Svoboda Cybersecurity Brief January 24, 2026

Microsoft Provided FBI with BitLocker Recovery Keys

Microsoft handed over BitLocker recovery keys to the FBI under a search warrant, raising privacy concerns. The keys were stored on Microsoft servers for user convenience but became accessible to law enforcement.
Source: DataBreaches.net

ShinyHunters Claims Responsibility for Okta Vishing Campaign

The ShinyHunters group launched a new dark web leak site and admitted to targeting Okta SSO accounts via vishing attacks. They leaked data from Crunchbase, SoundCloud, and Betterment after failed extortion attempts.
Source: DataBreaches.net

INC Ransomware OpSec Fail Allows Data Recovery

An INC ransomware opsec failure enabled Cyber Centaurs to recover data for 12 U.S. organizations. Attackers used the RainINC variant and staged payloads from the PerfLogs directory.
Impact: Data exfiltration and encryption.
Mitigation: Monitor PerfLogs directory activity and enforce strict access controls.
Source: DataBreaches.net

Dutch Police Warned About Security Hole Before Russian Hack

Dutch police were aware of Microsoft M365 cloud security gaps before Russian hackers stole data from 65,000 officers. The breach exposed personal details and photos via compromised email accounts.
Source: DataBreaches.net

Malicious AI Extensions Steal Developer Data in VSCode

Two VSCode Marketplace extensions (ChatGPT – 中文版 and ChatMoss) stole developer data via hidden tracking iframes and exfiltrated files to Chinese servers. Combined installs reached 1.5 million.
Impact: Source code, credentials, and sensitive data theft.
Mitigation: Audit installed extensions and monitor file access patterns.
Source: BleepingComputer

CISA Warns of Active Exploitation for Four Enterprise Bugs

CISA added CVE-2025-68645 (Zimbra LFI), CVE-2025-34026 (Versa Concerto auth bypass), CVE-2025-31125 (Vite improper access), and CVE-2025-54313 (eslint-config-prettier malware) to its KEV catalog. Federal agencies must patch by February 12, 2026.
Impact: Unauthorized access, data theft, and supply-chain compromise.
Mitigation: Apply vendor patches or disable affected services.
Source: BleepingComputer

Fortinet Confirms FortiCloud SSO Bypass on Patched Devices

Fortinet acknowledged attackers bypassing patches for CVE-2025-59718 (FortiCloud SSO auth bypass). Hackers created VPN-enabled accounts and exfiltrated configurations via cloud-init@mail.io.
Impact: Full device compromise.
Mitigation: Disable FortiCloud SSO and restrict admin access.
Source: BleepingComputer

GNU InetUtils Telnetd Auth Bypass Exploited in Campaign

Attackers targeted CVE-2026-24061, an 11-year-old GNU InetUtils telnetd flaw allowing root access via USER=-f root. GreyNoise detected 18 attacker IPs exploiting the bug.
Impact: Unauthenticated root access.
Mitigation: Upgrade to v2.8 or disable telnetd.
Source: BleepingComputer

ATM Jackpotting Gang Members Convicted in US

Two Venezuelans (Luz Granados and Johan Gonzalez-Jimenez) used Ploutus malware to drain ATMs, stealing $411,440. Both face deportation after serving sentences.
Source: BleepingComputer

Pwn2Own Automotive 2026 Awards $1M for 76 Zero-Days

Researchers earned $1,047,000 for exploits targeting EV chargers, infotainment systems, and Automotive Grade Linux. Fuzzware.io led with $215,500, including a Tesla infotainment USB hack.
Source: BleepingComputer

SmarterMail Auth Bypass Exploited for RCE

Attackers abused CVE-2026-23760 (SmarterMail password reset flaw) to gain admin access and execute OS commands via Volume Mount Command. Patched in v9511.
Impact: Full server compromise.
Mitigation: Update to latest version and audit system events.
Source: SecurityWeek

Under Armour Investigating Email Data Breach

Under Armour confirmed a breach affecting 72 million email addresses, with some records including names and birthdates. No passwords or payment data were compromised.
Source: SecurityWeek

Share this brief: https://svo.bz/Nu3a