Be aware – new type of phishing using Microsoft Teams
https://www.ucl.ac.uk/isd/news/2026/jan/be-aware-new-type-phishing-using-microsoft-teams
LAPS Alerts Parents About Phishing, Spam, Robo Calls And Last Weekend’s Bomb Scare
https://losalamosreporter.com/2026/01/29/laps-alerts-parents-about-phishing-spam-robo-calls-and-last-weekends-bomb-scare/
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
https://gbhackers.com/school-domains-fuel-bulletproof-threats/
APAAR ID scam: The WhatsApp message that could trick students into clicking
https://www.msn.com/en-in/money/news/apaar-id-scam-the-whatsapp-message-that-could-trick-students-into-clicking/ar-AA1UHZMA?apiversion=v2&domshim=1&noservercache=1&noservertelemetry=1&batchservertelemetry=1&renderwebcomponents=1&wcseo=1
AG Sunday informs seniors of identity theft and ‘sophisticated’ scams
https://www.timesleader.com/news/1731244/ag-sunday-informs-seniors-of-identity-theft-and-sophisticated-scams
No Place Like Home Network: Disrupting the World’s Largest Residential Proxy Network
Google dismantled the IPIDEA network that used residential proxies to route malicious traffic.
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions.
https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware
Threat Bulletin: Critical eScan Supply Chain Compromise
Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems.
https://www.morphisec.com/blog/critical-escan-threat-bulletin/
France fines unemployment agency over data breach
The French data protection authority has fined the country’s national employment agency France Travail (formerly known as Pôle Emploi) a sum of €5 million for “failing to secure job seekers’ data, which allowed hackers to steal the personal information of 43 million people.” This follows a data breach that occurred in early 2024 and which exposed job seekers’ personal information spanning 20 years, including standard PII. Bank details and account passwords were not affected, nor were job-seeker files taken. This latter category is important because job-seeker files tend to contain sensitive health data.
Microsoft Teams addition will allow for suspicious calls to be reported
This new feature is intended to be released to Targeted Release customers by mid-March. Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts. Named “Report a Call,” the function will be enabled by default, but can be disabled by admins via a toggle inside the “Calling settings.” When users manually flag a call, some metadata including timestamps, duration, caller ID information, and participant Teams IDs will be shared with both user’s organization and Microsoft. General availability worldwide is expected for late April.
UK leaders warned about absorbing cyberattacks without offensive deterrence
During a UK parliamentary hearing on national security ministers were warned that Britain “risks leaving itself exposed to cyberattacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states.” Former national security adviser Lord Sedwill, who is now a member of the Joint Committee on the National Security Strategy, added that “resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure, and disinformation campaigns against the United Kingdom.” His comments echo those made by the former head of the British Army, who previously urged the government to get on the “forward foot” with ransomware instead of just “absorbing the punches.”
ShinyHunters steals 10M records in alleged dating app heist
The records were allegedly stolen from Match Group, a U.S. based firm that “owns some of the world’s most widely used swipe-based dating platforms,” including Hinge, Match.com, and OkCupid. ShinyHunters representatives say they made off with user data as well as hundreds of internal documents. They identify “AppsFlyer, a marketing analytics provider, as the apparent source of the exposure.” The company itself has declined to say what types of data were accessed, how many customers were affected, or whether a ransom was involved.
North Korea threat group splits into 3 distinct operations
According to a report released by CrowdStrike yesterday, the group Labyrinth Chollima has spawned two additional groups, Golden Chollima and Pressure Chollima. These spin-offs, which have been operating since 2020, “allow Labyrinth Chollima to narrow its focus on espionage, targeting victims in the manufacturing, logistics, defense and aerospace industries,” while Golden Chollima and Pressure Chollima focused on stealing cryptocurrency for funding North Korea’s cyber operations. The groups all have grown out of the Lazarus Group, sharing some tools and infrastructure, which “indicates centralized coordination in concert with their specialized individual capabilities.
SolarWinds fixes critical web help desk flaws
The security updates seek to address “multiple security vulnerabilities impacting SolarWinds Web Help Desk,” including four that could result in authentication bypass and remote code execution (RCE). There are six vulnerabilities involved in this update series, four of which have CVSS ratings of 9.8. A link to an article providing CVE numbers and details on these flaws is available in the show notes to this episode.
Aisuru botnet outdoes itself with 31.4 Tbps DDoS attack
This attack targeted multiple companies, mostly in the telecommunications sector, “and was detected and mitigated by Cloudflare on December 19. It was launched by the Aisuru/Kimwolf and peaked at 31.4 Tbps and 200 million requests per second, surpassing its own previous DDoS record that reached 29.7 Tbps. Despite the scale of these hyper-volumetric attacks, Cloudflare says “they were detected and mitigated automatically and didn’t trigger any internal alerts.” Cloudflare added in its report, Aisuru generally uses compromised IoT devices and routers as its botnet, but in the December 19 attack, it used Android TVs.
Latvia identifies Russia as its top cyber threat as attacks hit record high
“In its annual report released this week, Latvia’s national security service, SAB, said 2025 marked an all-time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia’s invasion of Ukraine in 2022.” The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security. The methods included intrusion attempts, malware distribution, equipment compromise and DDoS attacks. The agency adds that the campaign shows no sign of slowing, “even though most incidents so far have failed to cause serious disruption.”