Jan 30, 2026

Subject: Srsly Risky Biz: Punish the Wicked, Reward the Righteouss

Sender: risky-biz@ghost.ioD

Chat Link: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MjAyNjAxMjkwMjE2NDAuZTIzNzNkOGM3NjMzZDg4NkBtLmdob3N0LmlvfHxja3NtK2N5YmVyc2VjdXJpdHlAc3VtbXltb25rZXkubWU=39bd8ea2c584e3cae6a7d662b6dd7318c

Your weekly Seriously Risky Business newsletter by Tom Uren and edited by Amberleigh Jack, sponsored by Push Security. This edition discusses the Pall Mall Process, an international effort to set opt-in industry standards to regulate abusive commercial spyware. Despite industry involvement, real success depends on strong government action, as voluntary standards tend to be slow and ineffective.

The US government effectively shaped the spyware market through punitive actions such as blacklisting and sanctions, alongside rewarding companies demonstrating good behavior, exemplified by Paragon Solutions. Paragon sought approval to sell spyware only to allied countries but ended ties quickly when misuse occurred in Italy. Paragon subsequently secured a lucrative US government contract and acquisition. The newsletter suggests governments establish allow-lists of acceptable customer countries and impose harsher penalties on abusive vendors, combining punishment and reward to influence the spyware ecosystem.

Additionally, the newsletter covers telco security regulations, highlighting how high-value targets benefit from locked-down phones and encrypted messaging while broader regulations enhance overall network resilience against rare but high-impact cyberattacks like those from China’s Volt Typhoon. The USA’s less prescriptive approach lacks ongoing oversight compared to the UK’s detailed regulatory code, which provides verifiable risk reduction and can adapt over time. The US approach relies on reactive voluntary measures, which fall short in giving regulators sustained visibility or enforceable incentive mechanisms.

Other highlights include:

– Zeppelin ransomware leader’s guilty plea

– WhatsApp’s new Strict Account Settings for enhanced security

– UK’s new National Police Service for serious cybercrime tackling

Sponsored Interview: Push Security discusses ConsentFix, an advanced email-based social engineering attack.

Shorts:

– UK PM Keir Starmer uses a “burner plane” to avoid espionage risks in China trip

– Germany’s Interior Minister signals more offensive cyber actions akin to U.S. Cyber Command

Risky Bulletin: Cyberattacks on Russian cars, EU anti-spyware parliamentary group created with limited power, and ongoing exploitation of a Fortinet firewall vulnerability.

Listen to or watch Risky Biz Talks for fuller discussions.

Risky.Biz © 2026.

Subject: The FBI seized the notorious RAMP cybercrime forums

Sender: info@metacurity.comD

Chat Link: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MjAyNjAxMjkxNTE2MzEuMTYwNzY1MjcwOWRlNmZiY0BnaG9zdC5tZXRhY3VyaXR5LmNvbXx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1lc46042b4c182def60a9648a31ae83114c

This extensive Metacurity newsletter by Cynthia B Brumfield details major cybersecurity incidents:

• FBI seized RAMP forum, a key ransomware marketplace, replacing its domain and Tor sites with seizure notices. This operation was in coordination with U.S. Southern District of Florida and DOJ Cyber Crime section. User data is likely compromised, putting careless cybercriminals at risk of identification and arrest.

• Google used court orders to take down domains of Ipidea, a residential proxy network abused by criminals and nation-states to anonymize malicious traffic across millions of devices. Google removed hundreds of affiliated apps, disrupting Ipidea’s network significantly. Ipidea has mixed legitimate and illicit uses and has marketed in hacker forums. Government and researchers label residential proxies a major national security concern.

• China executed 11 members of the “Ming family” crime syndicate tied to Myanmar scam centers responsible for large-scale fraud and violence. China’s crackdown exemplifies cooperation with regional governments on telecom fraud.

• Security warnings regarding Moltbot AI assistant: misconfigured deployments leak sensitive enterprise data; exposed admin interfaces enable unauthorized access; supply-chain attacks and malicious VSCode extensions impersonate Moltbot to deploy RATs. Safe deployment involves virtualization and network isolation.

• Major US companies including Bumble, Panera, Match, and CrunchBase suffered social engineering attacks by the ShinyHunters group via “vishing” to obtain SSO credentials. No evidence of member data compromise for Bumble reported; investigations ongoing.

• Cyberattack on Polish grid disabled communication devices (RTUs) at 30+ energy facilities without causing outages, implying opportunistic rather than targeted sabotage with potential for serious disruption if escalated.

• American military hackers disabled servers of Russian disinformation companies ahead of 2024 US election to blunt propaganda efforts in swing states.

• Amazon reported hundreds of thousands of child sexual abuse pieces found and removed from AI training data last year but did not provide detailed source info to law enforcement, hampering investigations. This contrasts with other tech firms providing more source details in reports to NCMEC.

• OpenAI reportedly developing a social network focused on real users, potentially integrating biometric proof of personhood like Apple’s Face ID or iris scans.

• Researchers observe increased use of AI by ethical hackers (82%) improving testing and reporting quality.

• Additional news on ransomware trends in healthcare, arrests related to swatting campaigns in Hungary and Romania, Canada’s forecast on ransomware threats, Google’s $135M settlement over Android data collection, SolarWinds patch releases, and emerging cybercrime campaigns monetizing exposed AI service endpoints.

Metacurity © 2026

Subject: Preparing Your APIs for Agentic AI: The Impact of MCP and A2As

Sender: news@securityweek.comD

Chat Link: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MTE0MjI5Nzc1NjYyMi4xMTAyNTkyMDEyNDU4LjE2NTM3ODkzNTIuMC4yNzExMzBKTC4yMDAyQHN5bmQuY2NzZW5kLmNvbXx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1l38c65f7ce3563c1e2cd534287de24f2fc

SecurityWeek resource: Gartner report explains how new agent communication protocols like MCP and A2A will shift API consumption dramatically by 2028, with AI agents as primary API consumers rather than humans. This increases overall API utilization and the need for secure, well-documented, and manageable APIs.

The report offers:

– Explanation why MCP and A2A adoption boosts API demand.

– Recommendations to create effective agentic API experiences including streamlined access and precise documentation.

– Security best practices critical for agent APIs such as rate-limiting and access controls.

Download available.

SecurityWeek © 2026.

Subject: Google disrupts major residential proxy network | The CyberWire 1.29.26s

Sender: editor@newsletter.n2k.comD

Chat Link: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MTc2OTcwNTg2NDc4NS4zZjE1NDM5NS0zZWQyLTQxOWMtOTBkOC0zOWMxNzlhMWM1MWNAYmYwMy5odWJzcG90ZW1haWwubmV0fHxja3NtK2N5YmVyc2VjdXJpdHlAc3VtbXltb25rZXkubWU=92305beb45684c994b9d580e7ba6cd2cc

N2K CyberWire daily newsletter summarizes:

• Google and partners disrupted the Ipidea residential proxy network, which criminal and nation-state actors used to route malicious traffic through legitimate ISPs’ IPs. Google seized relevant domains and shared SDK intelligence with various entities to degrade operations, reducing millions of devices available. The disruption may affect affiliated proxy services due to shared device pools.

• RAMP cybercrime forum’s websites replaced with FBI seizure notices. Although no public DOJ announcement yet, the seizure claims should be viewed cautiously due to prior false shutdown claims by criminal groups.

• North Korea’s LABYRINTH CHOLLIMA threat actor has split into three groups, with GOLDEN CHOLLIMA and PRESSURE CHOLLIMA focusing on cryptocurrency thefts while LABYRINTH continues espionage targeting industrial sectors. The groups share tools and infrastructure but operate independently.

Additional notes include upcoming RSAC 2026 event information, new malware campaigns, vulnerabilities, shadow AI workforce risks, law enforcement actions, and notable cybersecurity news headlines.

N2K Networks © 2025.

Subject: Google Disrupts IPIDEA Proxy Networks

Sender: news@securityweek.comD

Chat Link: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MTE0MjI5NzkzOTIwNi4xMTAyNTkyMDEyNDU4LjE2NTM3ODkzNTIuMC42NDE1MDNKTC4yMDAyQHN5bmQuY2NzZW5kLmNvbXx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1le126c7a34277ad4f96398296bd0200f8c

SecurityWeek headlines:

• Google disrupts IPIDEA proxy network — a large residential proxy service used by criminals and nation-state groups. Legal actions seized domains; intelligence sharing with industry aims to degrade proxy availability by millions of devices, disrupting criminal operations.

• LLM hijacking and monetization attacks (‘Operation Bizarre Bazaar’) on AI infrastructures growing.

• Vulnerabilities identified in the n8n workflow automation tool may enable remote code execution.

• SolarWinds released critical patches fixing authentication bypass and remote code execution flaws in Web Help Desk software, including issues exploitable by unauthenticated attackers.

• PwC and Google Cloud ink $400 million deal to scale AI-powered cyber defense.

• WhatsApp enhances account security for vulnerable users.

• Cybersecurity thought leadership articles emphasize moving beyond multifactor authentication and caution against relying solely on AI automation for cyber defense.

• Additional news on newly emerged cybersecurity startups, notable personnel moves, and upcoming SecurityWeek 2026 virtual events.

SecurityWeek © 2026.

Stay Well!