Cybersecurity Headlines – January 15, 2026

Host: Sarah Lane, CISO Series
Main Focus: Key cyber events affecting global security, policy, and threat landscapes

Episode Overview

This episode highlights major developments in global cybersecurity, including the U.S. government's considerations on involving private companies in cyber warfare, China’s directive for enterprises to abandon U.S. and Israeli cybersecurity products, and emerging threats and law enforcement actions in ransomware and malware. Each story provides critical insights into shifting power dynamics, innovative attacker techniques, and evolving nation-state strategies.

Key Stories & Discussion Points

1. U.S. Considers Letting Private Firms Join Offensive Cyber Operations

[00:06 – 01:10]

• The U.S. administration may allow private companies "a more direct role in offensive cyber operations," moving beyond tool-building to potentially conducting attacks.
• This would require changing federal law and congressional approval.
• The upcoming NSA and Cyber Command nominee hearing (Lt. Gen. Joshua Rudd) could bring this policy shift into the public eye.
• Concerns raised about "outsourcing cyber warfare to the private sector" regarding legalities and operational risks.

Quotable Moment:
“The move would expand the current model, where firms can build tools but not conduct attacks, and would require changes to federal law plus congressional approval.”
— Sarah Lane [00:16]

2. China Bans U.S. & Israeli Cybersecurity Software

[01:10 – 02:06]

• Chinese authorities have directed domestic companies to cease using products from about a dozen prominent U.S. and Israeli cybersecurity vendors (including VMware, Palo Alto Networks, Fortinet, Checkpoint).
• Part of a broader effort to "replace Western tech with domestic alternatives," corresponding with escalating U.S.–China tech tensions.
• Announcement comes ahead of the U.S. President’s visit to Beijing.

Quotable Moment:
“This is part of a broader push to replace Western tech with domestic alternatives amid escalating US-China tech tensions…”
— Sarah Lane [01:27]

3. DeadLock Ransomware Uses Smart Contracts to Hide Infrastructure

[02:06 – 02:53]

• “Deadlock” ransomware actors are leveraging Polygon smart contracts for hiding command and control infrastructure.
• Unlike double extortion gangs, Deadlock "encrypts systems and threatens to sell stolen data."
• Their system "rotates proxy addresses," inspired by North Korean tactics, complicating mitigation.
• Attack vectors remain unclear, but prior reports suggest use of BYOD (Bring Your Own Device) techniques and EDR (Endpoint Detection and Response) exploits.

Notable Quote:
“Its smart contract system rotates proxy addresses, complicating blocking efforts and mirroring tactics recently seen in North Korean campaigns.”
— Sarah Lane [02:33]

4. Microsoft and Law Enforcement Disrupt RedVDS Cybercrime Platform

[02:53 – 03:39]

• Microsoft, with global law enforcement partners, has seized infrastructure belonging to RedVDS, a major platform for payment diversion scams.
• RedVDS offered disposable Windows RDP servers (~$24/month) for phishing, account hijacks, and impersonation.
• Associated losses exceed $40 million in the U.S.; over 191,000 email accounts and 3,700 domains traced.

Key Fact:
“Real estate transactions were hit especially hard.”
— Sarah Lane [03:33]

5. Predator Spyware’s Advanced Detection Evasion

[04:13 – 04:53]

• JAMF Threat Labs discovered that “Predator” spyware by Intellexa detects failed infections and the presence of security tools using error codes (e.g., 304).
• Can spot analysis tools like Frida and Netstat; aborts installation and suppresses crash logs to evade forensic analysis.
• Predator’s anti-analysis features "outclass other commercial software."

Memorable Moment:
“Predator’s troubleshooting and anti analysis features outclass other commercial software...”
— Sarah Lane [04:47]

6. France Fines Free Mobile and Parent Company Over 2024 Breach

[04:53 – 05:23]

• France’s data protection agency (CNIL) fined Free Mobile & parent Free €42 million for GDPR violations after an October 2024 breach affecting nearly 23 million.
• Weak VPN authentication, poor anomaly detection, retentive customer data practices cited.
• Mandates: Security improvements within 3 months; data deletion for ex-customers within 6 months.

7. Poland Repels Major Cyberattack on Power Grid

[05:23 – 05:51]

• Polish officials report thwarting a late December attack “very close to a blackout.”
• Targeted renewable infrastructure (solar, wind), not large plants.
• Attributed to potential “coordinated Russian sabotage,” but no official attribution yet.

Highlight:
“The most serious energy sector incident in years…”
— Sarah Lane [05:40]

8. VoidLink Linux Malware Targets the Cloud

[05:51 – 06:37]

• CheckPoint researchers detail VoidLink, a sophisticated Linux malware framework developed in Zig and Chinese environments.
• Features: Over 30 plugins (recon, credential theft, lateral movement, container discovery), multiple rootkits, and forensic evasion via self-deletion.
• Noted: No known in-the-wild infections, but detection hooks for AWS, Azure, GCP, Alibaba, etc.

Memorable Quotes

• “The idea is expected to surface during the confirmation hearing for NSA and U.S. cyber Command nominee Lt. Gen. Joshua Rudd, raising open legal and operational questions about outsourcing cyber warfare to the private sector.” — Sarah Lane [00:26]
• “Group IV researchers say the Deadlock ransomware crew...is using Polygon smart contracts to hide its command and control infrastructure.” — Sarah Lane [02:12]
• “JAMF says Predator’s troubleshooting and anti analysis features outclass other commercial software following recent research that highlighted similar differentiators.” — Sarah Lane [04:47]
• “Poland says it stopped a cyber attack on its power grid in late December that officials warned came very close to a blackout.” — Sarah Lane [05:23]

Noteworthy Timed Segments

• [00:16] U.S. considers private companies in cyber offense
• [01:27] China’s vendor ban highlighted as tech “decoupling” escalates
• [02:33] Deadlock’s smart contract C2 innovation explained
• [03:33] $40M+ fraud damage, real estate sector impact from RedVDS
• [04:47] JAMF’s Predator spyware research findings
• [05:40] Polish officials call grid attack “most serious in years”
• [06:02] Cloud-focused, plugin-rich VoidLink Linux malware

Tone & Takeaway

The episode delivers rapid, fact-driven updates, underpinned by a serious and urgent tone about the complexity and scope of modern cyber threats. The stories collectively illustrate how digital warfare, nation-state strategies, and commercial innovation (by attackers and defenders alike) are shaking up the status quo across governments, industries, and infrastructures.

Missed the episode? This comprehensive briefing highlights the global nature and modern innovation in cybersecurity’s threat landscape as of January 2026.