Latest Internet & Cybersecurity News
NCSC Warns UK Organisations of DoS Threats from Russian Hacktivists
The UK's NCSC issued an alert about ongoing denial-of-service attacks by Russian state-aligned hacktivist groups targeting organisations for disruption, not financial gain. Director Jonathon Ellison urged reviewing defences and preparing response plans.
Focus is on overwhelming networks and online services.
Critical Vulnerabilities Exposed in Chainlit AI Framework
Security researchers uncovered two critical flaws in Chainlit, an open-source AI app framework, posing risks to AI-adopting organisations. This coincides with Project DarkSide initiative targeting AI development weaknesses.
Organisations accelerating AI use face serious exposure.
Zendesk Support Systems Abused for Global Spam Wave
Attackers exploited unsecured Zendesk systems to generate mass spam via fake support tickets and automated replies, affecting Discord, Dropbox, NordVPN, and others. Campaign started January 18 with chaotic, alarming subjects using Unicode text.
No malicious links found, but highlights verification gaps.
Fortinet Patch Bypass Actively Exploited
Attackers are targeting a Fortinet patch bypass vulnerability under active exploitation. Organisations urged to apply updates immediately.
Details limited but part of weekly cyber roundup.
Fortune 500 Firms Exposed by Misconfigured Test Apps
Pentera found 1,926 vulnerable test apps on AWS, Azure, GCP linked to Fortune 500 like Cloudflare, F5, Palo Alto with permissive IAM roles. Issues remediated post-discovery.
Highlights risks of default credentials in cloud environments.
RansomHouse Hits Luxshare, Exposes iPhone Data
Ransomware group RansomHouse attacked Luxshare Precision, Apple's iPhone/iPad assembler, on December 15, 2025, using double extortion. Proprietary data exfiltrated; no customer credentials compromised.
Attack announced January 8, 2026.
BreachForums Cybercrime Forum Data Leaked
Hacker 'James' leaked 323,988 member records from BreachForums, including usernames, emails, IPs, and real names of admins and Shiny Hunters. Breach occurred January 9, 2026.
Forum known for cybercriminal activities.
Microsoft Disrupts RedVDS Cybercrime Marketplace
Microsoft took down RedVDS, linked to $40M US fraud since March 2025, hosting phishing tools, mailers, VPNs, and attack services like BEC. Announcement on January 14, 2026.
Platform offered cybercrime-as-a-service.
Cisco Patches Critical CVE-2026-20045 Zero-Day
Cisco fixed a critical code injection flaw from improper HTTP input validation on January 21, 2026. Vulnerability allows unauthenticated remote attackers.
Immediate patching recommended.
Qilin Ransomware Compromises Neo Group in Singapore
Qilin ransomware hit Neo Group, a top events caterer with global trading, exposing confidential data observed on underground forums. Operates in catering, manufacturing, retail across 30+ countries.
Sensitive organisational info leaked.
Global Cybersecurity Spending to Hit $240 Billion in 2026
Gartner forecasts $240B in info security spending, up 12.5% from 2025, driven by AI threats and regulations. Shift to AI-resilience, securing unstructured data.
Includes $121.1B software, $92.8B services.
CISA and FBI Release OT Cyber Risk Guidance
CISA and FBI issued new guidance on January 15, 2026, addressing cyber risks in operational technology environments. Targets critical infrastructure.
Emphasises enhanced protections.