By summy 0 Comment

CyberSecurity Knuggets

Cybersecurity Knuggets

Jan 31, 2026

Subject: Risky Bulletin: eScan Antivirus Distributes Backdoor in Latest Supply Chain Attacks

From: risky-biz@ghost.ioD

Summary:

– Cybersecurity firm MicroWorld Technologies, maker of eScan antivirus, suffered a breach of its software update infrastructure on January 20, allowing malware delivery to customer systems during a brief one-hour window.

– The attack installed a backdoor hidden in Reload.exe, disabling eScan updates and establishing persistent access. It connected to a command-and-control server and downloaded additional malware.

– The affected eScan regional update server has been taken offline and remediated. No attribution yet for the attack.

– This follows a prior 2024 incident where North Korean state-sponsored group Kimsuky abused eScan’s update mechanism to deploy backdoors and cryptominers.

– Additional news includes: Google takedown of the IPIDEA botnet, issues with GDPR fines collection, and a destructive wiper attack on 30 locations of Poland’s energy infrastructure.

Subject: Hacker Newsletter #780s

From: kale@hackernewsletter.comD

Summary:

– Weekly Hacker Newsletter #780 highlights top articles and projects from Hacker News community.

– Featured topics include tools and platforms such as Airtable, Airfoil, Project Genie, OpenClaw (an open source AI assistant), and Moltbook.

– Discussions on topics like browser sandboxing, technoculture, mental models, and engineering challenges appeared.

– News on layoffs at Amazon and Vimeo, TikTok settling a social media addiction trial, and other startup and technology trends were mentioned.

– Various technical resources such as PostgreSQL indexing, software engineering trends, programming languages, and open questions about speech-to-speech setups and Gmail spam issues were included.

Subject: US ODNI Drops Her Remit to Investigate 2020 Election Fraud Claims

From: info@metacurity.comD

Summary:

– Tulsi Gabbard, as Director of National Intelligence (DNI), investigated claims of 2020 election fraud, including analysis of voting machines, swing state data, and foreign interference allegations, briefing Trump and key officials.

– This investigation raised controversy as cybersecurity experts and officials maintain no evidence of widespread fraud was found.

– US law enforcement probes allegations that Meta employees could access WhatsApp messages despite end-to-end encryption claims, based on whistleblower reports and contractor interviews. Meta denies these claims as impossible.

– Popular AI app “Chat & Ask AI” exposed hundreds of millions of private user chats due to misconfigured Google Firebase backend. Data included sensitive messages and configuration history. The issue was fixed promptly upon disclosure.

– Empire Market co-founder Raheim Hamilton pleaded guilty for facilitating $430 million in illegal dark web transactions.

– US authorities seized over $400 million linked to Helix, a darknet crypto mixing service used in laundering criminal proceeds.

– UK charity Molly Rose Foundation issued a warning about The Com hacking community targeting vulnerable children online for abuse.

– The Pentagon and AI developer Anthropic clash over safeguards to prevent autonomous weapon targeting and domestic surveillance use of AI technology.

– Cloudflare revealed a record 31.4 Tbps DDoS attack launched by the Aisuru/Kimwolf botnet, primarily targeting telecom companies.

– Apple introduced a new “Limit Precise Location” privacy feature for iPhones and iPads that restricts location data shared with mobile carriers without affecting apps or emergency services.

– Poland’s CERT detailed destructive Russian cyberattacks on energy sector critical infrastructure with wiper malware; impact included 30 locations during harsh winter conditions.

– Google’s Threat Analysis Group terminated over 18,500 YouTube channels linked to coordinated influence operations in Q3 2025, mostly from Russia and China.

– Legal settlement paid to Iowa pentesting contractors arrested during courthouse security testing has raised concerns about future security testing permissions.

– Bitdefender uncovered a large Android RAT campaign distributing malware via Hugging Face infrastructure, employing device accessibility services and server-side polymorphism to avoid detection.

– Coupang CEO questioned by Korean police over alleged evidence obstruction during investigation into a massive 33.7 million customer account data breach.

– Seoul bike-share service Ttareungyi personal data on approximately 4.5 million members likely leaked during 2024; investigation ongoing.

– Marquis Software Solutions attributes a major ransomware attack to a breach of SonicWall’s customer portal leaking firewall configurations.

– Identity Theft Resource Center reports 80% of individuals have received data breach notices in prior year, with many suffering secondary harms like phishing and abuse.

– New Britain, Connecticut faces ongoing cyberattack impacting city systems; response protocols active.

– OpenSSL patched 12 vulnerabilities including a critical remote code execution stack buffer overflow (CVE-2025-15467) discovered by autonomous AI analysis tools.

– FBI launched Operation Winter SHIELD, a 10-week campaign to promote better cybersecurity practices across IT and OT environments as part of US National Cyber Strategy.

– NYC-based Outtake raised $40 million in Series B funding for AI-driven digital impersonation protection platform.

– Observations on the rising online tracking and targeting of ICE agents by cybercriminals and activists.

Subject: Popular AI App Exposes Millions of Users’ Chat Messages | The CyberWire 1.30.26

From: editor@newsletter.n2k.comD

Summary:

– Chat & Ask AI, a popular AI chatbot app with 50+ million users, exposed hundreds of millions of private chat messages due to misconfigured Google Firebase backend allowing easy unauthenticated access.

– Independent researcher obtained access to 300 million messages from over 25 million users, including sensitive queries about suicide, drug making, and hacking.

– The issue was fixed within hours following responsible disclosure; no comment yet from the developer, Codeway.

– White House rescinded two Biden-era software security memoranda citing them as burdensome and compliance-focused at the expense of genuine security investment; new guidance shifts accountability to agency heads for tailored policies.

– Ivanti patched two critical zero-days in Endpoint Manager Mobile (EPMM) allowing unauthenticated remote code execution, urging affected customers to update without downtime.

Subject: Ivanti Patches Exploited EPMM Zero-Days

From: news@securityweek.comD

Summary:

– Ivanti released security updates to fix two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Endpoint Manager Mobile that allow unauthenticated remote code execution via code injection flaws.

– Customers advised to apply version-specific patches (RPM 12.x.0.x or RPM 12.x.1.x) with no downtime and no expected impact on functionality.

– Additional headlines include: exposure of 175,000 Ollama hosts enabling potential LLM abuse; the White House rescinding software security rules; use of Hugging Face to deploy Android RATs; a Russia-linked cyber intrusion bricking ICS devices in Polish power grid; and insights about AI’s role in cyber defense, identity security, and the exploitation of WinRAR vulnerabilities by cybercriminals.

Stay Well!

summy
summy