Summary4 min read

Cybersecurity Headlines – January 14, 2026

Podcast: Cybersecurity Headlines
Host: Sarah Lane, CISO Series
Episode Theme: A roundup of the latest cybersecurity threats, vulnerabilities, and industry developments, with a focus on attacks affecting blockchain projects, Android devices, telecom policies, and recent breaches.

Main Theme / Purpose

This episode delivers a concise overview of current cybersecurity news impacting organizations and individuals. Key topics include a new botnet attacking blockchain projects, an Android accessibility bug, changes to Verizon’s phone unlocking policy, and a string of high-profile data breaches and vulnerabilities.

Key Discussion Points & Insights

1. GoBruteforcer Botnet Targets Blockchain Projects

[00:07]

Summary: Check Point reports a resurgence of the GoBruteforcer botnet, now focusing on compromising internet-exposed Linux services related to crypto and blockchain, including FTP, MySQL, phpMyAdmin, and PostgreSQL.
Attack Techniques:
- Botnet leverages leaked/default credentials, especially from AI-generated server deployments and legacy software like xampp.
- After gaining access, attackers deploy a web shell, an IRC bot, and modules to harvest and exfiltrate Tron and Binance Smart Chain (BSC) tokens.
Memorable Moment:

"The malware leverages leaked or leaked credentials and is benefiting from AI generated server deployments that ship with default usernames and passwords, plus legacy stacks like xampp."
— Sarah Lane [00:13]

2. Android Bug Disrupts Volume Keys

[00:45]

Issue: Google's Android platform is experiencing a bug where the volume keys malfunction when the 'Select to Speak' accessibility feature is enabled.
Impact:
- Volume keys adjust accessibility volume instead of media volume.
- The camera shutter shortcut triggered by volume keys is disabled.
Response: Google recommends users temporarily disable 'Select to Speak' until a future update, but hasn't specified which devices or OS versions are affected.

3. Verizon Alters Phone Unlocking Policy

[01:17]

Change: Verizon received an FCC waiver allowing it to stop automatic phone unlocking after 60 days.
New Policy:
- Prepaid devices can remain locked for up to 18 months.
- Postpaid phones stay locked until financing or termination fees are cleared.
Potential Consequences:
- Makes switching carriers harder, reduces consumer choice, and may increase e-waste.
- The FCC frames this as a fraud prevention measure, but consumer groups express concern.
Quote:

"Automatic unlocking boosts competition, lowers costs and reduces E-waste. Existing devices are not affected. New activations follow the updated policy."
— Sarah Lane [01:40]

4. Senior Military Cyber Operator Removed

[02:09]

Details: AF Lt. Col. Jason Gargan was relieved from leading the U.S. cyber National Mission Forces (Russia task force) due to disagreements with leadership.
Context: Comes amid broader leadership turnover at Cyber Command, which lacks a Senate-confirmed leader after nine months.

5. CISA Flags Gogs Vulnerability

[03:06]

Vulnerability: A high-severity flaw in Gogs (Git repository software) allows attackers to overwrite files and achieve remote code execution via symbolic link handling in the 'put contents' API.
Impact: Over 700 Gogs instances already compromised; around 1,600 exposed online. No official patch available.
Directive: CISA mandates federal agencies to mitigate by February 2nd.
Quote:

"CISA told federal agencies to mitigate by February 2nd."
— Sarah Lane [03:25]

6. Web Skimmer Steals Card Data from Checkout Pages

[03:36]

Findings: Silent Push researchers reveal a persistent 'Magecart-style' web skimming campaign active since early 2022.
Operation:
- Targets major payment networks by injecting obfuscated JavaScript into checkout pages.
- Can replace real payment forms with fake ones to intercept credit card and personal information, then self-deletes to evade detection.
- Stolen data is then exfiltrated, and the skimmer avoids rerunning on already-infected victims.

7. JP Morgan Data Breach via Fried Frank Law Firm

[04:15]

Incident: JP Morgan is notifying investors after law firm Fried Frank suffered a breach, exposing data of 659 private equity fund investors (names, contact info, account numbers, SSNs, passports/government IDs).
Context: Similar breach triggered disclosures from Goldman Sachs in late 2025.
Reassurance: No direct compromise of JP Morgan or Goldman Sachs systems. Fried Frank faces lawsuits but claims to have limited damage and involved law enforcement.

8. Betterment Discloses Breach Tied to Crypto Scam

[04:47]

Attack: Hackers accessed a third-party marketing platform to send phishing messages from a legitimate Betterment subdomain, promoting a "triple your deposit" crypto scam.
Exposure: Customer contact and personal details were accessed, but core systems and credentials were not compromised.
Actions Taken: Betterment blocked access, warned users, acknowledged a subsequent DDoS attack, and promises a postmortem after investigation.

Notable Quotes & Memorable Moments

“The malware leverages leaked or leaked credentials and is benefiting from AI generated server deployments…”
— Sarah Lane [00:13]
“Automatic unlocking boosts competition, lowers costs and reduces E-waste. Existing devices are not affected. New activations follow the updated policy.”
— Sarah Lane [01:40]
“CISA told federal agencies to mitigate by February 2nd.”
— Sarah Lane [03:25]

Timestamps for Important Segments

GoBruteforcer botnet targets blockchain: [00:07]
Android bug causes issues: [00:45]
Verizon unlock policy change: [01:17]
Military cyber command shakeup: [02:09]
CISA – Gogs vulnerability: [03:06]
Web skimmer revelations: [03:36]
JP Morgan breach via law firm: [04:15]
Betterment breach & scam: [04:47]

Tone and Style

Direct, news-focused delivery with frequent attributions to security researchers, industry bodies, and organizations.
Straightforward recaps, clear warnings, and pragmatic recommendations.

This summary offers an efficient reference for cybersecurity professionals and interested listeners, capturing essential news and actionable insights from the January 14, 2026 episode of Cybersecurity Headlines. For deeper analysis, visit CISOseries.com.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, January 14, 2026. I'm Sarah Lane. Go bruteforcer targets crypto blockchain Projects Check Point reports An updated Go bruteforcer botnet is targeting crypto and blockchain projects by compromising Internet exposed Linux services like FTP, MySQL, phpMyAdmin and PostgreSQL. The malware leverages leaked or leaked credentials and is benefiting from AI generated server deployments that ship with default usernames and passwords, plus legacy stacks like xampp. Once in, attackers deploy a web shell and an IRC bot for remote control, along with modules that enumerate Tron addresses and move BSC and Tron tokens to to attacker wallets. Android bug causes volume key issues Google confirmed a bug causing Android volume keys to behave incorrectly when the select to Speak accessibility feature is enabled. Reports say the buttons adjust accessibility volume instead of media volume and no longer trigger the camera shutter shortcut. Google hasn't said how many users or which versions are affected and is directing those impacted to temporarily disable select to Speak until a fix arrives in a future update. Verizon to stop automatic unlocking of phones the FCC granted Verizon a waiver letting it stop automatically unlocking phones after 60 days, replacing the rule with looser CTIA standards. That change lets Verizon keep prepaid devices locked for a year and a half and postpaid devices locked until financing or termination fees are paid, making switching harder. The FCC framed the shift as a fraud and law enforcement issue despite pushback from consumer groups. That said, automatic unlocking boosts competition, lowers costs and reduces E waste. Existing devices are not affected. New activations follow the updated policy. Senior military Cyber operator removed from Russia Task force Air Force Lt. Col. Jason Gargan was relieved from command of the U.S. cyber National Mission Forces Russia focused task force after disagreements with CNMF Chief Major general Lorna Malik. Gargan has been reassigned within CNMF and is expected to retire by late 2026. This comes as Mallock is nominated to become Cyber Command's deputy chief amid broader senior turnover at the command, which has lacked a Senate confirmed leader for more than nine months. Huge thanks to our sponsor ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain Zero trust in real environments. Join us March 4th through the 6th in Orlando plus a live CISO series episod also on March 6th get $200 off with zTW ciso26@ztw.com CISA flags actively exploited GOG's vulnerability CISA added a high severity GOG's vulnerability to its known exploited vulnerabilities list after Wiz found attackers abusing it as a zero day to overwrite files and and achieve remote code execution. The flaw affects gogs up to 0.13.3 and stems from symbolic link handling in the put contents API. Wiz says more than 700 instances were compromised, with roughly 1,600 exposed online and no official patch yet. CISA told federal agencies to mitigate by February 2nd. Web skimmer steals credit cards from online checkout pages Silent push Researchers uncovered a long running mag cart style web skimming operation active since early 2022, targeting checkout pages tied to major payment networks including Amex, Mastercard, Discovery, UnionPay, JCB and Diners Club. The campaign injects obfuscated JavaScript from sanctioned hosting infrastructure, detects WordPress admin sessions to self delete, and can render a fake stripe form to harvest card numbers, CVCs and personal details before restoring the real form. Stolen data is then exfiltrated and the skimmer sets flags to avoid rerunning on the same victim. JP Morgan Discloses law firm data Breach JP Morgan is notifying investors about a data breach tied to an incident at law firm Fried Frank, the same intrusion that prompted Goldman Sachs disclosures in late 2025. An unauthorized party copied files from a shared drive containing names, contact details, account numbers, SSNs and passport or government ID numbers for 659 private equity fund investors. JP Morgan and Goldman say their own systems were not compromised. Freud Frank faces lawsuits but says it contained the incident, engaged external responders and involved law enforcement. Betterment Confirms breach after crypto scam Wave Betterment disclosed a data breach after hackers abused a third party marketing platform to send a crypto triple your deposit scam from a legitimate betterment subdomain on January 9. The attacker accessed contact and personal details stored in that system, though Betterment says its core infrastructure accounts and credentials were not touched, though later it said it was hit with a DDoS attack. Betterment has cut off the unauthorized access, warned users and said it will publish a postmortem once its investigation finishes. Are you subscribed to the ciso series on YouTube? We would love it if you'd be part of our channel. We have daily shorts about the news of the week, original interviews, our Department of Know livestream demos and more. Be sure to find the CISO series on YouTube and let us know what you think. And if you have some thoughts on the news from today or about our show in general, be sure to reach out to us@feedbacksoseries.com we'd love to hear from you. I am Sarah Lane reporting for the CISO series. And guess what? I'll talk to you tomorrow.
[06:52]
A
Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories behind the headlines.
[06:58]
B
It.