Latest Internet & Cybersecurity News
Surge in AI Infrastructure Attacks Targets LLM and SSRF Weaknesses
Researchers report more than **91,000 malicious sessions** targeting AI infrastructure between October 2025 and early 2026, focusing on SSRF flaws and exposed LLM endpoints. One campaign abused Ollama model-pull and Twilio webhooks, while another systematically probed over **73 large language model endpoints** across major AI platforms, indicating professional reconnaissance feeding future exploitation pipelines.
CISA Flags Critical HPE OneView Remote Code Execution Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency added a **maximum‑severity flaw (CVE‑2025‑37164)** in HPE OneView to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The bug allows **unauthenticated remote code execution** on versions prior to 11.00, and CISA orders federal agencies to patch by late January while warning private organizations there are **no effective workarounds** besides upgrading.
UK Launches £210 Million Overhaul of Public‑Sector Cybersecurity
The UK government announced a **£210 million cybersecurity initiative** to address “critically high” risks in public‑sector systems running on vulnerable legacy platforms. The plan creates a central Government Cyber Unit, a Cyber Coordination Centre (GC3), and a dedicated government cyber profession and resourcing hub to tackle chronic skills shortages.
U.S. Withdraws from 66 International Cyber and Digital Rights Coalitions
The United States has **withdrawn from 66 international organizations** related to cybersecurity, digital rights, and hybrid‑threat cooperation, including the Hybrid CoE, GFCE, and Freedom Online Coalition. Officials cited misalignment with U.S. interests, but analysts warn the move could weaken **global intelligence sharing and coordinated cyber defense** efforts.
Global Ransomware Attacks on Telecom Sector Quadruple Since 2022
Ransomware attacks on telecom companies increased nearly **fourfold**, from 24 incidents in 2022 to 90 in 2025, according to threat‑intelligence firm Cyble. Criminal gangs such as **Qilin, Akira and Play** exploited rapidly weaponized network‑equipment vulnerabilities, with most attacks hitting the Americas and often involving data theft and sale of stolen telecom databases.
New GoBruteforcer Malware Targets Crypto and Blockchain Servers
A new malware strain dubbed **GoBruteforcer** is scanning the internet for poorly secured servers supporting cryptocurrency and blockchain projects, abusing default passwords on services such as FTP and MySQL. Many targets were deployed with weak or AI‑generated setup instructions, illustrating how misconfigured infrastructure and AI‑driven shortcuts are feeding botnet expansion.
North Korean ‘Kimsuky’ Group Uses Malicious QR Codes in Spear‑Phishing
The FBI issued an alert that North Korea‑linked group **Kimsuky** is embedding malicious QR codes in spear‑phishing emails, a tactic dubbed “quishing.” Since last year, the group has targeted research organizations, academic institutions, and U.S. and foreign government entities, aiming to harvest credentials and deploy malware via seemingly benign QR scans.
WhatsApp‑Spread Astaroth Trojan and Other Threats Lead Daily Alerts
Recent cyber alerts highlight the **Astaroth info‑stealing trojan** spreading through malicious WhatsApp messages, tricking users into opening payload‑carrying attachments or links. The same round‑up flags active exploitation of HPE and Microsoft flaws and renewed warnings about North Korean QR‑code phishing, underscoring how common apps and everyday user actions remain prime entry points.
CISA Faces Resource Strain Amid Growing AI and Nation‑State Threats
The U.S. Cybersecurity and Infrastructure Security Agency enters 2026 grappling with **workforce cuts, reduced resources, and strained partnerships** while AI‑driven and China‑linked threats intensify. Analysts say CISA must finalize incident‑reporting rules under CIRCIA and better support critical‑infrastructure operators as Chinese operations such as Salt Typhoon highlight systemic U.S. vulnerabilities.
AI and Ransomware Dominate 2026 Cyber Risk Forecasts
Security researchers and vendors forecast that ransomware will continue shifting toward **targeted operational disruption**, while rapid, poorly governed AI adoption erodes traditional network perimeters from within. Experts stress that many hyped notions of fully autonomous AI‑orchestrated attacks remain overstated in the near term, but AI‑enhanced phishing, credential abuse, and insider‑style risks are already material.
Global Security Budgets Rise, Yet May Lag AI‑Driven Risk Growth
Gartner estimates most organizations will increase **cybersecurity budgets by about 12–13% in 2026**, raising global security spend from $213 billion to $240 billion. However, many CISOs report that even rising budgets may be insufficient against expanding AI‑enabled attack surfaces, driving interest in **zero‑trust architectures and attack‑surface management**.
Cyberattacks Disrupt Schools, Insurers, and Automotive Supply Chains
The first week of 2026 saw a cyberattack force **Higham Lane School in England** to close temporarily, disrupting learning for around 1,500 students. In Australia, insurer **Prosura** shut down online policy and claims portals after unauthorized access to internal systems, while a separate incident hit Jaguar Land Rover sales operations, illustrating the real‑world business impact of cyber incidents.