Jan 15, 2026

Email 1:

Subject: Risky Bulletin: Voice cloning defenses still weak, can be bypassed

Summary:

– Modern security systems designed to protect user voices from being cloned by AI are still weak and can be bypassed.

– These systems work by injecting random noise in voice recordings to prevent AI cloning.

– Researchers at University of Texas created VocalBridge, a tool that “purifies” noise-injected tracks and restores original voices.

– VocalBridge bypassed five voice perturbation tools with a 23%-45% Authentication Restoration Rate.

– Voice print authentication, used by banks and telcos, is vulnerable to spoofing.

– Voice print authentication has been demoted to a second-factor in some places, but still used as the sole factor in some phone support channels.

– Bypassing voice prints even at low success rates remains highly attractive to attackers.

– Additional news includes breaches at Target and JPMorgan Chase, ransomware attacks, FBI and police arrests, and new malware and security tools.

– January 2026 Patch Tuesday included fixes for many vendors, including Microsoft.

– Risky Business podcast covers hacking history and cybersecurity discussions.

Email 2:

Subject: China orders domestic companies to stop using US cybersecurity software

Summary:

– Chinese authorities told domestic companies to stop using cybersecurity software from about a dozen US and Israeli firms for national security.

– US firms affected include VMware, Palo Alto Networks, Fortinet; Israeli firms include Check Point.

– Concerns that such software may collect and transmit confidential information abroad.

– Political context: trade tensions and tech rivalry between China and US; replacement of Western technology with domestic alternatives.

– White House renominates Sean Plankey to lead CISA; his confirmation faces Senate delays.

– Large data breach of ~4,500 DHS employees including ICE and Border Patrol agents by whistleblower.

– A man in Tennessee to plead guilty for hacking the US Supreme Court’s electronic filing system.

– Microsoft released Patch Tuesday fixes for 114 vulnerabilities including actively exploited zero-day CVE-2026-20805.

– Belgian hospital AZ Monica forced to cancel procedures due to cyberattack.

– Russian Laundry Bear group launched malware campaigns targeting Ukrainian Defense Forces.

– UN calls for tougher stance on North Korea’s cyber and crypto-funding efforts.

– Chainalysis reports $14B in crypto scams and fraud in 2025, driven by impersonation and AI-enabled scams.

– Python Software Foundation received $1.5M from AI firm Anthropic for security improvements.

– Check Point reports cloud-focused Linux malware VoildLink developed by Chinese-speaking actors.

– US Senate passed Defiance Act to allow lawsuits for nonconsensual explicit AI-generated images.

– Growing debate in US about expanding offensive cyber operations.

– Flock surveillance data leak exposed millions of license plates and police investigations.

– CrowdStrike to acquire Seraphic Security for $420M, enhancing browser security.

– Women’s groups call for removal of Grok AI and X platform from app stores.

– US government expanding surveillance through contracts with private firms.

Email 3:

Subject: Microsoft patches three zero-days | The CyberWire 1.14.26s

Summary:

– Microsoft’s January Patch Tuesday fixes 114 vulnerabilities, including 3 zero-days.

– One zero-day actively exploited (CVE-2026-20805) affecting Desktop Windows Manager; two others publicly disclosed.

– Adobe fixed 25 vulnerabilities including critical flaw in Apache Tika within ColdFusion.

– Fortinet patched six vulnerabilities, including critical command injection in FortiFone and FortiSIEM.

– Chinese authorities ordered domestic entities to cease using cybersecurity software from US and Israeli firms like VMware, Palo Alto Networks, Fortinet, and Check Point due to espionage concerns.

– Spanish police arrested 34 alleged members of the Black Axe gang, suspected of cyber fraud and other crimes.

Email 4:

Subject: Robo-Advisor Betterment Discloses Data Breach

Summary:

– Robo-advisor Betterment revealed a data breach affecting customers.

– Fortinet patched critical vulnerabilities in FortiFone and FortiSIEM products.

– Other recent cybersecurity events: Aikido Security raised $60 million funding, CrowdStrike acquisition dismissed lawsuit, Microsoft and law enforcement disrupted cybercrime services.

– Emerging trends include increased AI security platforms funding, crypto-related botnets, and patches for Chrome and Firefox browsers.

– Additional coverage of cybersecurity risks, regulatory developments, and industry funding.

– SecurityWeek editorial includes expert insights on AI security governance, cybersecurity risk trends emphasizing resilience.

– Past major patch releases address critical flaws in Microsoft Windows, Adobe products, SAP software, and others.

– Highlighted topics: crypto fraud risks overtaking ransomware, and EU regulatory actions on Google acquisition.

Stay Well!