Browsing: Security

A recent investigation uncovered 175,000 publicly exposed Ollama AI servers across 130 countries, creating an unmanaged layer of AI compute infrastructure. These systems, many with tool-calling capabilities, operate outside standard security protocols, making them vulnerable to LLMjacking and other cyber threats.

The operators of the Kimwolf botnet recently claimed to have infiltrated the control panel of Badbox 2.0, a massive China-based botnet infecting millions of Android TV streaming boxes. This development offers new leads for the FBI and Google, who are actively investigating Badbox 2.0, potentially revealing key individuals behind its operations, including Chen Daihai and Zhu Zhiyu.

WhatsApp has introduced a new ‘Strict Account Settings’ feature designed to protect users from sophisticated cyberattacks, including spyware. This toggle extends the platform’s privacy efforts, allowing users to limit features like blocking attachments and media from unknown contacts.

WhatsApp has announced a new security feature called Strict Account Settings, designed to protect users from sophisticated spyware attacks by blocking attachments and media from unknown contacts. This “lockdown-style” feature is particularly aimed at high-risk individuals like journalists.

US Immigration and Customs Enforcement (ICE) is seeking information from companies regarding “commercial Big Data and Ad Tech” products. These tools are intended to support investigative activities, as detailed in a recent Federal Register filing. This move highlights the government’s increasing interest in leveraging commercially developed technologies for law enforcement and surveillance purposes.

Hundreds of internal US government records obtained by WIRED revealed limited intelligence on the Venezuelan gang Tren de Aragua in the United States, depicting fragmented, low-level criminal activity rather than a coordinated terrorist threat, contrary to public warnings.

Microsoft is currently investigating reports of Windows 11 devices experiencing boot failures, specifically displaying ‘UNMOUNTABLE_BOOT_VOLUME’ errors, after installing the January 2026 Patch Tuesday security updates. The issue appears to impact physical machines running Windows 11 versions 25H2 and 24H2.

A severe unauthenticated privilege escalation flaw (CVE-2026-23550) in the Modular DS WordPress plugin, affecting over 40,000 sites, is under active exploitation. This vulnerability allows attackers to bypass authentication and gain full administrator access, potentially leading to complete site compromise. Users are urged to update to version 2.5.2 immediately and check for signs of compromise.

The National Institute for Standards and Technology has seen over 700 job reductions since 2025, including 89 positions within a crucial lab responsible for validating government encryption, affecting key national security and cybersecurity initiatives.

Germany’s Dresden State Art Collections, a prominent European museum network, recently experienced a targeted cyberattack. This incident has significantly impacted its digital infrastructure, leading to disruptions in online ticket sales, visitor services, and phone access. While the museums remain open, cash payments are currently the only option for on-site purchases.