InfoSec News 14JAN2026

General

• Google Mandiant has released a security testing tool for Salesforce Experience Cloud. This is for testing of the low-code sites (the ‘older’ way information was leaked out of Salesforce instances), rather than checking for permissions to connect data-exfiltration tools (the more recently exploited mechanism, as used by Shiny Lapsus$ Hunters).
  • https://github.com/google/aura-inspector
  • https://cloud.google.com/blog/topics/threat-intelligence/auditing-salesforce-aura-data-exposure/
  • https://help.salesforce.com/s/articleView?id=experience.exp_cloud_basics_what.htm&type=5
  • https://www.itnews.com.au/news/googles-mandiant-releases-free-salesforce-access-control-checker-622933
  • https://www.theregister.com/2026/01/13/mandiant_salesforce_tool/
• The truly ugly side of ransomware – Belgian hospital suspending procedures, transferring patients to other hospitals.
  • https://www.bleepingcomputer.com/news/security/belgian-hospital-az-monica-shuts-down-servers-after-cyberattack/
• AVCheck – a VirusTotal for criminals, that doesn’t leak the malware to Anti-Virus companies – alleged operator has been arrested in Amsterdam. The AVCheck service was shutdown in 2025 as part of Operation Endgame.
  • https://www.theregister.com/2026/01/13/avcheck_arrest/
• [AU] Police have arrested a teen for swatting locations in the US. The arrest by the Australian Federal Police, apparently from Taskforce Pomilid, would seem to align with targeting members of the “Com”, the wider community from which the Scattered Lapsus$ Hunters members are drawn.
  • https://www.itnews.com.au/news/aussie-teenager-charged-with-swatting-us-retailers-and-educational-institutions-622932
  • https://www.afp.gov.au/news-centre/media-release/new-taskforce-target-decentralised-online-crime-network-exploiting
• [IQ] In another “Com” related arrest – “a key organizer of violence-as-a-service linked to the Foxtrot criminal network…has been arrested in Iraq”.
  • https://www.theregister.com/2026/01/12/violence_as_a_service_arrest/
• [NL] Failed appeal in a Dutch court for intrusion into port computers back in 2020. One key element of the appeal, was evidence from SkyECC – an encrypted chat service, infiltrated and shutdown by police in 2021 – the court ruled the evidence admissible.
  • https://www.theregister.com/2026/01/13/dutch_port_hacker_appeal/

Geo-Politics

• [Luna] Like high-risk gambles, and off-planet adventures? How about putting a deposit down for a five-day hotel stay on the moon. US$1m deposit to secure a stay that will “likely exceed $10 million”.
  • https://www.theregister.com/2026/01/13/moon_hotel_startup_reservation/
• [UK] The Ministry of Defence is looking to source a new vehicle-launched, short-range (500km), ballistic missile system, within a year. Initial use-case is for use by Ukraine, with potential for wider UK deployment. This has an additional benefit of providing a home-grown alternative to current US-sourced Precision Strike Missiles.
  • https://www.theregister.com/2026/01/13/mod_project_nightfall/

Privacy

• [IN] India is pushing detailed Know Your Customer requirements on crypto-currency and “virtual digital assets”, including “selfie”, IP-address and geographic co-ordinates, during onboarding.
  • https://www.theregister.com/2026/01/13/india_crypto_kyc_aml_update/
• [US] Records of Licence Plate searches in Flock surveillance networks have leaked when unredacted audit logs have been released (e.g. through Public Records and Freedom of Information requests). Interestingly, the HaveIBeenFlocked site points to an interesting dilemma for police – the basis for Flock gathering Licence Plate details without a warrant, is the claim that the data is public, however that also means there is no basis for censoring the plates in audit logs, which are public records. (It is these audit logs which power HaveIBeenFlocked).
  • https://www.404media.co/police-unmask-millions-of-surveillance-targets-because-of-flock-redaction-error/
  • https://haveibeenflocked.com/
  • https://haveibeenflocked.com/news/cyble-part5
  • https://haveibeenflocked.com/news/404-eff-plates

AI

• [US] Character.ai – a large chatbot company – is being sued for alleged violations of the Kentucky Consumer Data Protection Act.

Character.AI has more than 20 million monthly users on its platform, which lets people create their own bots or interact with ones created by others and is known for offering human-like artificial intelligence chats, including through chatbots modeled after fictional characters popular with children.

According to the attorney general, company founders Noam Shazeer and Daniel De Freitas Adiwarsana, who previously worked at Google, left the tech giant because the technology they developed there — which directly informed the creation of Character.AI — was deemed “too dangerous” for release.

“It’s like, let’s try this thing, and you know see what happens,” the complaint alleged Shazeer said on a 2023 tech podcast. “I think that’s the most fun part… throw something out there and let people use it however they want.”

• https://therecord.media/kentucky-character-ai-chatbot
• AI-free Windows PC? RemoveWindowsAI script aims to deliver.

The current 25H2 build of Windows 11 and future builds will include increasingly more AI features and components. This script aims to remove ALL of these features to improve user experience, privacy and security.

• https://github.com/zoicware/RemoveWindowsAI
• https://www.theregister.com/2026/01/13/script_removes_ai_from_windows/
• (Some crossover – removing AI features, and more) https://github.com/Raphire/Win11Debloat
• With Google announcing a protocol for “AI-powered shopping agents”, consumer watchdogs warn that the future might not be all rosy. Watch out for “upselling” and potentially even “surveillance pricing” (charging what they think you’ll pay).
  • https://techcrunch.com/2026/01/13/a-consumer-watchdog-issued-a-warning-about-googles-ai-agent-shopping-protocol-google-says-shes-wrong/