CyberSecurity Knuggets
Jan 29, 2026
Here are the three emails synthesized from the provided text:
Email 1
Subject: The interim head of CISA uploaded sensitive documents to ChatGPT
Sender: info@metacurity.com
Summary:
– Madhu Gottumukkala, interim head of CISA, uploaded sensitive but unclassified contracting documents marked “for official use only” into a public version of ChatGPT last summer.
– Automated government sensors flagged these uploads multiple times in August 2025, leading to an internal DHS review to assess potential harm.
– Meanwhile, South Korea is enhancing data breach notifications, alerting individuals of possible data leaks with compensation information under new cybersecurity reforms.
– Russian security provider Delta suffered a coordinated cyberattack from a hostile state, causing service disruption including critical failures in vehicle alarm systems.
– EU and India finalized a new security and cyber dialogue partnership, however, disagreements linger over India’s hackers-for-hire ecosystem.
– Google Threat Intelligence Group reports ongoing exploitation of a WinRAR vulnerability (CVE-2025-8088) by state-sponsored and criminal actors.
– Kaspersky revealed updates in Mustang Panda’s CoolClient backdoor, enhancing browser credential theft and clipboard monitoring capabilities, targeting several governments in Asia and Russia.
– WhatsApp introduced a “Strict Account Settings” mode offering advanced protections, blocking media from unknown senders and disabling link previews to safeguard high-risk users.
– Google expanded Android theft-prevention features with stronger authentication controls and Identity Check biometrics for higher security on Android 16+ devices.
– Sanxenxo City Council in Spain is under a ransomware cyberattack locking thousands of documents; officials refuse to pay the $5,000 ransom.
– Israeli cybersecurity company Memcyco raised $37 million, and Rein Security raised $8 million in venture rounds.
– France plans to replace US video conferencing tools with a local French platform called Visio to enhance national cybersecurity.
Email 2
Subject: Cyberattack on Poland’s energy infrastructure compromised around thirty facilities | The CyberWire 1.28.26s
Sender: editor@newsletter.n2k.com
Summary:
– A December 29, 2025 cyberattack targeted Poland’s distributed energy resources (DERs), breaching around thirty facilities including small wind, solar, and combined heat and power plants.
– The attack did not cause outages but disabled critical operational technology equipment irreparably, raising alarming concerns for countries expanding DER use.
– Dragos attributes the attack to ELECTRUM, linked to Russian threat actor Sandworm (GRU).
– Google Threat Intelligence Group warns that threat actors from Russia and China as well as financially motivated groups continue exploiting the patched but active WinRAR vulnerability (CVE-2025-8088) to drop and maintain malware persistence.
– SoundCloud disclosed a breach affecting ~29.8 million user accounts (~20% of users), involving personal identifying information. The ShinyHunters criminal gang was responsible and attempted extortion before leaking data.
– Upcoming: RSAC 2026 cybersecurity conference in San Francisco, March 23-26 — a major event for industry leaders and practitioners.
Email 3
Subject: WinRAR Vulnerability Exploited by APTs, Cybercriminals
Sender: news@securityweek.com
Summary:
– Threat groups including APTs and cybercriminals are widely exploiting a critical WinRAR vulnerability (CVE-2025-8088) enabling path traversal attacks that implant malware for persistence.
– Fortinet patched a notable FortiCloud SSO authentication bypass vulnerability recently exploited by attackers.
– SecurityWeek expert opinions highlight the risks of relying solely on AI automation in cyber defense and call for integrating identity threat detection beyond MFA for better data protection.
– Other topics covered:
– WhatsApp strengthens security for high-risk users with new strict settings.
– Indurex launches solutions closing cyber-physical systems gaps.
– Mesh Security raises $12 million for its CSMA platform.
– US DOJ charges 31 defendants in a massive ATM hacking probe.
– New research and incidents including Microsoft Office zero-day patches, JavaScript ecosystem supply chain attacks, and TikTok forming a new US entity.
– Upcoming virtual events and webcasts around cybersecurity are available for deeper insights and community engagement.
Stay Well!
