InfoSec News 07JAN2026
General
- Did they / Didn't they breaches
- NordVPN claims breach was "dummy data" from a Proof -of-Concept Salesforce account
- Resecurity claims the ScatteredLapsus$Hunters (SLH) breach was in an Honeypot.
- https://databreaches.net/2026/01/05/threat-actors-insisted-that-resecuritys-honeypot-was-real-data-we-found-no-evidence-that-it-was/
- https://www.resecurity.com/blog/article/synthetic-data-a-new-frontier-for-cyber-deception-and-honeypots
- https://www.theregister.com/2026/01/05/resecurity_honeypot_shinyhunters/
- Some pre-Christmas internal bust-up in SLH
- In case you missed the MongoDB fun (and subsequent impact - such as Rainbow Six hacks). Thanks to Ox Security for publishing the technical write-up, and Elastic for publishing a full working PoC on Christmas day.
- Expect some crypto-currency phishing - makers of the Ledger hardware wallet notified customers of an upstream supplier breach.
- More on the Jaguar Land Rover (JLR) attack impacts - wholesale volumes were down 43% for the impacted quarter.
- Hacker: 1, WhiteDate: 0 - "Martha Root" aka @back2theRoot gave a talk at the Chaos Computer Club (39C3), on a set of far-right dating sites. The finish to the talk was a live eradication of the sites.
- https://techcrunch.com/2026/01/05/hacktivist-deletes-white-supremacist-websites-live-on-stage-during-hacker-conference/
- (English and German audio available - use "Source Chooser cog in bottom left of the video to switch) https://media.ccc.de/v/39c3-the-heartbreak-machine-nazis-in-the-echo-chamber
- [CN] Hong Kong has a 'new' way to fight scams - over-the-counter banking.
The Monetary Authority therefore required all local banks to establish Money Safe accounts that allow customers to set aside funds which they can only access by visiting a brick-and-mortar bank.
Getting Techy
- Palo Alto Networks (PAN) Unit 42 dives into an obfuscated info-stealer, written in Python, then 'protected' (obfuscated) with Pyarmor.
Geo-Politics
- Europe needs to repeat its Airbus (as competitor to US Boeing) move, with a European cloud (competitor to AWS/Microsoft Azure/Google Cloud). It will take a massive effort.
- [FI] Another ship has been detained in European waters, suspected of deliberately severing communications cables.
- [GR] Unattributed Radio Frequency (RF) interference shutdown Greek airspace for several hours
"For some reason all frequencies were suddenly lost .. We could not communicate with aircraft in the sky," Panagiotis Psarros, chair of the Association of Greek Air Traffic Controllers
Privacy
- [US] California's next level of Privacy enforcement is now in effect. After bringing in rules to allow California residents to demand their data be deleted from brokers, it was found to have low uptake. This makes sense, given the sheer number of data brokers out there (and how difficult they can make things). In response, the new law centralises this into a single request at a California Government website, that will send the notice to all brokers.
AI
- OWASP Top 10 for Agentic Applications
- Microsoft not treating Prompt Injection as a security flaw
- https://www.bleepingcomputer.com/news/security/are-copilot-prompt-injection-flaws-vulnerabilities-or-ai-limits/
- https://medium.com/@d_f4u1t/indirect-prompt-injection-using-delimiter-and-json-payload-enables-system-prompt-disclosure-in-996a7b15dc01
- https://medium.com/@d_f4u1t/direct-prompt-injection-enables-system-prompt-disclosure-in-copilot-feeefddeac97
- LLM's may be shepherding in the end of StackOverflow? Question volumes have dropped a lot in the last few years
- Financial Times definitely burying the lede with an article on X
"Who's who at X, the deepfake porn site formerly known as Twitter".
Grok has been modifying photos, at users' requests, with little to no apparent guardrails or censorship.
Grok provoked widespread outrage this week after responding to a user’s prompt to remove clothing from an image of a 14-year-old actress, amid a surge of similar activity in which the tool was used to “undress” images of women and pose them in bikinis.
- https://www.ft.com/content/ad94db4c-95a0-4c65-bd8d-3b43e1251091?accessToken=zwAGR7kzep9gkdOtlNtMlaBMZdO9jTtD4SUQkQ.MEYCIQCdZajuC9uga-d9b5Z1t0HI2BIcnkVoq98loextLRpCTgIhAPL3rW72aTHBNL_lS7s1ONpM2vBgNlBNHDBeGbHkPkZj&sharetype=gift&token=a7473827-0799-4064-9008-bf22b3c99711
- (Mirror of FT) https://archive.md/2026.01.06-160511/https://www.ft.com/content/ad94db4c-95a0-4c65-bd8d-3b43e1251091
- https://cyberplace.social/@GossiTheDog/115850125355579948
- https://therecord.media/europe-regulators-grok-france
- https://therecord.media/eu-grok-regulation-deepfake
- More attempts to replace humans with Large Language Models - will be interesting to see how well the models deal with nuance, sarcasm and other non-obvious word forms.