Russia's APT28 hacking group weaponized a Microsoft Office vulnerability just three days after Microsoft released an emergency patch on January 26. The notorious cyber-espionage unit, linked to Russia's GRU military intelligence, launched "Operation Neusploit" on January 29, targeting organizations across Central and Eastern Europe.

The attackers use specially crafted documents to steal emails and deploy malware through a multi-stage infection chain. They're sending phishing emails in English, Romanian, Slovak, and Ukrainian to maximize their reach. APT28 employs geographic filtering to stay under the radar, only delivering malicious payloads to targeted regions.

Security experts call the three-day turnaround "absurd" and warn other threat actors will likely follow suit using publicly available proof-of-concept code.

Source: Dark Reading

Kaiser Permanente will pay $46 million to settle lawsuits over alleged patient data breaches from November 2017 to May 2024. The health giant's websites and mobile apps allegedly shared confidential information with Google, Microsoft, Meta, and Twitter/X without patient consent.

The exposed data included names, IP addresses, medical histories, and communications with healthcare providers. Kaiser denies wrongdoing but agreed to settle to avoid prolonged litigation.

Current and former Kaiser members in nine states and DC who used the company's digital platforms during this period can file claims. Most eligible members will receive $20-$40. Claims must be filed by March 12, 2026, using a unique ID sent via email or mail.

Source: CBS San Francisco

Russia's APT28 hacking group is actively exploiting a critical Microsoft Office zero-day vulnerability to target victims across Ukraine, Slovakia, and Romania. The attackers send weaponized RTF documents in local languages that silently install malware when opened.

Zscaler researchers discovered the campaign in January 2026, with active attacks occurring just three days after Microsoft's emergency patch on January 26. The hackers deploy two types of malware: MiniDoor steals emails from Outlook, while PixyNetLoader provides remote access to compromised systems.

The sophisticated operation uses geographic filtering to evade detection, only delivering payloads to targets in specific regions with correct HTTP headers.

Source: Cybersecurity News

Chinese state-sponsored hackers conducted a sophisticated supply chain attack against Notepad++ users from June to December 2025, targeting telecoms and financial firms in East Asia. The attackers compromised the text editor's hosting provider to intercept and redirect update traffic to malicious servers.

Creator Don Ho revealed that hackers gained infrastructure-level access to selectively target specific users while leaving others unaffected. The hosting provider discovered the breach affected only Notepad++ traffic, with attackers maintaining access until December 2025 despite server maintenance in September.

Notepad++ has since moved to a new hosting provider and added client-side verification to prevent future update hijacking.

Source: Security Week

The ShinyHunters threat group has ramped up sophisticated extortion attacks targeting cloud-based systems across multiple organizations. Google Cloud analysts discovered the criminals use voice phishing calls, pretending to be IT staff, to trick employees into visiting fake login websites that steal credentials and multi-factor authentication codes.

Once inside company systems, attackers access platforms like SharePoint, Salesforce, and Slack to steal confidential documents. They specifically search for files containing terms like "confidential" and "internal." The group then demands Bitcoin payments within 72 hours, providing stolen data samples as proof.

Google tracks this activity under three threat clusters: UNC6661, UNC6671, and UNC6240. Security experts recommend phishing-resistant authentication like FIDO2 security keys to prevent these social engineering attacks.

Source: Cybersecurity News

A digitally literate young person who received workplace cybersecurity training still fell victim to a sophisticated banking scam while on vacation. The scammer sent a text claiming 12,805 "awards points" would expire, leading to a fake banking website that perfectly mimicked the real one.

After entering login credentials and authorizing a $2.99 shipping fee for a "free" smartwatch, scammers used cardless cash to withdraw $500 from a Melbourne ATM. The victim only discovered the theft days later when checking holiday expenses.

Similar scams have targeted Qantas, Telstra, and Coles customers. Australians lost nearly $260 million to scams in the first nine months of 2025. The bank refunded the money and issued new cards.

Source: The Guardian

Moltbook, an AI agent social network launched in January 2026, is leaking email addresses, login tokens, and API keys for all 1.5 million registered users through a critical database vulnerability. The platform, created by Octane AI's Matt Schlicht, allows AI agents to post and interact, but researchers discovered anyone can access user data without authentication through simple web queries.

The breach gets worse: most "users" are fake. A single bot called OpenClaw created 500,000 fraudulent accounts due to zero rate limiting on registrations. Security experts including Andrej Karpathy called it a "computer security nightmare," warning that exposed API keys could let attackers hijack agents and access connected services like email and calendars. Moltbook hasn't responded to security disclosures or issued patches.

Source: Cybersecurity News

US authorities have investigated allegations that Meta can access users' supposedly encrypted WhatsApp conversations, according to Bloomberg reports. The claims emerged from a lawsuit filed by Quinn Emanuel law firm, citing unnamed whistleblowers from five countries who allege Meta can read "virtually all" private WhatsApp chats.

Meta strongly denies the accusations, calling them "categorically false and absurd." The company suggests this is a tactic to help NSO Group, the Israeli spyware firm that recently lost a $167 million judgment to WhatsApp for targeting journalists and activists.

Security experts remain skeptical. UCL professor Steven Murdoch called the lawsuit "strange," noting such a massive privacy breach would likely have leaked from within the company by now.

Source: The Guardian

eScan antivirus users worldwide received malware through official updates last week after hackers compromised the company's update servers. The attack occurred on January 20, when cybercriminals pushed a malicious 'Reload.exe' file that blocked future updates and installed additional malware.

Morphisec security researchers detected the breach and reported it to eScan's parent company MicroWorld Technologies on January 21. eScan confirmed unauthorized access to their regional update server and took affected servers offline for eight hours.

The malware modified users' systems so thoroughly that automatic fixes aren't possible. Affected customers must contact eScan's technical support for a manual cleanup tool. Despite confirming the breach, eScan disputes Morphisec's characterization of the incident and is reportedly consulting lawyers.

Source: Security Week

Russian-linked threat actors attacked Poland's power grid, targeting communication and control systems at roughly 30 sites including wind, solar, and heat facilities. The attack, attributed to the Sandworm group, marked the first major operation specifically targeting distributed energy resources.

While no power outages occurred, hackers permanently "bricked" some industrial control devices beyond repair. The attackers deployed wiper malware and systematically compromised remote terminal units that connect physical equipment to control systems.

Unlike previous coordinated attacks on Ukraine's grid, this operation appeared rushed and opportunistic. Security firm Dragos noted the compressed timeline prevented more devastating damage, though the threat group possesses capabilities for greater destruction.

Source: SecurityWeek