If you can't see this newsletter properly, please click here |
|
|
Cybersecurity Digest – 14th Edition Date: 2-2-2026 |
|
|
January flew by, and the cyber world wasted no time heating up with major security incidents, shifting threat actor tactics, and heightened activity across the entire landscape. A lot unfolded in just one month alone, setting the tone for the year ahead. Here’s a quick look at how cybersecurity began in 2026. |
|
|
A missing layer of authentication turned stolen credentials into full-scale breaches across dozens of global organizations.
A single threat actor, known as Zestix (or Sentap), successfully compromised more than 50 organizations by exploiting stolen credentials and the absence of multi-factor authentication (MFA). Rather than using zero-day exploits, the attacker relied on infostealer malware such as RedLine, Lumma, and Vidar to harvest login data from employee devices. Once credentials were in hand, access was often as simple as logging into enterprise platforms with no secondary verification in place. In many cases, years-old passwords were enough to unlock sensitive systems.
Key takeaways from the attacks: - Infostealer malware collected saved passwords, browser data, and session tokens from infected endpoints
-
Stolen credentials were reused across corporate services with little or no rotation
- Lack of MFA allowed immediate access to cloud file-sharing and collaboration platforms
- No conditional access policies flagged suspicious logins or unfamiliar locations
The impact stretched across critical sectors, including healthcare, energy, aerospace, finance, and government infrastructure. Some organizations reportedly lost hundreds of gigabytes of sensitive operational data, raising serious regulatory and national security concerns. |
|
|
Where attacks are emerging |
Data Privacy Week 2026 is here, and good intentions alone are no longer enough to protect sensitive data. Experts explore how privacy compliance is shifting from policy to proof, the growing risks of tracking technologies, AI agents, alert fatigue, and why cyber resilience now sits at the heart of data protection. |
Calendar invites weaponized |
Security researchers at Miggo Security uncovered a prompt-injection vulnerability where malicious calendar invites could expose private meeting data through Gemini’s natural-language processing. The flaw has since been mitigated by Google, but it highlights growing semantic risks in AI-integrated tools. |
Phishing on trusted tools |
A new campaign, uncovered by ReliaQuest, leveraged LinkedIn messages, DLL sideloading, and legitimate open-source tools like Python to deliver what appears to be a RAT, blurring the line between benign and malicious activity and expanding the social media attack surface. |
|
|
Full inbox, empty threat? A global scam campaign is flooding inboxes with fake cloud storage renewal warnings, warning users that their photos, files, and backups are at risk. The emails use personalized details, fake account numbers, and urgent language to trick recipients into clicking on malicious links. Visitors are redirected to phishing pages posing as cloud portals, ultimately pushing unrelated products or harvesting payment info.
Private, but not really. A security researcher has revealed that some Instagram private profiles were unintentionally leaking photo links to anyone visiting the page. The issue exposed images and captions in HTML responses, bypassing the expected privacy controls. Meta patched the flaw quickly but later closed the case without confirming a full fix. Experts warn that even private accounts can have hidden vulnerabilities, underscoring the importance of robust server-side authorization checks.
Voices you can’t trust. Mandiant has uncovered a wave of vishing attacks targeting SaaS platforms, where threat actors impersonate IT staff to steal credentials and MFA codes. The campaigns mimic ShinyHunters-style extortion, aiming to siphon sensitive data and gain lateral access across cloud environments. Attackers have even weaponized compromised accounts to launch further phishing attacks on cryptocurrency firms. Security experts urge stronger, phishing-resistant MFA and tighter identity verification to block these sophisticated social engineering threats.
|
|
|
Building secure AI systems |
AI adoption is accelerating across enterprises, but security teams are still playing catch-up. As organisations move from experimentation to full-scale deployment, visibility into AI infrastructure is becoming a critical gap. Crystal Morin of Sysdig explains why an AI Bill of Materials (AIBOM) could be the missing layer for securing complex AI systems. And how proven security practices can be extended to protect the modern AI stack.
|
From surveillance to control |
Privileged access management is evolving fast as cloud environments, automation, and AI agents reshape how access is used. The old “record everything” approach is struggling to keep up with speed, scale, and modern risk. Artyom Poghosyan of Britive discusses why session recording alone is no longer enough for today’s PAM strategies. And how dynamic, just-in-time access control is becoming the new foundation for prevention-first security.
|
How AI will break identity |
AI is set to disrupt one of cybersecurity’s core pillars: identity. Deepfakes, synthetic personas, and automated impersonation are pushing traditional verification to its limits. At the same time, AI can power adaptive systems that verify authenticity in real time. Michael Engle from 1Kosmos highlights how organizations can turn AI from a threat into a tool for stronger digital trust. |
|
|
Cyber ready for 2026, or just confident on paper? |
January 2026 marks our first edition of the year, and we’re starting with a deep dive into what cyber readiness really looks like today. With organizations investing heavily in tools, frameworks, and AI-driven defenses, confidence is high but cracks are beginning to show. Our expert panel breaks down where preparedness is being overestimated, why people and processes still lag behind technology, and what truly matters as threats accelerate in 2026.
Dive into the full expert discussion.
|
|
|
-
Farewell, GPT-4o. OpenAI is retiring its beloved GPT-4o model as GPT-5.2 steps into the spotlight, promising smarter, safer, and more reliable AI interactions. Fans of GPT-4o’s warmth and unfiltered creativity may feel nostalgic, but the new version builds on that feedback while offering improved personalization and safeguards. With most users already embracing GPT-5.2, it’s the end of an era and the start of a more polished AI experience.
-
AI’s dark basement. Amazon discovered hundreds of thousands of suspected child sexual abuse images while building AI training datasets, reporting over a million cases to authorities. The massive volume raises serious questions about how AI data is collected and the limits of transparency. Lack of context in reports makes many submissions “inactionable,” leaving investigators unable to help victims. This exposes the hidden risks behind the datasets powering the AI tools millions use every day.
-
AI meets the lab. OpenAI’s Prism integrates GPT‑5.2 into a LaTeX-native workspace for scientific writing and collaboration. It helps researchers draft, edit, and organize papers more efficiently while keeping formatting and structure consistent. By embedding AI directly into the workflow,
|
|
|
Got forwarded to you? Subscribe here! |
Information Security Buzz and all its contents are copyright © 2014-2024. All rights reserved. All third-party trademarks are recognized. |
|
|
|
