Jan 22, 2026

Email 1:

Subject: Risky Bulletin: Domain resurrection attacks come to Canonical’s Snap Store

Sender: risky-biz@ghost.io

Summary: Threat actors have been exploiting expired domains to hijack developer accounts at the Canonical Snap Store, leading to the distribution of malware aimed particularly at cryptocurrency users. This method, called domain resurrection, undermines trust signals such as publisher longevity and has affected other package repositories like GitHub, PyPI, and npm. Security experts advocate for additional verification measures, monitoring of domain expiry, and mandatory two-factor authentication for dormant accounts. The bulletin also covered other security incidents, including ransomware attacks and state-sponsored hacks, and highlighted emerging malware and APT campaigns.

Email 2:

Subject: DOGE workers shared SSN data with outsiders, derailed DISA operations

Sender: info@metacurity.com

Summary: Reports reveal that two members of the DOGE team, formerly part of a federal government entity, improperly handled Social Security data and were involved with a political advocacy group. This misconduct raised serious security violations, including the sharing of sensitive data on unauthorized servers. Additionally, DOGE’s staffing and operational decisions significantly disrupted the Defense Information Systems Agency’s capabilities. The newsletter includes updates on fraud reporting services in the UK, cybersecurity inquiries in New Zealand, AI-related challenges in open-source projects, critical vulnerabilities in WordPress plugins, Cloudflare patches, and emerging AI-assisted malware development. It also discusses policymaking on cybersecurity funding and AI agent security risks.

Email 3:

Subject: Webinar: Securing AI Agents in Multi-Cloud Environments

Sender: news@securityweek.com

Summary: An upcoming live webinar covering strategies to secure AI agents deployed across multiple cloud platforms—AWS, Azure, and GCP. The session will address managing agent identities, risk profiles regarding customer-controlled versus vendor-managed models, and how to unify logs and permissions into a cohesive enterprise security framework. Additional webinars on ransomware resilience, OT SOC design, supply chain security, and identity attacks were also announced.

Email 4:

Subject: VoidLink malware was likely AI-generated | The CyberWire 1.21.26

Sender: editor@newsletter.n2k.com

Summary: Researchers at Check Point disclosed that the newly identified Linux malware family “VoidLink” appears to have been predominantly developed using AI-assisted coding tools by a single developer. The malware demonstrates advanced capabilities typically not associated with AI-generated threats to date, highlighting an evolution in threat actor sophistication. The briefing also covered GitLab’s patching of a 2FA bypass vulnerability, a large-scale data breach notification in Minnesota affecting personal data, plus sponsored conference announcements by RSA.

Email 5:

Subject: Oracle Ships 337 Security Patches in First 2026 CPUs

Sender: news@securityweek.com

Summary: Oracle released a significant batch of 337 security patches for its first CPUs of 2026, addressing various cybersecurity vulnerabilities. The newsletter highlighted threats such as backup-themed phishing campaigns targeting LastPass users, new security frameworks and reports on API security, publicized Atlhantic North Korean macOS developer-targeted malware through malicious VS Code projects, and developments in Zero Trust with AI. It also included thought leadership pieces on identity security, priority setting for 2026 cybersecurity, and agentic AI security strategies, alongside notifications of recent cyber incidents and vendor security updates.

These summaries provide an at-a-glance understanding of the most critical cybersecurity developments communicated in the selected emails.

Stay Well!