InfoSec News 12JAN2026
General
- Part Two of Brian Krebs' deep-dive into the Aisuru and Kimwolf botnets, powered by Android TV boxes promising "free cable TV". This time, looking at the "residential proxy" networks behind it.
- Need any more convincing to keep management systems off the Internet? Trend Micro's "Apex Central" web-based management console, "could allow an unauthenticated remote attacker to load an attacker-controlled DLL...leading to execution of attacker-supplied coder under the context of SYSTEM". Unauthenticated remote-code-execution (RCE) straight to the highest-privileged SYSTEM account!
- Kicking off crypto-currency theft for the year with 'only' US$26m stolen. If that was a physical bank robbery, it would be global news, but in the crypto-currency space, it's situation normal (0.7% of last years estimated crypto-currency thefts).
- The xAI/Grok mess still continues, it's just now (somewhat) tucked away behind a paywall.
- [ES] Members of the Black Axe cyber-scam (mainly Business Email Compromise/BEC) group have been arrested. 34 individuals sounds a decent size, till you realise the Nigeria-based gang is estimated to have 30,000 members.
- [IN] India is again pushing for deep access to popular mobile phones (after earlier requiring mandatory installation of a government app, then backing down). This time, they want the source-code for mobile phones, and 12-months of on-device log retention.
Geo-Politics
- [EU] Looks as though china's Salt Typhoon operations aren't just limited to Telecommunications infrastructure in the US. Some old-school vibes, hiding the main implant as the Character Generator Protocol (chargen) daemon - not many systems would have that running in this millennia.
- [IR] Internet access is still blocked in Iran - over four days now.
- [RU] Hostage swap between Russia and France - an alleged Conti negotiator, sent to Russia, in exchange for a French researcher.
Privacy
- Wired have published a(n updated) guide on "How to Protest Safely in the Age of Surveillance". EFF have also posted about efforts to fight back
AI
- Rejoice - Microsoft rolling out a way to remove Microsoft Copilot from machines
- https://blogs.windows.com/windows-insider/2026/01/09/announcing-windows-11-insider-preview-build-26220-7535-dev-beta-channels/#:~:text=Uninstalling%20Microsoft%20Copilot%20App%20on%20managed%20devices
- https://www.bleepingcomputer.com/news/microsoft/microsoft-may-soon-allow-it-admins-to-uninstall-copilot-on-managed-devices/
- Oxford Economics suggests claims of AI-related mass layoffs are overstated.
While AI was cited as the reason for nearly 55,000 U.S. job cuts in the first 11 months of 2025—accounting for over 75% of all AI-related cuts reported since 2023—this figure represents a mere 4.5% of total reported job losses.
By comparison, job losses attributed to standard “market and economic conditions” were four times larger, totalling 245,000.
- (Fortune) https://archive.is/jUIXR