Week in review: Fully patched FortiGate firewalls are getting compromised, attackers probe Cisco RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Review: AI Strategy and Security
AI Strategy and Security is a guide for organizations planning enterprise AI programs. The book targets technology leaders, security professionals, and executives responsible for strategy, governance, and operational execution. It treats AI adoption as an organizational discipline that spans planning, staffing, security engineering, risk management, and ongoing operations.
More employees get AI tools, fewer rely on them at work
People across many organizations now have access to AI tools, and usage keeps spreading. Some groups rely on AI during regular work, others treat it as an occasional helper. That gap between access and routine use sits at the center of new research from Deloitte on enterprise AI adoption.
Fake browser crash alerts turn Chrome extension into enterprise backdoor
Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user install from an official and nominally safe online marketplace can escalate into full remote access.
Initial access broker pleads guilty to selling access to 50 corporate networks
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New Jersey has announced. Feras Khalil Ahmad Albashiti has pleaded guilty last Thursday to fraud and related activity in connection with access devices.
Linux users targeted by crypto thieves via hijacked apps on Snap Store
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. Instead of creating new accounts on this Canonical-run package repository, the attackers are taking over expired web domains and associated email servers tied to existing Snap Store publishers, and using that access to hijack their Snapcraft accounts and push malicious updates to previously benign packages.
RansomHub claims alleged breach of Apple partner Luxshare
Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. According to a post on the group’s data leak site, the attackers stole and encrypted some of the company’s sensitive data.
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. The company warns that its Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability in the wild.
Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or above, 7.4.9 or above, 7.2.12 or above, and 7.0.18 or above.
Energy sector orgs targeted with AiTM phishing campaign
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email address belonging to a trusted organization.
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made phishing kits are currently used by a number of threat actors that go after credentials and authentication factors to gain access to corporate systems and assets.
The 2026 State of Pentesting: Why delivery and follow-through matter more than ever
Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting, delivery, and remediation tracking play a critical role in determining how effective a pentest is at actually reducing risk.
Unbounded AI use can break your systems
In this Help Net Security video, James Wickett, CEO of DryRun Security, explains cyber risks many teams underestimate as they add AI to products. He focuses on how fast LLM features are pushed into live applications without limits or guardrails.
Bytebase: Open-source database DevOps tool
Bytebase is a DevOps platform for managing database schema and data changes through a structured workflow. It provides a central place for teams to submit change requests, run reviews, and track executions across environments. The open-source edition is designed for organizations that want to run the software on their own infrastructure.
Confusion and fear send people to Reddit for cybersecurity advice
A strange charge appears on a bank account. An email claims a package is on the way. A social media account stops accepting a password that worked yesterday. When these moments hit, many people do the same thing. They open Reddit and ask strangers for help. A new study shows how often this happens and what people ask when they do.
Bandit: Open-source tool designed to find security issues in Python code
Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the lifecycle, especially in projects that already rely on automated linting and testing.
Cybercriminals speak the language young people trust
Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s screens. Constant time online chips away at attention, confidence, and judgment, and pushes young people toward views and choices that don’t always work in their favour.
Pro-Russian hacktivist campaigns continue against UK organizations
The UK’s National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad. In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting cyber operations worldwide against organizations and critical infrastructure sectors.
OpenAI adds age prediction to ChatGPT to strengthen teen safety
OpenAI is rolling out age prediction on ChatGPT consumer plans to help determine whether an account likely belongs to someone under 18. Age prediction builds on protections already in place.
A new framework helps banks sort urgent post-quantum crypto work from the rest
Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out a scoring framework that helps banks rank systems and business use cases based on quantum risk and the time required to migrate them. The goal is practical prioritization, and the paper is aimed at security teams that need to move from planning into execution.
Exposed training apps are showing up in active cloud attacks
Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited.
Tesla, Sony, and Alpine systems compromised on day one of Pwn2Own Automotive 2026
Security researchers uncovered 37 previously unknown vulnerabilities on the opening day of Pwn2Own Automotive 2026, earning a combined $516,500 in prize money, according to results released by Trend Micro’s Zero Day Initiative.
One-time SMS links that never expire can expose personal data for years
Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for years.
Raspberry Pi now offers a branded USB flash drive, starts at $30
Raspberry Pi has launched a USB flash drive optimized for use across its lineup of single-board computers. The drive is offered in two capacities, with the 128GB model priced at $30 and the 256GB version at $55.
Cyber risk keeps winning, even as AI takes over
Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries.
When the Olympics connect everything, attackers pay attention
Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in scale and distraction. A new Palo Alto Networks threat study on the Milan Cortina 2026 Winter Olympic Games outlines how attackers are expected to operate across the event’s digital ecosystem, from ticketing platforms to telecom infrastructure.
A new European standard outlines security requirements for AI
The European Telecommunications Standards Institute (ETSI) has released a new European Standard that addresses a growing concern for security teams working with AI. The standard, ETSI EN 304 223, sets baseline cybersecurity requirements for AI models and systems intended for real-world use.
Privacy teams feel the strain as AI, breaches, and budgets collide
Privacy programs are under strain as organizations manage breach risk, new technology, and limited resources. A global study from ISACA shows that AI is gaining ground in privacy work, with use shaped by governance, funding, and how consistently privacy is built into systems.
Product showcase: PrivacyHawk for iOS helps users track and remove personal data from data brokers
Every interaction online, from signing up for a newsletter to making a purchase, leaves a trace. These traces are collected by data brokers and resold to advertisers, analytics firms, or, in some cases, criminals on the dark web. As personal information is shared more widely, the risk of phishing, spam, scams, and identity theft increases. PrivacyHawk focuses on reducing this digital footprint by identifying where personal data is exposed and helping remove it before it can be misused.
Let’s Encrypt rolls out 6-day and IP-based certificates
Let’s Encrypt says its short-lived TLS certificates with a 6-day lifetime are now generally available. Each certificate is valid for 160 hours from the time it is issued. To request one, operators must select the “shortlived” profile in their ACME client. The option is opt-in and works with clients that support the certificate profile feature. Let’s Encrypt said this type of certificate requires more frequent validation and reduces reliance on traditional revocation systems by shortening the period a compromised key remains valid.
Security leaders push for continuous controls as audits stay manual
Security teams say they want real-time insight into controls, but still rely on periodic checks that trail daily operations. New RegScale research shows how wide that gap remains and where organizations are directing time, staff, and budget to manage it.
Rust package registry adds security tools and metrics to crates.io
The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers a way to view advisory information before selecting a crate as a dependency.
EU tightens cybersecurity rules for tech supply chains
The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure ICT supply chains and ensure products reaching EU citizens are secure by design through a streamlined certification process.
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise
Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools.
macOS Tahoe improves privacy and communication safety
macOS Tahoe privacy and security features focus on screening unwanted contact, limiting tracking, and keeping more decisions on the device. Most updates run quietly in the background and require little setup.
The internet’s oldest trust mechanism is still one of its weakest links
Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent. The research examined the Forbes Global 2000 and compared them with the world’s top 100 privately held unicorn companies.
OpenWrt One gains support for running Debian
Debian now runs on the OpenWrt One hardware platform following recent engineering work by Collabora. OpenWrt One is a developer focused router designed to support embedded Linux work on standardized hardware. The platform serves as a reference device for the OpenWrt community and includes open hardware documentation intended to support system bring up and software development.
Microsoft introduces winapp, an open-source CLI for building Windows apps
Microsoft has released winapp, a new command line interface aimed at simplifying the process of building Windows applications. The open-source tool targets developers who rely on terminal based workflows and want a consistent way to create, configure, and manage Windows apps across projects.
Agentic AI edges closer to everyday production use
Many security and operations teams now spend less time asking whether agentic AI belongs in production and more time working out how to run it safely at scale. A new Dynatrace research report looks at how large organizations are moving agentic AI from pilots into live environments and where those efforts are stalling.
Ring now lets users verify whether videos have been altered
To give users peace of mind, Ring has introduced a new content authenticity feature that allows them to verify whether a Ring video has been edited or altered. Ring Verify adds a digital security seal that breaks if the video is changed in any way.
1Password targets AI-driven phishing with built-in prevention
To help reduce phishing risk, 1Password added an extra layer of protection and began rolling out a phishing prevention feature designed to stop users before they share passwords with scammers.
Cybersecurity jobs available right now: January 20, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: January 23, 2026
Here’s a look at the most interesting products from the past week, featuring releases from cside, Obsidian Security, Rubrik, SEON, and Vectra AI.