Summary5 min read

Cybersecurity Headlines — January 30, 2026

Host: Steve Prentiss, CISO Series
Theme: The latest in global cybersecurity incidents and trends, including regulatory fines, new security features, high-profile hacks, evolving threat groups, and record-setting DDoS attacks.

Episode Overview

This episode delivers a brisk rundown of the day's biggest cybersecurity stories, spanning enforcement actions in Europe, new AI-powered safety features in communications tech, nation-state threat group evolution, and the ever-escalating scale of cyberattacks.

Key Stories and Insights

1. France Fines National Unemployment Agency After Massive Data Breach

[00:09]

What happened?
France's national employment agency, France Travail, was fined €5 million by the French Data Protection Authority for inadequate security measures leading to a data breach in early 2024.
Impact:
- 43 million individuals' personal data, covering two decades, was exposed.
- Sensitive health data in 'jobseeker files' were not included in the breach.
- No bank/account passwords were affected.
Significance:
A stark warning on the scale of regulatory risk when handling PII (Personally Identifiable Information).

Quote:
“...failing to secure jobseekers data, which allowed hackers to steal the personal information of 43 million people.” — Steve Prentiss [00:10]

2. Microsoft Teams to Introduce Suspicious Call Reporting Feature

[01:12]

Feature details:
"Report a Call" lets users flag suspicious calls, such as scams or phishing, directly in Teams.
Rollout:
Targeted release by mid-March, global general availability by late April 2026.
Data handling:
When flagged, call metadata (timestamps, duration, caller ID, Teams IDs) is shared with the organization and Microsoft.
Customization:
Enabled by default, but admins can deactivate this in Call Settings.

Quote:
“Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts.” — Steve Prentiss [01:19]

3. UK Security Officials Urge Shift from Resilience to Deterrence

[02:10]

Context:
During a UK parliamentary hearing, security leaders warned that focusing solely on resilience (absorbing attacks) is not enough.
Call to Action:
Former National Security Advisor Lord Sedwill and ex-head of the British army advocate for imposing real costs on hostile states, including offensive cyber tactics.
Concerns:
Emphasis on deterring attacks targeting critical infrastructure and misinformation campaigns.
Underlying message:
Passive defense alone could “leave [the UK] exposed to cyber attacks and hybrid forms of warfare.”

Quote:
“Resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure and disinformation campaigns...” — Steve Prentiss [02:35]

4. Shiny Hunters Claims 10 Million Stolen Dating App Records

[03:18]

Incident:
Shiny Hunters reportedly breached Match Group's data via Apps Flyer, a third-party analytics provider.
Data Stolen:
User data plus hundreds of internal documents from platforms like Hinge, Match.com, and OkCupid.
Official Response:
Match Group has not commented on the breach’s scope or data specifics; ransom details are unconfirmed.

Quote:
“Shiny Hunter’s representatives say they made off with user data as well as hundreds of internal documents.” — Steve Prentiss [03:37]

5. Labyrinth Chollima Splits into Three North Korean Threat Groups

[05:12]

Findings:
CrowdStrike reports Labyrinth Chollima now comprises three specialized groups:
- Labyrinth Chollima: Espionage (manufacturing, logistics, defense, aerospace)
- Golden Chollima & Pressure Chollima: Cryptocurrency theft to fund operations.
Links:
All evolved from the notorious Lazarus group, share tooling and coordination.

Quote:
“These three groups have all grown out of the Lazarus group, sharing some tools and infrastructure which indicates centralized coordination...” — Steve Prentiss [05:33]

6. SolarWinds Issues Critical Fixes for Web Help Desk

[06:10]

Action:
Patches released for 6 vulnerabilities, 4 rated as CVSS 9.8, addressing issues like authentication bypass and remote code execution.
Recommendation:
Immediate updating is advised to prevent exploitation.

No major quote; brief headline notice.

7. Isuru Botnet Sets New DDoS Record at 31.4 Tbps

[06:35]

Attack details:
On Dec 19, the Asuru Kimwulf botnet carried out a DDoS attack peaking at 31.4 Tbps and 200 million requests/sec, mainly targeting telecom companies.
Method:
Unusually used Android TVs as bots rather than just IoT devices and routers.
Mitigation:
Cloudflare detected and stopped the attack automatically—no serious disruption ensued.

Quote:
"Despite the scale of these hypervolumetric attacks, Cloudflare says they were detected and mitigated automatically and did not trigger any internal alerts.” — Steve Prentiss [06:58]

8. Latvia Names Russia as Primary Source of Surging Cyber Threats

[07:34]

Report Findings:
Latvia's 2025 cyber incident levels hit a record high, mostly cybercrime and digital fraud, with persistent DDoS, malware, and intrusion attempts.
Cause:
Attributed to Russian operations, largely post-Ukraine invasion.
Reassurance:
Most attacks have not caused serious disruption so far, but the campaign is ongoing.

Quote:
“The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security.” — Steve Prentiss [07:45]

Memorable Moments & Summary Quotes

“This follows a data breach that occurred in early 2024 and which exposed jobseekers’ personal information spanning 20 years...” [00:17]
“When users choose to manually flag a call, some metadata... will be shared with both the user’s organization and Microsoft.” [01:39]
“Former National Security Advisor Lord Sedwill... added that resilience measures alone would not deter adversaries...” [02:17]
“They identified Apps Flyer, a marketing analytics provider, as the apparent source of the exposure.” [03:48]
“Isuru uses compromised IoT devices and routers as its botnet, but in this December 19 attack, it used Android TVs.” [07:08]

Timestamps for Major Segments

France Travail Data Breach/Fine – [00:09]
Microsoft Teams Suspicious Call Reporting – [01:12]
UK Cyber Deterrence Calls – [02:10]
Shiny Hunters/Match Group Hack – [03:18]
North Korea Threat Group Split – [05:12]
SolarWinds Patches Release – [06:10]
Isuru Botnet DDoS Record – [06:35]
Latvia Threat Report – [07:34]

This episode underscores the current cybersecurity landscape's complexity: scale and sophistication of breaches, increasing regulatory muscle, the evolving organization of nation-state threat actors, and persistent, increasingly powerful cyberattacks. It’s essential listening for anyone tracking international trends and their implications.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Friday, January 30, 2026. I'm Steve Prentiss. France fines country's unemployment agency over data breach the French Data Protection Authority has fined the country's national employment agency, France Travail, a sum of 5 million euros for failing to secure jobseekers data, which allowed hackers to steal the personal information of 43 million people. This follows a data breach that occurred in early 2024 and which exposed jobseekers. Personal information spanning 20 years, including standard PII. Bank details and account passwords were not affected, nor were Jobseeker files taken. This latter category is important because jobseeker files tend to contain sensitive health data. Microsoft Teams addition will allow for suspicious calls to be flagged and reported. This new feature is intended to be released to targeted release customers by mid March. Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts. Named Report a Call, the function will be enabled by default, but can be disabled by admins via a toggle inside the Call Settings section when users choose to manually flag a call. Some metadata including timestamps, duration, caller ID information and participant teams IDs will be shared with both the user's organization and Microsoft. General Availability Worldwide is expected for late April. UK leaders warned about absorbing cyber attacks without offensive deterrence During a UK parliamentary hearing on national security, ministers were warned that Britain risks leaving itself exposed to cyber attacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states. Former National Security Advisor Lord Sedwill, who is now a member of the Joint Committee on the National Security Strategy, added that resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure and disinformation campaigns against the United Kingdom. His comments echo those made by the former head of the British army, who previously urged the government to get on the forward foot with ransomware instead of just absorbing the punches. Shiny Hunters steals 10 million records in alleged dating app heist these records were allegedly stolen from Match Group, a US based firm that owns some of the world's most widely used swipe based dating platforms including Hinge, Match.com and OkCupid. Shiny Hunter's representatives say they made off with user data as well as hundreds of internal documents. They identified Apps Flyer, a marketing analytics provider, as the apparent source of the exposure. Match Group itself has declined to say what types of data were accessed, how many customers were affected, or whether a ransom was involved. Huge thanks to our sponsor Conveyor. Want to hear a horror story? An infosec manager found out that their sales rep had filled in a customer security questionnaire themselves and sent it back to the customer without review. This led to dozens of follow up questions. With Conveyor's Trust Center AI agent, you can avoid all that. The agent lives in your Conveyor hosted Trust center and answers every customer question, surfaces, documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Learn more at www.conveyor.com that is C O N V E-Y-O-R.com North Korea threat group splits into three distinct operations According to a report released by CrowdStrike yesterday Thursday, the group Labyrinth Colyma, that is spelled C H O L L I M A has spawned two additional groups, Golden Colima and Pressure Colima. These spin offs, which have been operating since 2020, allow Labyrinth Kolyma to narrow its focus on espionage targeting victims in the manufacturing, logistics, defense and aerospace industries, while Golden Column and Pressure Column focus on stealing cryptocurrency for funding North Korea's cyber operations. These three groups have all grown out of the Lazarus group, sharing some tools and infrastructure which indicates centralized coordination in concert with their specialized individual capabilities. SolarWinds fixes critical web Help desk floors these security updates seek to address multiple security vulnerabilities impacting SolarWinds web help desk, including four that could result in authentication, bypass and remote code execution. There are six vulnerabilities involved in this update series, four of which have CVSS ratings of 9.8. A link to an article providing the CVE numbers and details on these flaws is available in the show. Notes to this episode. Isuru Botnet outdoes itself with 31.4 terabit per second DDoS attack this attack targeted multiple companies, mostly in the telecommunications sector, and was detected and mitigated by Cloudflare on December 19. It was launched by the Asuru Kimwulf botnet and peaked at 31.4 terabits and 200 million requests per second, surpassing its own previous DDoS record that had reached 29.7 terabits per second. Despite the scale of these hypervolumetric attacks, Cloudflare says they were detected and mitigated automatically and did not trigger any internal alerts. Cloudflare added in its report that in general, isuru uses compromised IoT devices and routers as its botnet, but in this December 19 attack, it used Android TVs. Latvia identifies Russia as its top cyber threat as attacks hit record high in its annual report released this week, Latvia's National Security Service said 2025 marked an all time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia's invasion of Ukraine in 2022. The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security. The methods included intrusion attempts, malware distribution, equipment compromise and DDoS attacks. The agency adds that the campaign shows no sign of slowing, even though most incidents so far have failed to cause serious disruption. Have you subscribed to the CISO Series YouTube channel yet? We are posting new content every day, vertical videos, breaking down news, original interviews, product demos, event coverage and podcast clips. If you enjoy this podcast, you'll love checking out our YouTube channel. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us at feedbacksoseries. We would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.
[08:05]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.