Kensington and Chelsea Council suffered a major cyber attack that potentially compromised personal data of hundreds of thousands of residents. The west London authority warned households that criminals could use the stolen information to make scams appear legitimate.

The council detected and contained the breach quickly, but hackers accessed sensitive data including housing records and social care information. Council leader Elizabeth Campbell called it a "serious" incident, prompting immediate warnings to residents about potential fraud attempts.

Three councils - Kensington and Chelsea, Westminster, and Hammersmith and Fulham - are working with the National Cyber Security Centre to investigate. It could take months to fully assess what data was compromised, with priority given to checking files belonging to vulnerable individuals.

Source: BBC News

Nike is investigating a potential cybersecurity breach after the WorldLeaks hacking group claimed to have stolen company data and threatened to release it publicly. The cybercriminals listed Nike as a victim on their dark web site on January 22, setting a January 24 deadline for data release unless ransom demands are met.

WorldLeaks emerged in 2025 after the shutdown of Hunters International ransomware group, shifting focus from file encryption to pure data theft and extortion. The gang has targeted nearly 120 organizations, including Dell earlier this year.

Nike hasn't disclosed what type or amount of data was allegedly compromised. The incident follows a similar breach at Under Armour, highlighting ongoing cybersecurity challenges facing major retailers.

Source: SecurityWeek

Cisco rushed to patch a critical zero-day vulnerability in its Unified Communications Manager after discovering attackers were already exploiting it. The flaw, CVE-2026-20045, affects products used by 30 million people for voice, video, and collaboration services.

Attackers can exploit the vulnerability by sending crafted HTTP requests to gain user-level access, then escalate to root privileges for complete system control. The vulnerability scored 8.2 on the CVSS scale but received Cisco's highest "critical" rating due to the potential for full system compromise.

CISA added the flaw to its Known Exploited Vulnerabilities catalog, and security researchers detected signs of mass scanning for vulnerable systems. This continues a troubling pattern of Cisco products being targeted by threat actors, particularly Chinese state-sponsored groups.

Source: Dark Reading

Under Armour is investigating a data breach that compromised 72 million customer email addresses, along with names, genders, birthdates, and ZIP codes. The breach reportedly occurred late last year, according to cybersecurity site Have I Been Pwned.

The Baltimore-based clothing retailer says there's no evidence hackers accessed passwords or financial information from UA.com or payment systems. Have I Been Pwned CEO Troy Hunt agrees with Under Armour's assessment but expressed surprise at the company's lack of an official disclosure statement given the breach's scale and timing.

Source: Security Week

North Korean hackers are using a clever new trick to break into South Korean systems by exploiting Microsoft Visual Studio Code's legitimate tunneling feature. Darktrace researchers discovered the spear-phishing campaign targeting South Koreans with fake government emails about graduate school programs.

The malicious documents, disguised as official files, secretly install VS Code and create a tunnel called "bizeugene" that gives attackers full remote access. This method bypasses traditional security measures since it uses trusted Microsoft infrastructure instead of suspicious command-and-control servers.

The attack represents a shift toward "living-off-the-land" tactics, where hackers abuse legitimate tools rather than custom malware, making detection extremely difficult for security teams.

Source: Dark Reading

Generative AI is transforming cybercrime, with fraud expected to surpass ransomware as the biggest digital threat in 2026, according to the World Economic Forum. Nearly 73% of CEOs surveyed said they or their networks were hit by cyber-enabled fraud in 2025.

The shift reflects AI's ability to create more convincing scams. Criminals can now clone voices, localize messages instantly, and launch sophisticated impersonation attacks that are harder to detect. Consumer losses hit $12.5 billion in 2024, up 25% from the previous year.

Experts recommend slowing down when receiving urgent requests, verifying contacts independently, and never sharing personal information through unsolicited messages. Traditional red flags are disappearing as AI makes scams increasingly realistic.

Source: CNET

Cisco patched a critical zero-day vulnerability (CVE-2026-20045) being actively exploited by hackers targeting unified communications products. The flaw affects Cisco Unified Communications Manager, Session Management Edition, Unity Connection, and Webex Calling systems.

Attackers can exploit the vulnerability remotely without authentication by sending crafted HTTP requests to management interfaces. Successful attacks grant user-level access that can escalate to root privileges on the underlying operating system.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 11 to patch. Hunter shows roughly 1,300 internet-exposed Cisco Unified CM instances, with nearly half located in the United States.

Source: Security Week

LastPass customers are being targeted in an ongoing phishing campaign that began around January 19, strategically timed during the Martin Luther King Jr. Day holiday weekend when security teams have reduced staffing.

The attackers are sending convincing emails from addresses like support@lastpass[.]server8, urging users to "back up their vaults" due to fake scheduled maintenance. Subject lines include "LastPass Infrastructure Update: Secure Your Vault Now" and "Protect Your Passwords: Backup Your Vault (24-Hour Window)."

These emails lead to phishing sites designed to steal login credentials, potentially giving criminals access to entire password vaults. LastPass emphasizes they never ask for master passwords and advises customers to report suspicious emails to abuse@lastpass.com. While no accounts appear compromised yet, the company recommends enabling multifactor authentication for added protection.

Source: Dark Reading

Marks & Spencer's chief technology officer Josie Smith is stepping down just 18 months after joining the company, following a devastating cyber attack last year. Her departure comes four months after chief digital and technology officer Rachel Higham also left the retailer.

The April cyber attack by hacker group Scattered Spider cost M&S hundreds of millions of pounds and shut down online operations for weeks. The company still blames lingering effects from the breach for recent drops in Christmas clothing sales.

Smith, previously at BT Group and Vodafone, will be replaced by Darren Gibson. Chief product officer Krista Nordlund is also leaving in July.

Source: Sky News

Cybercriminals are using a sophisticated new attack called "CrashFix" that deliberately crashes victims' browsers before offering a fake solution. The scam starts with a malicious Chrome extension called NexShield, disguised as the popular uBlock Origin Lite ad blocker.

Once installed, the extension waits an hour then floods the browser with connection requests, causing it to crash. When users try to restart, they see a fake security warning instructing them to run a "repair" command that's actually malware.

Huntress Labs discovered corporate networks receive ModeloRAT, a sophisticated backdoor, while home users get test payloads. The threat actor "KongTuke" clearly prioritizes business targets over individual users.

Source: Dark Reading