilities in the JavaScript ecosystem's leading package managers - including NPM, PNPM, VLT, and Bun - could be exploited to bypass supply chain attack protections, according to security firm Koi. Collectively referred to as PackageGate, the security defects could lead to the execution of malicious code hidden within attacker-controlled dependencies. Following high-profile NPM supply chain attacks, organizations and developers alike broadly adopted two defense mechanisms. READ MORE...
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. The security flaw (CVE-2026-24061) already has a proof-of-concept exploit, impacts GNU InetUtils versions 1.9.3 (released in 2015) through 2.7, and was patched in version 2.8 (released on January 20). READ MORE...
How to get Doom running on a pair of earbuds
Over the years, hackers and modders at large have made it their mission to port classic first-person shooter Doom to practically anything with a display. Recently, though, coder Arin Sarkisan has taken the "Can it Run Doom?" idea in an unlikely direction: wireless earbuds that aren't designed to output graphics at all. To be clear, this hack doesn't apply to any generic set of earbuds. The "Doombuds" project is designed specifically for the PineBuds Pro, which feature open-source firmware. READ MORE...
- ...in 1888, the National Geographic Society is founded.
- ...in 1959, former Cincinnati Bengals wide receiver and TV sports commentator Cris Collinsworth is born in Dayton, OH.
- ...in 1969, stand-up comedian and actor Patton Oswalt ("Ratatouille", "A.P. Bio") is born in Portsmouth, VA.
- ...in 1973, the Paris Peace Accords are signed, officially ending US involvement in Vietnam.
