Cybersecurity Headlines — January 30, 2026

Host: Steve Prentiss, CISO Series
Theme: The latest in global cybersecurity incidents and trends, including regulatory fines, new security features, high-profile hacks, evolving threat groups, and record-setting DDoS attacks.

Episode Overview

This episode delivers a brisk rundown of the day's biggest cybersecurity stories, spanning enforcement actions in Europe, new AI-powered safety features in communications tech, nation-state threat group evolution, and the ever-escalating scale of cyberattacks.

Key Stories and Insights

1. France Fines National Unemployment Agency After Massive Data Breach

[00:09]

What happened?
France's national employment agency, France Travail, was fined €5 million by the French Data Protection Authority for inadequate security measures leading to a data breach in early 2024.
Impact:
- 43 million individuals' personal data, covering two decades, was exposed.
- Sensitive health data in 'jobseeker files' were not included in the breach.
- No bank/account passwords were affected.
Significance:
A stark warning on the scale of regulatory risk when handling PII (Personally Identifiable Information).

Quote:
“...failing to secure jobseekers data, which allowed hackers to steal the personal information of 43 million people.” — Steve Prentiss [00:10]

2. Microsoft Teams to Introduce Suspicious Call Reporting Feature

[01:12]

Feature details:
"Report a Call" lets users flag suspicious calls, such as scams or phishing, directly in Teams.
Rollout:
Targeted release by mid-March, global general availability by late April 2026.
Data handling:
When flagged, call metadata (timestamps, duration, caller ID, Teams IDs) is shared with the organization and Microsoft.
Customization:
Enabled by default, but admins can deactivate this in Call Settings.

Quote:
“Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts.” — Steve Prentiss [01:19]

3. UK Security Officials Urge Shift from Resilience to Deterrence

[02:10]

Context:
During a UK parliamentary hearing, security leaders warned that focusing solely on resilience (absorbing attacks) is not enough.
Call to Action:
Former National Security Advisor Lord Sedwill and ex-head of the British army advocate for imposing real costs on hostile states, including offensive cyber tactics.
Concerns:
Emphasis on deterring attacks targeting critical infrastructure and misinformation campaigns.
Underlying message:
Passive defense alone could “leave [the UK] exposed to cyber attacks and hybrid forms of warfare.”

Quote:
“Resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure and disinformation campaigns...” — Steve Prentiss [02:35]

4. Shiny Hunters Claims 10 Million Stolen Dating App Records

[03:18]

Incident:
Shiny Hunters reportedly breached Match Group's data via Apps Flyer, a third-party analytics provider.
Data Stolen:
User data plus hundreds of internal documents from platforms like Hinge, Match.com, and OkCupid.
Official Response:
Match Group has not commented on the breach’s scope or data specifics; ransom details are unconfirmed.

Quote:
“Shiny Hunter’s representatives say they made off with user data as well as hundreds of internal documents.” — Steve Prentiss [03:37]

5. Labyrinth Chollima Splits into Three North Korean Threat Groups

[05:12]

Findings:
CrowdStrike reports Labyrinth Chollima now comprises three specialized groups:
- Labyrinth Chollima: Espionage (manufacturing, logistics, defense, aerospace)
- Golden Chollima & Pressure Chollima: Cryptocurrency theft to fund operations.
Links:
All evolved from the notorious Lazarus group, share tooling and coordination.

Quote:
“These three groups have all grown out of the Lazarus group, sharing some tools and infrastructure which indicates centralized coordination...” — Steve Prentiss [05:33]

6. SolarWinds Issues Critical Fixes for Web Help Desk

[06:10]

Action:
Patches released for 6 vulnerabilities, 4 rated as CVSS 9.8, addressing issues like authentication bypass and remote code execution.
Recommendation:
Immediate updating is advised to prevent exploitation.

No major quote; brief headline notice.

7. Isuru Botnet Sets New DDoS Record at 31.4 Tbps

[06:35]

Attack details:
On Dec 19, the Asuru Kimwulf botnet carried out a DDoS attack peaking at 31.4 Tbps and 200 million requests/sec, mainly targeting telecom companies.
Method:
Unusually used Android TVs as bots rather than just IoT devices and routers.
Mitigation:
Cloudflare detected and stopped the attack automatically—no serious disruption ensued.

Quote:
"Despite the scale of these hypervolumetric attacks, Cloudflare says they were detected and mitigated automatically and did not trigger any internal alerts.” — Steve Prentiss [06:58]

8. Latvia Names Russia as Primary Source of Surging Cyber Threats

[07:34]

Report Findings:
Latvia's 2025 cyber incident levels hit a record high, mostly cybercrime and digital fraud, with persistent DDoS, malware, and intrusion attempts.
Cause:
Attributed to Russian operations, largely post-Ukraine invasion.
Reassurance:
Most attacks have not caused serious disruption so far, but the campaign is ongoing.

Quote:
“The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security.” — Steve Prentiss [07:45]

Memorable Moments & Summary Quotes

“This follows a data breach that occurred in early 2024 and which exposed jobseekers’ personal information spanning 20 years...” [00:17]
“When users choose to manually flag a call, some metadata... will be shared with both the user’s organization and Microsoft.” [01:39]
“Former National Security Advisor Lord Sedwill... added that resilience measures alone would not deter adversaries...” [02:17]
“They identified Apps Flyer, a marketing analytics provider, as the apparent source of the exposure.” [03:48]
“Isuru uses compromised IoT devices and routers as its botnet, but in this December 19 attack, it used Android TVs.” [07:08]

Timestamps for Major Segments

France Travail Data Breach/Fine – [00:09]
Microsoft Teams Suspicious Call Reporting – [01:12]
UK Cyber Deterrence Calls – [02:10]
Shiny Hunters/Match Group Hack – [03:18]
North Korea Threat Group Split – [05:12]
SolarWinds Patches Release – [06:10]
Isuru Botnet DDoS Record – [06:35]
Latvia Threat Report – [07:34]

This episode underscores the current cybersecurity landscape's complexity: scale and sophistication of breaches, increasing regulatory muscle, the evolving organization of nation-state threat actors, and persistent, increasingly powerful cyberattacks. It’s essential listening for anyone tracking international trends and their implications.

Cybersecurity Headlines — January 30, 2026

Episode Overview

Key Stories and Insights

1. France Fines National Unemployment Agency After Massive Data Breach

[00:09]

What happened?
France's national employment agency, France Travail, was fined €5 million by the French Data Protection Authority for inadequate security measures leading to a data breach in early 2024.
Impact:
- 43 million individuals' personal data, covering two decades, was exposed.
- Sensitive health data in 'jobseeker files' were not included in the breach.
- No bank/account passwords were affected.
Significance:
A stark warning on the scale of regulatory risk when handling PII (Personally Identifiable Information).

Quote:
“...failing to secure jobseekers data, which allowed hackers to steal the personal information of 43 million people.” — Steve Prentiss [00:10]

2. Microsoft Teams to Introduce Suspicious Call Reporting Feature

[01:12]

Feature details:
"Report a Call" lets users flag suspicious calls, such as scams or phishing, directly in Teams.
Rollout:
Targeted release by mid-March, global general availability by late April 2026.
Data handling:
When flagged, call metadata (timestamps, duration, caller ID, Teams IDs) is shared with the organization and Microsoft.
Customization:
Enabled by default, but admins can deactivate this in Call Settings.

Quote:
“Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts.” — Steve Prentiss [01:19]

3. UK Security Officials Urge Shift from Resilience to Deterrence

[02:10]

Context:
During a UK parliamentary hearing, security leaders warned that focusing solely on resilience (absorbing attacks) is not enough.
Call to Action:
Former National Security Advisor Lord Sedwill and ex-head of the British army advocate for imposing real costs on hostile states, including offensive cyber tactics.
Concerns:
Emphasis on deterring attacks targeting critical infrastructure and misinformation campaigns.
Underlying message:
Passive defense alone could “leave [the UK] exposed to cyber attacks and hybrid forms of warfare.”

Quote:
“Resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure and disinformation campaigns...” — Steve Prentiss [02:35]

4. Shiny Hunters Claims 10 Million Stolen Dating App Records

[03:18]

Incident:
Shiny Hunters reportedly breached Match Group's data via Apps Flyer, a third-party analytics provider.
Data Stolen:
User data plus hundreds of internal documents from platforms like Hinge, Match.com, and OkCupid.
Official Response:
Match Group has not commented on the breach’s scope or data specifics; ransom details are unconfirmed.

Quote:
“Shiny Hunter’s representatives say they made off with user data as well as hundreds of internal documents.” — Steve Prentiss [03:37]

5. Labyrinth Chollima Splits into Three North Korean Threat Groups

[05:12]

Findings:
CrowdStrike reports Labyrinth Chollima now comprises three specialized groups:
- Labyrinth Chollima: Espionage (manufacturing, logistics, defense, aerospace)
- Golden Chollima & Pressure Chollima: Cryptocurrency theft to fund operations.
Links:
All evolved from the notorious Lazarus group, share tooling and coordination.

Quote:
“These three groups have all grown out of the Lazarus group, sharing some tools and infrastructure which indicates centralized coordination...” — Steve Prentiss [05:33]

6. SolarWinds Issues Critical Fixes for Web Help Desk

[06:10]

Action:
Patches released for 6 vulnerabilities, 4 rated as CVSS 9.8, addressing issues like authentication bypass and remote code execution.
Recommendation:
Immediate updating is advised to prevent exploitation.

No major quote; brief headline notice.

7. Isuru Botnet Sets New DDoS Record at 31.4 Tbps

[06:35]

Attack details:
On Dec 19, the Asuru Kimwulf botnet carried out a DDoS attack peaking at 31.4 Tbps and 200 million requests/sec, mainly targeting telecom companies.
Method:
Unusually used Android TVs as bots rather than just IoT devices and routers.
Mitigation:
Cloudflare detected and stopped the attack automatically—no serious disruption ensued.

Quote:
"Despite the scale of these hypervolumetric attacks, Cloudflare says they were detected and mitigated automatically and did not trigger any internal alerts.” — Steve Prentiss [06:58]

8. Latvia Names Russia as Primary Source of Surging Cyber Threats

[07:34]

Report Findings:
Latvia's 2025 cyber incident levels hit a record high, mostly cybercrime and digital fraud, with persistent DDoS, malware, and intrusion attempts.
Cause:
Attributed to Russian operations, largely post-Ukraine invasion.
Reassurance:
Most attacks have not caused serious disruption so far, but the campaign is ongoing.

Quote:
“The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security.” — Steve Prentiss [07:45]

Memorable Moments & Summary Quotes

“This follows a data breach that occurred in early 2024 and which exposed jobseekers’ personal information spanning 20 years...” [00:17]
“When users choose to manually flag a call, some metadata... will be shared with both the user’s organization and Microsoft.” [01:39]
“Former National Security Advisor Lord Sedwill... added that resilience measures alone would not deter adversaries...” [02:17]
“They identified Apps Flyer, a marketing analytics provider, as the apparent source of the exposure.” [03:48]
“Isuru uses compromised IoT devices and routers as its botnet, but in this December 19 attack, it used Android TVs.” [07:08]

Timestamps for Major Segments

France Travail Data Breach/Fine – [00:09]
Microsoft Teams Suspicious Call Reporting – [01:12]
UK Cyber Deterrence Calls – [02:10]
Shiny Hunters/Match Group Hack – [03:18]
North Korea Threat Group Split – [05:12]
SolarWinds Patches Release – [06:10]
Isuru Botnet DDoS Record – [06:35]
Latvia Threat Report – [07:34]

wavePod

France fines unemployment agency, Teams flags calls, UK pushes deterrence

Powered by Wave AI

Summary

Cybersecurity Headlines — January 30, 2026

Episode Overview

Key Stories and Insights

1. France Fines National Unemployment Agency After Massive Data Breach

2. Microsoft Teams to Introduce Suspicious Call Reporting Feature

3. UK Security Officials Urge Shift from Resilience to Deterrence

4. Shiny Hunters Claims 10 Million Stolen Dating App Records

5. Labyrinth Chollima Splits into Three North Korean Threat Groups

6. SolarWinds Issues Critical Fixes for Web Help Desk

7. Isuru Botnet Sets New DDoS Record at 31.4 Tbps

8. Latvia Names Russia as Primary Source of Surging Cyber Threats

Memorable Moments & Summary Quotes

Timestamps for Major Segments

Summary

Cybersecurity Headlines — January 30, 2026

Episode Overview

Key Stories and Insights

1. France Fines National Unemployment Agency After Massive Data Breach

2. Microsoft Teams to Introduce Suspicious Call Reporting Feature

3. UK Security Officials Urge Shift from Resilience to Deterrence

4. Shiny Hunters Claims 10 Million Stolen Dating App Records

5. Labyrinth Chollima Splits into Three North Korean Threat Groups

6. SolarWinds Issues Critical Fixes for Web Help Desk

7. Isuru Botnet Sets New DDoS Record at 31.4 Tbps

8. Latvia Names Russia as Primary Source of Surging Cyber Threats

Memorable Moments & Summary Quotes

Timestamps for Major Segments