Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide...
January
NSFOCUS Monthly APT Insights – January 2026
Regional APT Threat Situation In January 2026, the global threat hunting system of Fuying Lab detected a total of...
Panera’s 5.1 Million User Breach: When ‘No Hack’ Becomes a Ransomware Business Model
On January 28, 2026, Panera Bread confirmed what cybersecurity researchers already knew: the company had experienced a "cybersecurity incident."...
New CCPA Rules Turn Your Privacy Policy into a Liability
California’s revised CCPA rules took effect on January 1, 2026, and they expose a gap that most compliance teams...
The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach
On January 7, 2026, a dataset containing 17.5 million Instagram user records appeared on BreachForums – a notorious dark...
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the...
The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race
On January 12, 2026, Apple made a decision that shocked Silicon Valley: they chose Google's Gemini to power the...
AI Agents Are Quietly Redefining Enterprise Security Risk
Image: GoldenDayz/Envato A new social network called Moltbook launched in late January with a premise that should unsettle every CISO...
ChatGPT Ads Are Coming: What 800 Million Users Need to Know About the New Economics of ‘Free’ AI
On January 17, 2026, OpenAI dropped a bombshell: ads are coming to ChatGPT. Not just for free users. For...
Jan Recap: New AWS Privileged Permissions and Services
As January 2026 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a sharp expansion of...
How DataDome Stopped Millions of Ticket Scalping Bots Targeting a Global Sports Organization
Between January 8–13, 2026, a global sports organization was targeted by a scalping attack. Over six days, attackers launched more...
This month in security with Tony Anscombe – January 2026 edition
The year got off to a busy start, with January offering an early snapshot of the challenges that (not just)...
Top 6 Data Breaches of January 2026
If you followed breach disclosures in January 2026, a pattern quickly became hard to ignore. Very different organizations reported incidents...
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds addressed four critical Web Help Desk flaws Pierluigi Paganini January 29, 2026 SolarWinds patched six Web Help Desk vulnerabilities,...
Nation-state and criminal actors leverage WinRAR flaw in attacks
Nation-state and criminal actors leverage WinRAR flaw in attacks Pierluigi Paganini January 29, 2026 Multiple threat actors exploited a now-patched...
