Cybersecurity 29 November 2025 - 2 February 2026

Viral Moltbook Leak: Wiz Finds Exposed Messages and Credentials
···

Viral Moltbook Leak: Wiz Finds Exposed Messages and Credentials

Cybersecurity firm Wiz disclosed a major Moltbook vulnerability that exposed private bot messages, 1.5 million API keys, and 35,000 email addresses. The flaw, blamed on rapid “vibe coding” practices, allowed outsiders to hijack agents and post as them. Moltbook patched the issue after notification. The platform, launched last week, had attracted over 1.5 million AI agents by Monday.
February 2, 2026
Bumble and Match Cyberattacks Spread to Panera, Crunchbase as ShinyHunters Claims Data Hauls
··

Bumble and Match Cyberattacks Spread to Panera, Crunchbase as ShinyHunters Claims Data Hauls

Bumble, Match Group, Panera Bread, and Crunchbase were hit by cyberattacks this week, with ShinyHunters leaking files and claiming wider breaches. Bumble and Match said no passwords or messages were exposed; Panera confirmed only contact details were stolen. Security experts warn of a growing voice-phishing campaign targeting corporate single sign-on credentials. Match and Bumble reported brief unauthorized access tied to phishing of contractor accounts.
January 30, 2026
Open-source AI “guardrails” stripped off as hackers eye exposed models, researchers say
···

Open-source AI “guardrails” stripped off as hackers eye exposed models, researchers say

Researchers identified over 175,000 internet-exposed open-source AI systems, with hundreds lacking safety guardrails and vulnerable to exploitation, according to SentinelOne and Censys. Nearly half of the hosts enabled tool-calling features, and about 30% were based in China, 20% in the U.S. Most ran versions of Meta’s Llama or Google’s Gemma models.
January 29, 2026
Google tightens Android Theft Protection, adding new locks for banking apps and remote controls
···

Google tightens Android Theft Protection, adding new locks for banking apps and remote controls

Google expanded “Identity Check” to more apps using biometrics and added an optional security question for Remote Lock. Theft Detection Lock and Remote Lock will be enabled by default on new Android devices in Brazil. Android 16 devices now feature stricter Failed Authentication Lock controls, including longer lockouts after repeated wrong sign-in attempts.
January 29, 2026
Trump cyber chief faces scrutiny after sensitive files were uploaded to ChatGPT
···

Trump cyber chief faces scrutiny after sensitive files were uploaded to ChatGPT

CISA’s acting director, Madhu Gottumukkala, uploaded sensitive contracting documents to public ChatGPT, triggering DHS security alerts and an internal review, Politico reported. The documents were labeled “for official use only” but not classified. CISA said the use was authorized, limited, and subject to controls. The review’s outcome remains unclear.
January 29, 2026
Italy’s cyber command braces for AI-powered attacks as Milano Cortina Winter Olympics near
··

Italy’s cyber command braces for AI-powered attacks as Milano Cortina Winter Olympics near

Italy’s National Cybersecurity Agency will deploy 30 specialists to protect the Milano Cortina Winter Olympics from cyberattacks, as the Games open Feb. 6 across multiple Alpine regions. Officials expect threats from both criminals and state-linked groups, with artificial intelligence likely to accelerate attacks. The agency will monitor dark web activity and coordinate with Deloitte and event organizers from Milan and Rome.
January 28, 2026
WhatsApp’s new “Strict Account Settings” is a lockdown switch for high-risk users
···

WhatsApp’s new “Strict Account Settings” is a lockdown switch for high-risk users

WhatsApp on Tuesday launched “Strict Account Settings,” blocking unknown attachments, media, and calls, and disabling link previews for users at risk of targeted hacking. The feature, rolling out over the next weeks, mirrors security modes from Apple and Google. WhatsApp says it is intended for users facing sophisticated cyber threats, not the general public.
January 27, 2026
Nike investigates alleged 1.4TB data leak after “World Leaks” hacking claim
···

Nike investigates alleged 1.4TB data leak after “World Leaks” hacking claim

Nike is investigating a possible data breach after the group World Leaks claimed to have leaked 1.4 terabytes of company files online. Cybernews and The Register reported the files appear to contain design and manufacturing data, not customer or employee personal information. Nike has not confirmed what was stolen or if a ransom was demanded. Shares of Nike were unchanged late Monday morning.
January 26, 2026
Chrome and Safari users warned: ‘rn’ lookalike links fuel a fresh phishing wave
··

Chrome and Safari users warned: ‘rn’ lookalike links fuel a fresh phishing wave

Phishing campaigns are using “rn” to mimic the letter “m” in web addresses, targeting users of Chrome and Safari on mobile devices. Netcraft and other security firms have identified fake domains like rnicrosoft.com and rnarriottinternational.com in recent attacks. Experts urge users not to log in via emailed links and to use official apps or manually entered URLs. Attackers exploit small screens and quick decisions to steal credentials.
January 26, 2026
150 Million Passwords Exposed: Gmail and Facebook Logins Found in Open Database
···

150 Million Passwords Exposed: Gmail and Facebook Logins Found in Open Database

A security researcher discovered an unsecured database with about 149 million username-password pairs, including millions linked to Gmail and Facebook accounts. The cache, traced to infostealer malware, was removed after the alert. The database included credentials for banking, streaming, crypto, and government accounts, with no password protection or encryption.
January 25, 2026
149 Million Passwords Exposed Online: Gmail, Yahoo and Outlook Logins Found in Unsecured Infostealer Database
·

149 Million Passwords Exposed Online: Gmail, Yahoo and Outlook Logins Found in Unsecured Infostealer Database

A researcher found an open database with 149 million stolen logins, including 48 million Gmail credentials and some tied to government domains. The 96GB trove, lacking any protection, was taken offline after nearly a month. Analysts say such caches enable automated account takeovers using infostealer malware. The exposed data included direct login links, making attacks easier.
January 24, 2026
Under Armour data breach scare: 72 million customer records surface on hacking forum
··

Under Armour data breach scare: 72 million customer records surface on hacking forum

Under Armour is investigating claims that hackers leaked data from about 72 million customer accounts online. Breach tracker Have I Been Pwned reports exposed emails, birth dates, locations, and purchase details. The Everest ransomware group demanded ransom in November and published the data in January. Under Armour says no payment systems or passwords were compromised.
January 22, 2026
ED chargesheets Magicwin: Pakistan-linked betting site accused of hawala and crypto laundering
···

ED chargesheets Magicwin: Pakistan-linked betting site accused of hawala and crypto laundering

India’s Enforcement Directorate filed a money-laundering prosecution complaint against Magicwin and 13 others, alleging illegal betting, piracy of ICC Men’s T20 World Cup 2024 broadcasts, and use of mule accounts and cryptocurrencies. The complaint, filed January 15 in Ahmedabad, names a UK-registered firm with Pakistani directors based in the UAE. Investigators are probing celebrity promotions linked to the platform.
January 19, 2026
India’s Smartphone Security Overhaul: Source-Code Reviews, App Privacy Limits and the New Telecom Cybersecurity Push (Jan 11, 2026)
···

India’s Smartphone Security Overhaul: Source-Code Reviews, App Privacy Limits and the New Telecom Cybersecurity Push (Jan 11, 2026)

India is considering rules that would require smartphone makers like Apple and Samsung to submit source code for government review, according to Reuters. The proposals have drawn opposition from industry groups, citing privacy and operational concerns. The Department of Telecommunications says new telecom cybersecurity rules are already in force to fight fraud and device misuse.
January 11, 2026
India’s Sanchar Saathi U‑Turn: Why the Modi Government Dropped Its Mandatory Cybersecurity App Order
··

India’s Sanchar Saathi U‑Turn: Why the Modi Government Dropped Its Mandatory Cybersecurity App Order

India’s government on Wednesday revoked an order requiring all new smartphones to come with the Sanchar Saathi cybersecurity app pre-installed and undeletable. The move follows backlash from privacy groups, opposition parties, and tech companies. Officials now say the app will remain voluntary and removable. Apple and Samsung had raised concerns about compliance.
December 4, 2025
Android December 2025 Security Update: Google Patches 107 Flaws as CISA Confirms Two Zero‑Day Attacks — Update Your Phone Now
···

Android December 2025 Security Update: Google Patches 107 Flaws as CISA Confirms Two Zero‑Day Attacks — Update Your Phone Now

Google’s December 2025 Android update patches 107 vulnerabilities, including two zero-day flaws already exploited in attacks. The U.S. Cybersecurity and Infrastructure Security Agency added both zero-days to its Known Exploited Vulnerabilities catalog. The bugs affect Android versions 13 through 16. Devices with the 2025-12-05 security patch or later are protected.
December 3, 2025
Google Play Store Update: Delete These Spyware Apps Now and Lock Down Your Android (November 30, 2025)
···

Google Play Store Update: Delete These Spyware Apps Now and Lock Down Your Android (November 30, 2025)

Security researchers found 239 malicious Android apps on Google Play, downloaded 42 million times from June 2024 to May 2025. Google has begun removing spyware-like and ad-fraud apps after reports of surging malware and privacy risks. Forbes and tech outlets warn that even legitimate-looking apps may collect sensitive data without clear disclosure. Google plans stricter controls on anonymous developers and sideloaded apps.
November 30, 2025
Israel’s IDF Bans Android Phones for Senior Officers: iPhones Now Mandatory in New Cybersecurity Crackdown
···

Israel’s IDF Bans Android Phones for Senior Officers: iPhones Now Mandatory in New Cybersecurity Crackdown

The Israel Defense Forces will require senior officers to use only iPhones for official military communications, banning Android devices from operational use. The new policy, reported by Israeli media, extends to all officers from lieutenant colonel upward and is expected to take effect soon. The shift follows cybersecurity concerns after the October 7, 2023, Hamas attacks.
November 29, 2025
1 2 3