In this week’s news: North Korean threat actor observed using PowerShell malware generated using AI, Sandworm hackers linked to failed wiper attack on Poland’s energy systems, Osiris ransomware emerges, leveraging BYOVD technique to kill security tools, FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys, 11-Year-Old critical telnetd flaw found, CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079, Fortinet confirms critical FortiCloud auth bypass not fully patched, AI extensions on VSCode Marketplace steal developer data, Voice Phishing Okta Customers: ShinyHunters Claims Credit

Subscribe to this newsletter.

The Long-Term Impact of Continuous Phishing Training and Emotional Triggers.
https://arxiv.org/abs/2510.27298

Koi Risk engine has identified two VS Code extensions, a campaign we're calling MaliciousCorgi - 1.5 million combined installs, both live in the marketplace right now - that work exactly as promised. They answer your coding questions. They explain your errors. They also capture every file you open, every edit you make, and send it all to servers in China.
https://www.koi.ai/blog/maliciouscorgi-the-cute-looking-ai-extensions-leaking-code-from-1-5-million-developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.
https://briefly.co/anchor/Information_security/story/konni-hackers-deploy-ai-generated-powershell-backdoor-against-blockchain-developers

Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage.
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-oob-update-to-fix-outlook-freezes/

A cyberattack targeting Poland’s power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack..
https://www.bleepingcomputer.com/news/security/sandworm-hackers-linked-to-failed-wiper-attack-on-polands-energy-systems/

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools.
https://securityaffairs.com/187279/security/osiris-ransomware-emerges-leveraging-byovd-technique-to-kill-security-tools.html

A recent legal case has revealed a surprising gap in computer privacy that many people likely didn’t know existed. It turns out Microsoft can unlock personal computers for the government, and they recently did exactly that during a major investigation.
https://hackread.com/fbi-windows-laptops-microsoft-bitlocker-recovery-keys/

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years.
https://securityaffairs.com/187255/security/11-year-old-critical-telnetd-flaw-found-in-gnu-inetutils-cve-2026-24061.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December.
https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/

Criminals are wielding advanced voice-phishing toolkits designed to streamline social engineering attacks in real-time.
https://www.bankinfosecurity.com/voice-phishing-okta-customers-shinyhunters-claims-credit-a-30590

South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences.
https://www.bleepingcomputer.com/news/security/us-to-deport-venezuelans-who-emptied-bank-atms-using-malware/

Decentralized exchange aggregator Matcha Meta reported a security incident involving its SwapNet integration on Sunday, with multiple blockchain security firms flagging a multi-million dollar drain of user funds.
https://www.theblock.co/post/386986/matcha-meta-swapnet-incident