The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach
On January 7, 2026, a dataset containing 17.5 million Instagram user records appeared on BreachForums – a notorious dark...
January
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the...
The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race
On January 12, 2026, Apple made a decision that shocked Silicon Valley: they chose Google's Gemini to power the...
AI Agents Are Quietly Redefining Enterprise Security Risk
Image: GoldenDayz/Envato A new social network called Moltbook launched in late January with a premise that should unsettle every CISO...
ChatGPT Ads Are Coming: What 800 Million Users Need to Know About the New Economics of ‘Free’ AI
On January 17, 2026, OpenAI dropped a bombshell: ads are coming to ChatGPT. Not just for free users. For...
Jan Recap: New AWS Privileged Permissions and Services
As January 2026 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a sharp expansion of...
How DataDome Stopped Millions of Ticket Scalping Bots Targeting a Global Sports Organization
Between January 8–13, 2026, a global sports organization was targeted by a scalping attack. Over six days, attackers launched more...
This month in security with Tony Anscombe – January 2026 edition
The year got off to a busy start, with January offering an early snapshot of the challenges that (not just)...
Top 6 Data Breaches of January 2026
If you followed breach disclosures in January 2026, a pattern quickly became hard to ignore. Very different organizations reported incidents...
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds addressed four critical Web Help Desk flaws Pierluigi Paganini January 29, 2026 SolarWinds patched six Web Help Desk vulnerabilities,...
Nation-state and criminal actors leverage WinRAR flaw in attacks
Nation-state and criminal actors leverage WinRAR flaw in attacks Pierluigi Paganini January 29, 2026 Multiple threat actors exploited a now-patched...
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun Pierluigi Paganini January 28, 2026 Koi researchers found...
Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
On January 26, 2026, Microsoft released an out-of-band update to address a high-severity (CVSS score of 7.8) vulnerability affecting multiple...
Dormakaba flaws allow to access major organizations’ doors
Dormakaba flaws allow to access major organizations’ doors Pierluigi Paganini January 27, 2026 Researchers found over 20 flaws in Dormakaba...
Weekly Update 488
27 January 2026 It's the discussion about the reaction of some people in the UK regarding their impending social media...
