Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Thursday, January 15, 2026. I'm Sarah Lane, U.S. way's private companies cyber warfare roles the U.S. administration is considering a policy shift that would let private companies play a more direct role in offensive cyber operations, according to former senior officials speaking with the New York Times. The move would expand the current model, where firms can build tools but not conduct attacks, and would require changes to federal law plus congressional approval. The idea is expected to surface during the confirmation hearing for NSA and U.S. cyber Command nominee Lt. Gen. Joshua Rudd, raising open legal and operational questions about outsourcing cyber warfare to the private sector. China says stop using US and Israeli cybersecurity software Reuters sources say the Chinese government has instructed Chinese companies to stop using cybersecurity products from around a dozen US And Israeli vendors, citing national security risks. The banned products include software from VMware, Palo Alto Networks, Fortinet and and Checkpoint. This is part of a broader push to replace Western tech with domestic alternatives amid escalating US China tech tensions and ahead of the US President's expected visit to Beijing in April. Deadlock Uses Smart Contracts to hide work Group IV researchers say the Deadlock ransomware crew, first spotted in mid-2025, is using Polygon smart contracts to hide its command and control infrastructure. Instead of double extortion, Deadlock encrypts systems and threatens to sell stolen data on underground markets. Its smart contract system rotates proxy addresses, complicating blocking efforts and mirroring tactics recently seen in North Korean campaigns. Access vectors aren't clear, but earlier Cisco Talos reporting linked Deadlock to BYOD techniques and and EDR kill exploits. Microsoft disrupts RedVDS cybercrime platform Microsoft and international law enforcement disrupted Red VDS, a cybercrime subscription platform used to run large scale payment diversion scams. Red VDS rented disposable Windows RDP servers for as low as $24 per month, allowing phishing, mailbox hijacking and impersonation campaigns that contributed to more than $40 million in U.S. fraud losses. Microsoft seized domains and servers and filed civil suits after tracing more than 191,000 compromised email accounts and 3,700 impersonation domains to the service. Real estate transactions were hit especially hard, huge thanks to our sponsor threat locker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, Florida, plus a live CISO series episode on March 6th. Get $200 off with ZTW CISO 26 at ztw.com Predator Spyware Dodges researchers JAMF Threat Labs found Predator spyware can diagnose failed infections and detect when security tools are present. Using error codes like 304 to signal active analysis. The Intellexa made tool can spot utilities such as such as Frida and even Netstat, aborting deployment to avoid scrutiny while also suppressing crash logs to limit forensic evidence. JAMF says Predators troubleshooting and anti analysis features outclass other commercial software following recent research that highlighted similar differentiators. France finds free mobile over 2024 data breach France's Data Protection Authority fined Freemobil and parent company free a cumulative 42 million euros for GDPR violations tied to an October 2024 breach that exposed data on nearly 23 million subscribers. CNIL cited weak VPN authentication, poor anomaly detection, vague breach notifications and excessive retention of former customer data. The agency ordered security improvements within three months and data deletion within six months. Poland repels cyber attack on power grid Poland says it stopped a cyber attack on its power grid in late December that officials warned came very close to a blackout. The intrusion targeted communications between renewable installations like solar and wind sites and distribution operators, but not large plants. Government ministers called it the most serious energy sector incident in years and said the motives suggest coordinated Russian sabotage, though no formal attribution has been made. Linux malware targets the cloud, steals, creds and vanishes Researchers at Checkpoint detailed a new Linux cloud focused malware framework dubbed Voidlink Research. Written in Zig and reportedly developed in a Chinese environment, Voidlink bundles more than 30 plugins for reconnaissance, credential theft, lateral movement, kubernetes, docker discovery, persistence and anti forensics. It also includes multiple kernel rootkits, Cobalt strike style APIs and self deletion if analysis is detected. No real world infections have been noted, but cloud provider detection like those from aws, gcp, Azure, Alibaba and and Long Term Access Design suggest a professional threat actor tool in security leadership. Being right on a technical level only goes so far. How can we shift our mindset to embrace building consensus rather than winning arguments? That is what we try to answer on our latest episode of Defense In Depth. Look for the episode don't try to win with technical expertise. Win by partnering. Win wherever you get your podcasts. If you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I am Sarah Lane, reporting for the CISO series. You stay safe, you stay warm, and you stay cool out there.