January 31, 2026

Hello all,

With most of the nation now firmly embraced in Winter’s ferocious icy grip, including longtime bastion of warmth, Florida, now engulfed in frigid air, it is a good time to find a toasty place to sit back and read the latest tech news headlines while sipping your favorite beverage. So onward!

Headline NEWS:

• Google Pixel January update was supposed to fix multiple vulnerabilities, not break Wi-Fi and Bluetooth. But, alas, a large number of Pixel users are reporting issues after applying the update. Google has acknowledged the problems, but so far, no fix has been released. If you haven’t applied the update yet, you might want to wait until the fix is available.
• Ivanti (insert shudder here) has released updates to patch two EndPoint Mobile Manager (EPMM) security defects that are under active exploitation already. A disturbing report from watchTowr CEO Benjamin Harris indicates that even if you apply the patches, as long as your EPMM is accessible via the internet, you’re not safe. Ivanti has announced that they plan to release an updated version that should fix the defects. In the meantime, you should apply the available patches as soon as possible and check for signs of compromise.
• NetSupport Manager has two actively exploited zero-day vulnerabilities that, when chained together, enable Remote Code Execution (RCE). This is particularly bad, because no authentication is required. The patch for this defect has been available since July 2025. If you’re running a version below 14.12.0000, update immediately.
• Palo Alto Networks has made available patches for their firewalls after finding a new Denial of Service (DoS) defect. This affects PAN-OS NGFW (Next Generation Firewall) and GlobalProtect remote access gateways. Proof of Concept (PoC) code already exists for this vulnerability, although there is no indication that active exploitation has begun – yet.
• SolarWinds (insert shudder again) has revealed several critical Web Help Desk Remote Code Execution (RCE) defects along with authentication bypasses. If that wasn’t enough, researchers found yet another defect, this one involving hard-coded credentials that could enable a low-privilege user to elevate to administrative access. Patches are available and clients are urged to apply them as soon as possible due to the critical nature of these types of remote access products, and the desirability of them to threat actors.
• Microsoft had been routing traffic sent to “example.com” to a company in Japan for some reason. The official function of this domain is for testing purposes and according to RFC2606 it is to be non-routable. This bizarre error may have resulted in untold numbers of “test” credentials being sent to Sumitomo Electric in Japan. Hopefully, the receiving company, if they were even aware they were getting the information sent to them, was kind enough to drop it in the bit-bucket.

In Ransomware, Malware, and Vulnerabilities News:

• China showed up a few times this week in our news. The mention that stood our was China executing 11 people that were associated with Myanmar cyber scams, fraud, and pig-butchering schemes. Unlike many countries, the 11 that were convicted of “intentional homicide, intentional injury, unlawful detention, fraud and casino establishment”, experienced swift justice, paying the ultimate price for their criminal activity shortly after sentencing.

In Other News Events of Note and Interest:

• AI everywhere. This looks to be the year of ubiquitous AI. Every day there are new news articles of AI and AI agents being integrated into yet another product or area. Helpful agents released to labor alongside and on behalf of employees, vibe coding, infostealers exploiting AI misconfigurations, AI finding and exploiting vulnerabilities, human error leading to AI ingesting classified information, and how to empathetically deal with both AI and human employees are among the topics listed in this week’s news. Yep, AI everywhere.

Musings

This coming Monday, February 2nd, is Groundhog Day. It is when that Pennsylvanian rodent, Punxsutawney Phil, is expected to predict whether we’ll have an additional six weeks of winter. Legions of people will gather around to gape at his every move in hushed anticipation. I find his predictions to be similarly accurate to prognosticators of AI’s increasing capabilities, eventual sentience, and world domination. Legions worldwide are hanging on every development and news tidbit in trepidatious anticipation. Will it happen in six weeks, six months, six years, six decades, ever? Nobody really knows. But what I do know is that it is cold outside. So, bundle up and…

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Google’s January Pixel update breaks Wi-Fi and Bluetooth
• Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
• NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution
• Palo Alto Networks patches firewalls after discovery of a new denial-of-service flaw
• SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
• Why has Microsoft been routing example.com traffic to a company in Japan?

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• FBI seizes RAMP cybercrime forum used by ransomware gangs
• Former Google engineer found guilty of espionage and theft of AI tech
• Pentagon leaders expect Cybercom 2.0 to help thwart Chinese actors ‘living off the land’
• Preparing for looming national cyber security threats in 2026 and beyond
• US cyber defense chief accidentally uploaded secret government info to ChatGPT
• No Place Like Home Network: Disrupting the World’s Largest Residential Proxy Network
• China executes 11 people linked to Myanmar scam operation
• US Sentences Chinese National for Role in $36.9 Million Crypto Scam
• Vulnerabilities and Exploits
• Vulnerability exploits now dominate intrusions
• Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
• Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
• FortiGate Firewalls Hacked in Automated Attacks to Steal Configurations Data
• Chrome Security Update Patches Background Fetch API Vulnerability
• Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
• Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation
• OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
• Automotive systems get pwned at Pwn2Own Automotive 2026
• Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
• Microsoft patches actively exploited Office zero-day vulnerability
• AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
• The federal government ignored a cybersecurity warning for 13 years. Now hackers are exploiting the gap
• Critical sandbox escape flaw found in popular vm2 NodeJS library
• Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
• Organizations Warned of Exploited Linux Vulnerabilities
• Synology DSM 7.3.2, Chaining three issues to gain root from a low privileged user
• New sandbox escape flaw exposes n8n instances to RCE attacks
• Google Warns of WinRAR Vulnerability Exploited to Gain Control Over Windows System
• Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
• TP-Link Archer Vulnerability Let Attackers Take Control Over the Router
• Cloudflare misconfiguration behind recent BGP route leak
• SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
• Cybersecurity experts warn of rising ghost tapping scam targeting credit cards, digital wallets
• Hackers target cargo theft through shipping platform vulnerabilities
• Phishing, Malware, and similar
• Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
• Malicious Chrome extensions steal login data from business users worldwide
• Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
• Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
• ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
• China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
• Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
• Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
• Hackers Exploit Teams’ Functionality to Steal Credentials Mimicking Microsoft Services
• There’s a rash of scam spam coming from a real Microsoft address
• Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces
• Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence
• 4 Tbps DDoS Attack Via Aisuru Botnet Breaks Internet With New World Record
• Breaches, Leaks, and Ransomware
• Chinese hackers breached phones at ‘heart of Downing Street,’ reports say
• Vibe-Coded ‘Sicarii’ Ransomware Can’t Be Decrypted
• Initial access hackers switch to Tsundere Bot for ransomware attacks
• Nike says it is investigating possible data breach
• Canva among ~100 ShinyHunters credential-theft targets
• Nova Ransomware Allegedly Claiming Breach of KPMG Netherlands
• Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
• Grubhub data breach confirmed amid extortion demands from hackers
• ShinyHunters claims Panera Bread in alleged data theft
• 149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online
• Database Containing 149M Stolen Passwords From Gmail, Instagram, More Exposes Malware’s Reach
• eScan confirms update server breached to push malicious update
• Infostealers added Clawdbot to their target lists before most security teams knew it was running
• Under Armour investigates data breach claims affecting 72 million
• Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
• Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach 

Other News Events of Note and Interest

• Cool Tool: Toyota Designs a Robot Chair That Can Help You up the Stairs
• Apple patches ancient iOS versions to keep iMessage, FaceTime, other services working
• Apple C-series modem enables new privacy-focused feature
• Android desktop interface leaks: Status bar, Chrome Extensions
• WhatsApp unveils high-security mode, latest tech firm to offer users stronger protection
• Meta to test premium subscription plans for Instagram, Facebook and WhatsApp
• Moore’s law: the famous rule of computing has reached the end of the road, so what comes next?
• GitHub – elbraino/awesome-blackhat-arsenal: Curated collection of cybersecurity tools featured in Black Hat Arsenal events
• France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns
• MITRE Releases New Cybersecurity Framework to Protect the Embedded Systems
• Let’s Encrypt is moving to 45-day certificates before everyone else
• This tiny cylinder on HDMI cables actually serves a purpose
• Oracle Says Data Center Outage Caused Issues Faced By US TikTok Users
• NVIDIA releases new graphics driver for old Pascal and Maxwell graphics cards
• AI, LLM’s, and Skynet
• 10 ways AI can inflict unprecedented damage in 2026
• NIST’s AI guidance pushes cybersecurity boundaries
• The Dual-Use Dilemma of AI: Malicious LLMs
• AI Expertise + Emotional Intelligence = The New Leadership Equation
• On the Coming Industrialization of Exploit Generation with LLMs
• ChatGPT Temporary chat feature is getting a much-needed upgrade
• Maia 200: The AI accelerator built for inference – The Official Microsoft Blog
• ChatGPT data loss incident explained
• Agent Mode in Excel is now generally available on desktop
• Users flock to open source Moltbot for always-on AI, despite major risks
• Viral Moltbot AI assistant raises concerns over data security
• Yahoo is adding generative AI to its search engine
• Artificial Intelligence Reveals Fingerprints Aren’t Truly Unique, Debunking 100 Years of Forensic Science
• Google begins rolling out Chrome’s “Auto Browse” AI agent today
• AI Anime Generator – Create Anime Art, Comics & Animations
• Microsoft
• Microsoft’s horrendous Patch Tuesday update exposes the weak QA process for Windows
• Microsoft confirms boot issues with its latest Windows 11 update
• Microsoft fixes Outlook bug blocking access to encrypted emails
• Microsoft says latest Windows 11 issue crashes explorer.exe, makes taskbar disappear, but a fix is rolling out
• Trust DigiCert Global Root G2 Certificate Authority to Avoid Exchange Online Email Disruption
• Microsoft delays Exchange Online feature deprecation after feedback from IT admins
• Microsoft has a new tool for IT admins to investigate security breaches
• Advancing Windows security: Disabling NTLM by default
• Microsoft fixes several PowerToys issues following the big update
• This handy PowerToys tool for Windows 10 and 11 may be getting a very useful new feature
• How to encrypt your PC’s disk without giving the keys to Microsoft
• Windows 11 24H2 and 25H2 get big new updates with new features and fixes in KB5074105
• Windows 11 version 26H2: Everything we know so far about Microsoft’s next OS update coming this fall
• Microsoft confirms wider release of Windows 11’s revamped Start menu, explains why it “redesigned” the Start again