Cybersecurity 13 November 2025 - 29 January 2026

Rapid7 Slides After Hours on Guidance Figure

Rapid7 Slides After Hours on Guidance Figure

• Rapid7 ended the day off 1.1% at $7.19, after shares moved between $7.08 and $7.48.• The stock underperformed as the broader tech sector found strength. The Nasdaq-100 ETF QQQ was up 1.8% late.• Next time investors hear from Rapid7 management will be June 2, when the company is on the agenda at William Blair’s growth stock conference. Rapid7 Inc. ended Tuesday at $7.19, off 1.1%, with sellers sticking around after the cybersecurity group put out a weaker outlook for 2026 and analysts trimmed price targets. The close put Rapid7's market cap near $483 million.
May 26, 2026
Open-source AI “guardrails” stripped off as hackers eye exposed models, researchers say

Open-source AI “guardrails” stripped off as hackers eye exposed models, researchers say

Researchers warned Thursday that hackers and criminals can readily hijack computers running open-source large language models outside the control of major AI platforms, opening up new security threats. https://www.reuters.com/technology/open-source-ai-models-vulnerable-criminal-misuse-researchers-warn-2026-01-29/ The warning comes as more groups and hobbyists turn to “open-weight” models — AI systems with downloadable parameters that anyone can host — instead of depending solely on cloud platforms that control usage policies and track misuse.
January 29, 2026
Google tightens Android Theft Protection, adding new locks for banking apps and remote controls

Google tightens Android Theft Protection, adding new locks for banking apps and remote controls

Google has released new Android Theft Protection updates that expand “Identity Check” to additional apps and introduce an optional security question for Remote Lock. The move aims to curb phone thefts that swiftly lead to account takeovers. The changes are crucial since a stolen phone rarely marks the final act of theft. Once an attacker bypasses the screen lock, banking apps, password managers, and account settings can be compromised quickly—often before victims realize funds have been transferred.
January 29, 2026
Trump cyber chief faces scrutiny after sensitive files were uploaded to ChatGPT

Trump cyber chief faces scrutiny after sensitive files were uploaded to ChatGPT

The acting head of the U.S. Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents into a public version of OpenAI’s ChatGPT, triggering internal security alerts and a Department of Homeland Security review, Politico reported. https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361 The episode is the latest flashpoint over generative AI — tools that can produce text from user prompts — inside government. CISA plays a central role in helping protect federal networks and critical infrastructure, and even routine contracting material can be treated as sensitive when it is not meant for public release.
January 29, 2026
Zscaler’s AI warning: enterprise systems can crack in 16 minutes as traffic jumps 91%

Zscaler’s AI warning: enterprise systems can crack in 16 minutes as traffic jumps 91%

SAN JOSE, Calif., Jan 28, 2026, 09:27 PST On Tuesday, cloud security firm Zscaler dropped its latest ThreatLabz report, revealing that most enterprise AI systems are vulnerable to breaches in just 16 minutes on average. The report also highlights a projected 91% surge in AI and machine-learning activity on Zscaler’s platform by 2025. “AI” is now “a primary vector for autonomous, machine-speed attacks,” said Deepen Desai, Zscaler’s EVP for cybersecurity. https://www.zscaler.com/press/zscaler-2026-ai-threat-report-91-year-over-year-surge-ai-activity-creates-growing-oversight
January 28, 2026
Italy’s cyber command braces for AI-powered attacks as Milano Cortina Winter Olympics near

Italy’s cyber command braces for AI-powered attacks as Milano Cortina Winter Olympics near

Italy’s National Cybersecurity Agency has spent the last year monitoring criminal activity on the dark web and is now gearing up for AI-driven cyber threats linked to next month’s Milano Cortina Winter Olympics. Around 20 of its roughly 100 operational specialists will dedicate themselves full time to Olympic intelligence from Rome, while 10 senior experts will be stationed at the Games’ Technology Operations Centre in Milan, working alongside Deloitte and the event organisers. The Winter Games take place from Feb. 6 to Feb. 22 and, for the first time, will be spread across several Alpine regions. This expansion complicates logistics and security efforts. With more locations involved, there are additional connected systems, suppliers, and potential failure points that could create
January 28, 2026
WhatsApp’s new “Strict Account Settings” is a lockdown switch for high-risk users

WhatsApp’s new “Strict Account Settings” is a lockdown switch for high-risk users

On Tuesday, Meta’s WhatsApp announced the launch of “Strict Account Settings,” a new high-security feature aimed at protecting accounts from advanced hacking attacks. This mode blocks attachments and media from unknown contacts, turns off link previews, and mutes calls from anyone not in the user’s address book, the company explained. The new feature arrives as major tech companies introduce “lockdown”-style safeguards targeting a select group of high-risk users—journalists, dissidents, and public figures. The approach is straightforward: remove features that attackers exploit, even if it means sacrificing convenience.
January 27, 2026
Nike investigates alleged 1.4TB data leak after “World Leaks” hacking claim

Nike investigates alleged 1.4TB data leak after “World Leaks” hacking claim

Nike announced Monday it’s probing a potential data breach after a group named World Leaks claimed to have leaked 1.4 terabytes of data linked to the company’s operations. This claim hits Nike at a tough time, as the company struggles to regain ground against smaller sportswear competitors and protect its product pipeline. Even without customer data being compromised, a leak revealing internal designs or manufacturing secrets can cause serious problems.
January 26, 2026
150 Million Passwords Exposed: Gmail and Facebook Logins Found in Open Database

150 Million Passwords Exposed: Gmail and Facebook Logins Found in Open Database

An unsecured database holding roughly 149 million usernames and passwords — including 48 million tied to Gmail and 17 million linked to Facebook — was taken offline after a security researcher alerted the hosting provider, according to reports. Allan Liska, a threat intelligence analyst at Recorded Future, noted that “infostealers create a very low barrier of entry for new criminals,” pointing to tools available to rent for just a few hundred dollars a month. This exposure is serious since password lists like these enable hackers to take over email and social media accounts—gateways to resetting credentials on other platforms. They also fuel phishing attacks, where scammers impersonate banks, colleagues, or support teams to steal additional information.
January 25, 2026
Poland power grid cyberattack: New “DynoWiper” wiper malware points to Russia’s Sandworm

Poland power grid cyberattack: New “DynoWiper” wiper malware points to Russia’s Sandworm

Cybersecurity firm ESET has pointed to hackers tied to Russian military intelligence as the probable source of the cyberattacks targeting Poland’s power grid in late December. The intruders tried to unleash a data-wiping malware known as DynoWiper, though their attempt appears to have failed. The Russian Embassy in Washington has not responded to requests for comment. The discovery sharpens the spotlight on an incident Polish officials now see as a serious threat to the country’s energy security. The focus has shifted away from data theft toward potential disruption. This development arrives as Warsaw advocates for tougher cyber rules targeting critical infrastructure.
January 24, 2026
149 Million Passwords Exposed Online: Gmail, Yahoo and Outlook Logins Found in Unsecured Infostealer Database

149 Million Passwords Exposed Online: Gmail, Yahoo and Outlook Logins Found in Unsecured Infostealer Database

An open online database containing around 149 million stolen usernames and passwords — with about 48 million tied to Gmail accounts — has been taken down after a researcher alerted its host, cybersecurity expert Jeremiah Fowler reported. Fowler noted the 96-gigabyte dump was “not password-protected or encrypted.” This discovery is significant because such collections feed directly into credential stuffing—automated attacks that try stolen passwords on various popular sites—and fuel more precise phishing campaigns, especially when the data contains direct login URLs.
January 24, 2026
Under Armour data breach scare: 72 million customer records surface on hacking forum

Under Armour data breach scare: 72 million customer records surface on hacking forum

Under Armour announced Thursday that it’s looking into reports of a hack exposing data tied to roughly 72 million accounts, following the appearance of its records on a hacking forum online. These claims are gaining traction as breach alerts start hitting inboxes, dragging the episode into the cybercrime spotlight. Once a dataset goes public, it’s nearly impossible to reel back, even if the victim later contests its contents.
January 22, 2026
ED chargesheets Magicwin: Pakistan-linked betting site accused of hawala and crypto laundering

ED chargesheets Magicwin: Pakistan-linked betting site accused of hawala and crypto laundering

India’s Enforcement Directorate has filed a prosecution complaint under the country’s anti-money laundering law against online betting platform Magicwin and others, alleging the operation was run by a UK-registered firm with Pakistani directors based in the United Arab Emirates. The complaint names 14 individuals and entities, the agency said. The filing lands as New Delhi tightens the net around real-money online games and the advertising that helps them scale, while officials also flag cross-border payment channels as a vulnerability. A senior Board of Control for Cricket in India official, Devajit Saikia, said last year the board “will not violate any of the laws enforced in the country,” after sponsors began reassessing deals under the new regime.
January 19, 2026
India’s Smartphone Security Overhaul: Source-Code Reviews, App Privacy Limits and the New Telecom Cybersecurity Push (Jan 11, 2026)

India’s Smartphone Security Overhaul: Source-Code Reviews, App Privacy Limits and the New Telecom Cybersecurity Push (Jan 11, 2026)

India is weighing sweeping smartphone security standards that could require Apple, Samsung, Google and Xiaomi to submit source code for review—part of a broader telecom cybersecurity crackdown aimed at stopping fraud, scams and data breaches. NEW DELHI — January 11, 2026 — India is considering a major overhaul of smartphone security rules that would force device makers to share source code for government review and redesign how phones handle sensitive permissions, pre-installed apps and software updates. The proposals—reported today in Reuters coverage—have triggered strong industry opposition from major brands and the manufacturers’ group MAIT, setting up a high-stakes policy fight over cybersecurity vs. proprietary technology and privacy.
January 11, 2026
India’s Sanchar Saathi U‑Turn: Why the Modi Government Dropped Its Mandatory Cybersecurity App Order

India’s Sanchar Saathi U‑Turn: Why the Modi Government Dropped Its Mandatory Cybersecurity App Order

New Delhi, December 4, 2025 — India’s government has executed a rare, rapid U‑turn on a controversial plan to force every new smartphone sold in the country to carry a government cybersecurity app called Sanchar Saathi, following a storm of criticism from privacy advocates, opposition parties and global tech giants. On Wednesday, the Ministry of Communications revoked a Department of Telecommunications order that had quietly instructed smartphone makers to pre‑install Sanchar Saathi on all new devices, and push it via software updates to phones already in the supply chain, with the app’s functions not allowed to be disabled. The Indian Express+1
December 4, 2025
Israel’s IDF Bans Android Phones for Senior Officers: iPhones Now Mandatory in New Cybersecurity Crackdown

Israel’s IDF Bans Android Phones for Senior Officers: iPhones Now Mandatory in New Cybersecurity Crackdown

Published: November 29, 2025 The Israel Defense Forces are moving to an iPhone‑only policy for senior officers, barring Android phones from any operational use on military lines in a sweeping new cybersecurity push. The change, first reported by Israeli Army Radio and detailed by multiple Israeli and international outlets, will apply to officers from the rank of lieutenant colonel up to the general staff.PressTV+1
November 29, 2025
CISA Issues Urgent Spyware Warning For iPhone And Android — How To Secure Your Smartphone Today (November 28, 2025)

CISA Issues Urgent Spyware Warning For iPhone And Android — How To Secure Your Smartphone Today (November 28, 2025)

America’s top cyber defense agency has issued an unusually blunt warning: sophisticated spyware campaigns are now actively targeting iPhone and Android users through popular messaging apps like Signal, WhatsApp, Telegram and standard SMS. In response, the Cybersecurity and Infrastructure Security Agency has updated its mobile security playbook and is urging people—especially high‑risk users—to lock down their smartphones immediately. Cybersecurity Dive+2The Hacker News+2 A new Forbes report highlights that CISA’s guidance isn’t just theoretical. It translates into concrete, step‑by‑step settings changes for both iOS and Android designed to make your device much harder to compromise. Forbes
November 28, 2025