SecurityWeek Briefing

"North Korean hackers target macOS developers via Malicious VS Code Projects."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 21 January 2026, 2143 UTC.

Content and Source provided by email subscription from https://feedly.com.

https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check subscription link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Today

CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training

by Eduard Kovacs / 5h

CyberNut emerged from stealth in May 2024 with $800k in pre-seed funding for its cybersecurity platform. The post appeared first on SecurityWeek .

Asymmetric Security Emerges From Stealth With $4.2 Million in Funding

by Ionut Arghire / 6h

The startup’s platform leverages AI to automate forensic investigations, accelerating incident response. The post appeared first on SecurityWeek .

aiFWall Emerges from Stealth With an AI Firewall

by Kevin Townsend / 7h

aiFWall is a firewall protection for AI deployments built to use AI to improve its own performance. The post appeared first on SecurityWeek .

LastPass Users Targeted With Backup-Themed Phishing Emails

2 TTPs

•

by Eduard Kovacs / 7h

•

LastPass warns of phishing campaign

Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success. The post appeared first on SecurityWeek .

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers exploit VS Code

•

by Ionut Arghire / 8h

The hackers trick victims into accessing or repositories that are opened using . The post appeared first on SecurityWeek .

Why Identity Security Must Move Beyond MFA

by Torsten George / 9h

By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure. The post appeared first on SecurityWeek .

MITRE Launches New Security Framework for Embedded Systems

by Eduard Kovacs / 9h

The Embedded Systems Threat Matrix (ESTM) aims to help organizations protect critical embedded systems. The post appeared first on SecurityWeek .

Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore

by Kevin Townsend / 9h

API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders. The post appeared first on SecurityWeek .

Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure

MCP servers vulnerable to RCE

•

by Ionut Arghire / 9h

Impacting Anthropic’s official MCP server, the vulnerabilities can be exploited through prompt injections. The post appeared first on SecurityWeek .

Oracle’s First 2026 CPU Delivers 337 New Security Patches

by Ionut Arghire / 10h

Oracle’s January 2026 CPU resolves roughly 230 unique vulnerabilities across more than 30 products. The post appeared first on SecurityWeek .

Yesterday

Analysis of 6 Billion Passwords Shows Stagnant User Behavior

by Eduard Kovacs / 12h

The most common stolen passwords in 2025 were 123456, admin, and password, according to a Specops study. The post appeared first on SecurityWeek .

EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China

EU phases out high-risk tech

•

by Associated Press / 1d

Under the new rules, measures for would become mandatory. The post appeared first on SecurityWeek .

Chainlit Vulnerabilities May Leak Sensitive Information

by Ionut Arghire / 1d

The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data. The post appeared first on SecurityWeek .

APT-Grade PDFSider Malware Used by Ransomware Groups

PDFSider malware targets Fortune 100

•

by Ionut Arghire / 1d

Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading. The post appeared first on SecurityWeek .

Weaponized Invite Enabled Calendar Data Theft via Google Gemini

Google Gemini leaks data via invites

•

by Ionut Arghire / 1d

A simple payload allowed attackers to create a new event leaking summaries of the victim’s private meetings. The post appeared first on SecurityWeek .

Jan 19, 2026

TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

by Eduard Kovacs / 2d

The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices. The post appeared first on SecurityWeek .

Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks

by Ionut Arghire / 2d

Operating as an access broker, the defendant sold unauthorized access to compromised networks to an undercover agent. The post appeared first on SecurityWeek .

‘SolyxImmortal’ Information Stealer Emerges

by Ionut Arghire / 2d

The information stealer abuses legitimate APIs and libraries to exfiltrate data to Discord webhooks. The post appeared first on SecurityWeek .

Cyber Insights 2026: Information Sharing

by Kevin Townsend / 2d

Information sharing is necessary for efficient cybersecurity, and is widespread; but never quite perfect in practice. The post appeared first on SecurityWeek .

New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout

US cyber power evolves offensively

•

by Eduard Kovacs / 2d

US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars. The post appeared first on SecurityWeek .

Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’

CrashFix malware uses fake extensions

•

by Ionut Arghire / 2d

Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware. The post appeared first on SecurityWeek .

42,000 Impacted by Ingram Micro Ransomware Attack

Impact (Enterprise TA0040)

•

by Ionut Arghire / 2d

The compromised personal information includes names, dates of birth, Social Security numbers, and employment-related data. The post appeared first on SecurityWeek .

Jan 17, 2026

Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System

Tennessee man pleads guilty hacking Supreme Court

•

by Associated Press / 4d

Nicholas Moore pleaded guilty to repeatedly hacking the U.S. Supreme Court’s filing system and illegally accessing computer systems belonging to AmeriCorps and the Department of Veterans Affairs. The post appeared first on SecurityWeek .

Jan 16, 2026

In Other News: FortiSIEM Flaw Exploited, Sean Plankey Renominated, Russia’s Polish Grid Attack

by SecurityWeek News / 5d

Other noteworthy stories that might have slipped under the radar: BodySnatcher agentic AI hijacking, , shipping systems hacked by researcher. The post appeared first on SecurityWeek .

Monnai Raises $12 Million for Identity and Risk Data Infrastructure

Monnai raises 12M for identity solutions

•

by Ionut Arghire / 5d

The company will use the investment to accelerate the adoption of its solution among financial institutions and digital businesses. The post appeared first on SecurityWeek .

Project Eleven Raises $20 Million for Post-Quantum Security

Project Eleven secures 20M$ funding

•

by Ionut Arghire / 5d

The startup is building the necessary infrastructure and tools to help organizations transition to post-quantum computing. The post appeared first on SecurityWeek .

750,000 Impacted by Data Breach at Canadian Investment Watchdog

by Ionut Arghire / 5d

The incident impacted the personal information of CIRO member firms and their registered employees. The post appeared first on SecurityWeek .

Cyber Insights 2026: Social Engineering

by Kevin Townsend / 5d

We've known that social engineering would get AI wings. Now, at the beginning of 2026, we are learning just how high those wings can soar. The post appeared first on SecurityWeek .

WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking

by Ionut Arghire / 5d

The critical issue impacts with improper Google Fast Pair implementations. The post appeared first on SecurityWeek .

Cybersecurity Firms React to China’s Reported Software Ban

Cybersecurity stocks drop on China ban

•

by Eduard Kovacs / 5d

China has more than 5,000 cybersecurity companies and all the top 20 firms are working with the government. The post appeared first on SecurityWeek .

Hawaii Cybersecurity Journal