Sentire Warns Businesses: Hackers are After Your Employees’ Account Credentials, as Account Compromise Threats Surge 389% in 2025
https://aijourn.com/esentire-warns-businesses-hackers-are-after-your-employees-account-credentials-as-account-compromise-threats-surge-389-in-2025/
Warning: Phishing scams could lock X accounts
https://www.thenewsenterprise.com/news/business/warning-phishing-scams-could-lock-x-accounts/article_90680499-92c5-583a-8310-148e8aec8ef8.html
Microsoft Shuts Down Cybercrime Site That May Have Tried to Scam You
https://www.pcmag.com/news/microsoft-shuts-down-redvds-cybercrime-site-may-have-tried-to-scam-you?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=B
AG Nessel Encourages Public to Watch Out for Common Phishing, Skimming Scams at Detroit Auto Show
https://www.michigan.gov/ag/news/press-releases/2026/01/15/ag-nessel-encourages-public-to-watch-out-for-common-phishing-skimming-scams-at-detroit-auto-show
Battling Cryptojacking, Botnets, and IABs
Cryptojacking often comes with less obvious addons, like SSH backdoors
https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632
Microsoft Copilot Reprompt Attacks
Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow.
https://www.varonis.com/blog/reprompt
Hijacking Bluetooth Accessories Using Google Fast Pair
Google’s fast pair protocol is often not implemented correctly, allowing the Hijacking of Bluetooth accessories
https://whisperpair.eu/#about
Jen Easterly to helm RSAC
The RSA Conference, host of the world’s largest and most influential cybersecurity conference, announced yesterday that Easterly has been appointed as its Chief Executive Officer. Easterly is a leading cybersecurity expert, highly decorated U.S. Army veteran, and the former Director of CISA. As CEO, she will “guide RSAC’s global portfolio, including its annual flagship conference in San Francisco; expanded international programming; the renowned Innovation Sandbox contest and startup ecosystem; RSAC’s emerging professional membership platform; education initiatives; and programs focused on AI security, secure software development, and global collaboration.”
Palo Alto fixes flaw that can crash firewalls without login
This fix involves security updates for a flaw with a CVSS score of 7.7 that impacts GlobalProtect Gateway and Portal. According to the company, a proof-of-concept (PoC) exploit exists for this flaw. It (CVE-2026-0227) is described as “a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for exceptional conditions (CWE-754)” Specifically it impacts PAN-OS NGFW or Prisma Access configurations with an enabled GlobalProtect gateway or portal. There is no evidence that the vulnerability has been exploited in the wild.
Windows January update causes login problems
The January 2026 security update, which was released on Tuesday January 13, is leading to connection and authentication failures in Azure Virtual Desktop and Windows 365 related to the Windows App. The update, Microsoft says, can “result in credential prompt failures during Remote Desktop connections using the Windows App on Windows client devices, impacting Azure Virtual Desktop and Windows 365.” This appears to affect every supported version of Windows, from Windows 10 Enterprise up to Windows 11 25H2 as well as Windows Servers 2019 to 2025. The company is actively working on a resolution and plans to release an out-of-band (OOB) update in the coming days.
UK police blame Copilot for intelligence mistake
The chief constable of West Midlands Police, one of Britain’s largest police forces, has admitted that Microsoft’s Copilot AI assistant made a mistake in creating an intelligence report that included a hallucination of a nonexistent soccer match between London team Aston Villa and a visiting team, and Maccabi Tel Aviv. Initially the forced denied that AI had been used in preparing the report, blaming “social media scraping” and a Google search result for the error. Microsoft has not yet confirmed that Copilot was involved in this particular mistake but said in a statement to The Verge that the British police force “should be reviewing the sources of information that Copilot provides. It added, “Copilot combines information from multiple web sources into a single response with linked citations. It informs users they are interacting with an AI system and encourages them to review the sources.”
Western cyber agencies issue industrial operational technology warning and guidance
Britain’s National Cyber Secure Centre (NCSC) jointed its Five Eyes partners along with CISA and the FBI to discuss how organizations should “securely connect equipment such as industrial control systems, sensors and other critical services, [which are] at the heart of critical infrastructure, from energy generation plants through to water treatment facilities, manufacturing lines and transportation networks.” The warnings point out that “while historically air gapped from the internet, many of these systems are now remotely monitored and managed, increasing efficiency but also the potential attack surface for malicious actors.” The warnings were used to introduce a new NCSC guidance document, which “offers a clear, practical framework for designing and maintaining secure connectivity, reducing attack surface and boosting resilience.”
South Korean conglomerate Kyowon confirms ransomware attack
The group says the incident occurred on Saturday, January 10, and that customer information may have been exposed in the incident. Kyowon specializes in “education and publishing, digital learning tools, hospitality, and various consumer services.” It has about 5.5 million members, but there is no indication as of yet how many may have been affected by the incident. who may have had their information exposed to hackers. No major group has yet claimed responsibility for the attack and similarly no suspects have been suggested.
Reprompt attack siphons Microsoft Copilot data
Researchers at Varonis have discovered and revealed a new attack technique that could allow a threat actor that allowed them to “exfiltrate user data from Microsoft Copilot using a single malicious link. Named Reprompt, the attack “bypasses the LLMs data leak protections and allowed for persistent session exfiltration even after the Copilot is closed.” The Varonis researchers added, “the attack leverages a Parameter 2 Prompt (P2P) injection, a double-request technique, and a chain-request technique to enable continuous, undetectable data exfiltration.” They discovered that the protections only applied to an initial URL initial request, which could be bypassed by supplying each request multiple times.
Central Maine Healthcare data breach update
Following up on a story we covered in June of last year, Central Maine Healthcare is now notifying over 145,000 patients that their “personal, treatment, and health insurance information was compromised in a multi month data intrusion and breach, which itself was discovered on June 1.” The compromised information, Central Maine Healthcare says, includes names, dates of birth, Social Security numbers, treatment details, provider names, dates of service, and health insurance information.