Daily Security Brief - January 16, 2026

🔄 Updates on Previous Stories

Iran Internet Shutdown Extends to 170+ Hours

Status: Ongoing | First Covered: January 12, 2026

Iran’s internet blackout has now extended past 170 hours—making it one of the longest internet shutdowns in the country’s history and the third longest globally. The shutdown, which began January 8th during anti-government protests, has now exceeded both Sudan’s 35-day outage in 2021 and approaches Mauritania’s 22-day stretch in 2024 in severity. While some banking and gas station services have been restored, the general population of 92 million remains largely offline. Reports indicate increased use of smuggled Starlink terminals, though Iranian authorities are actively jamming satellite signals and have criminalized the devices.

🚨 Critical Threats & Incidents

Microsoft Dismantles RedVDS Criminal Infrastructure in 35th Takedown Operation

Impact: High | Sector: Global Financial/Enterprise | Status: Disrupted

Microsoft’s Digital Crimes Unit, working with Europol and German authorities, has successfully taken down RedVDS—a criminal virtual dedicated server (VDS) platform that enabled approximately $40 million in fraud losses in the US alone. The operation marks Microsoft’s 35th major takedown and their first civil legal action leveraging UK courts to pursue cybercriminal infrastructure.

RedVDS operated as essentially “Amazon Web Services for scammers,” offering disposable Windows virtual machines for as low as $24/month. The platform came pre-loaded with unlicensed Windows installations, mass mailers, email harvesters, VPN clients, and even AI tools like ChatGPT to help craft convincing phishing emails. Customers paid exclusively in cryptocurrency and received full admin access.

The operation’s critical flaw was using a single cloned Windows Server 2022 image for every customer, resulting in all servers sharing the identical hostname “WIN-BUNS25TD77J”—a detection signature that ultimately helped researchers track the infrastructure. Microsoft identified multiple threat actor groups using RedVDS for business email compromise operations, managing over 3,700 homoglyph domains to impersonate legitimate businesses.

Actual victims joined as co-plaintiffs in the case: H2-Pharma in Alabama lost $7.3 million intended for cancer treatments and children’s allergy medications, while a Florida condominium association lost nearly $500,000 in resident funds.

Key Facts:

• $40M+ in documented US fraud losses
• 3,700+ homoglyph domains for business impersonation
• All servers shared hostname “WIN-BUNS25TD77J”
• Cryptocurrency-only payments with full admin access
• Pre-loaded with offensive tools including AI assistants

References: Microsoft Security Blog, The Register, CyberInsider, TechRadar

Black Lotus Labs Disrupts Kimwolf Botnet: 550+ C2 Servers Null-Routed

Impact: High | Sector: Internet Infrastructure | Status: Disrupted

Lumen Technologies’ Black Lotus Labs has successfully disrupted the Kimwolf botnet—a massive operation that grew from the remains of the Aisuru botnet to encompass approximately 800,000 infected devices capable of launching DDoS attacks exceeding 11 trillion bits per second.

Researchers tracked the botnet’s evolution in real-time, observing operators pivot infrastructure repeatedly to evade disruption efforts. The botnet leveraged residential proxy services including PYPROXY to fuel its growth, creating a distributed network that proved challenging to contain.

Over four months, Black Lotus Labs null-routed more than 550 command-and-control servers, significantly degrading the botnet’s capabilities. In a testament to the operation’s effectiveness, the botnet operators embedded profanity directed at Lumen within their DDoS attack payloads—petty, but objectively hilarious confirmation that the disruption was working.

Key Facts:

• 800,000+ infected devices at peak
• 11+ Tbps DDoS capability
• 550+ C2 servers null-routed over 4 months
• Evolved from Aisuru botnet infrastructure
• Operators embedded profanity targeting Lumen in attack payloads

References: Black Lotus Labs, Security Affairs, Lumen Technologies

🔓 Vulnerabilities & Patches

CVE-2025-37164: HPE OneView RCE Under Active Exploitation

CVE: CVE-2025-37164 | CVSS: 10.0 | Products: HPE OneView | Status: Active Exploitation - CISA KEV

CISA has added CVE-2025-37164 to the Known Exploited Vulnerabilities catalog after Check Point Research identified large-scale active exploitation of this critical HPE OneView vulnerability. The flaw allows unauthenticated remote code execution through a publicly reachable REST API endpoint (/rest/id-pools/executeCommand).

The vulnerability is severe because it accepts command parameters without proper authentication, enabling attackers to inject and execute arbitrary code on affected servers. HPE OneView is a centralized infrastructure management platform that controls servers, firmware, networking, and lifecycle workflows—meaning successful exploitation can lead to complete infrastructure compromise.

Organizations running HPE OneView should apply patches to version 11.0 immediately or implement vendor-provided hotfixes. Network segmentation and access controls on management interfaces are critical interim mitigations.

Technical Details:

• Unauthenticated RCE via REST API endpoint
• No user interaction required
• Full infrastructure compromise potential
• Actively exploited in the wild

References: Horizon3.ai, Check Point Research, Hackread, CISA

CVE-2025-13915: IBM API Connect Authentication Bypass (CVSS 9.8)

CVE: CVE-2025-13915 | CVSS: 9.8 | Products: IBM API Connect 10.0.8.0-10.0.8.5, 10.0.11.0 | Status: Patched

IBM has disclosed and patched a critical authentication bypass vulnerability in IBM API Connect, classified as CWE-305 (Authentication Bypass by Primary Weakness). The flaw allows remote attackers with no privileges and no user interaction to bypass authentication entirely and gain unauthorized access to API Connect’s management interfaces.

Successful exploitation exposes sensitive API configurations, administrative functions, and backend services without valid credentials—fundamentally undermining core access control layers in API infrastructure. FinTech organizations relying on IBM API Connect for open banking implementations should prioritize review and patching.

IBM has published interim fixes (iFixes) for all affected versions. Organizations unable to patch immediately should implement strict access controls on management interfaces.

Technical Details:

• CWE-305: Authentication Bypass by Primary Weakness
• Remote exploitation without privileges
• No user interaction required
• Exposes administrative functions and API configurations

References: IBM Security Advisory, APIsecurity.io

Claude Cowork Prompt Injection Enables Silent Data Exfiltration

Severity: High | Products: Anthropic Claude Cowork | Status: Vulnerability Disclosed

PromptArmor has disclosed a creative prompt injection attack against Anthropic’s new Claude Cowork collaborative workspace feature. The attack demonstrates how malicious documents can trick Claude into silently uploading user files to attacker-controlled servers—bypassing the platform’s domain whitelist restrictions.

Cowork defaults to allowing outbound HTTP traffic only to a specific list of approved domains. However, researchers discovered that Anthropic’s own API domain is on that whitelist. By crafting a prompt injection that constructs requests to an attacker’s own Anthropic API key, malicious actors can exfiltrate sensitive documents through hidden markdown image references without any visible indication to the user.

The attack is particularly concerning given how conversational AI interfaces encourage users to share sensitive information—including confidential documents, code, and personal details. This research highlights the growing security challenges as AI agents gain more capabilities and access to user data.

Why This Matters:

• AI agents increasingly handling sensitive data
• Prompt injection remains largely unsolved
• Domain whitelisting can be creatively bypassed
• Users unaware of exfiltration occurring

References: PromptArmor, Simon Willison, The Register, Reddit r/ClaudeAI

🔬 Security Research & Innovation

PromptArmor Reveals Systemic AI Assistant Vulnerabilities

Type: Security Research | Source: PromptArmor

PromptArmor’s recent research reveals that the Claude Cowork vulnerability is not isolated—they’ve also demonstrated similar prompt injection data exfiltration attacks against Superhuman’s AI email assistant. In that attack, a malicious email containing hidden instructions can trick the AI into leaking email contents to external servers.

These findings represent a troubling pattern: as AI assistants gain access to more user data and capabilities, the attack surface for prompt injection grows correspondingly. The fundamental problem is that current AI systems cannot reliably distinguish between legitimate instructions and malicious content embedded in data they’re processing.

Moxie Marlinspike, addressing this exact concern, argues that current AI assistants make conversations “feel like a private conversation but it’s really more like a group chat with OpenAI employees, future advertisers, hackers, and whoever else gets access to that data lake.” His warning about imminent ads in AI chatbots—“imagine ads that know not just what you bought, but how you think and what makes you hesitate”—highlights the broader privacy implications.

Why This Matters:

• Pattern of vulnerabilities across multiple AI platforms
• Prompt injection remains fundamentally unsolved
• AI assistants gaining increasing data access
• Privacy and security implications growing exponentially

References: PromptArmor, Ars Technica, Gizmodo

The Great AI Coding Shift: Elite Developers Go AI-Only

Type: Industry Trend | Source: Multiple Industry Observers

Something remarkable has happened in the developer community over the past several weeks. Elite developers who were previously skeptical of AI coding assistants have made a dramatic leap from “I use it for some junior tasks” to “AI now writes 100% of my code.”

Daniel Miessler captures the shift: “I’ve never been a fan of the term ‘Singularity.’ I don’t quite know what it’s supposed to mean. But something is happening for sure.” The progression—from Never → Some → Lots → Only—happened “in a snap of the fingers” according to observers tracking the elite developer community.

The shift was punctuated by Anthropic’s revelation that Claude Code wrote their entire new Cowork product in approximately one week. Famous developers are openly stating they don’t manually code anymore—AI handles everything.

This has immediate business implications: Tailwind Labs reportedly laid off 75% of their engineering team after revenue dropped by 80% due to AI handling CSS work that developers previously needed training and paid tools to accomplish.

Why This Matters:

• Fundamental shift in software development paradigm
• Security implications for AI-generated code
• Workforce disruption accelerating
• Code review and security validation becoming critical

References: Unsupervised Learning, GitHub, Anthropic

⚖️ Policy, Compliance & Regulations

U.S. Weighs Expanding Private Companies’ Role in Cyberwarfare

Jurisdiction: United States | Status: Under Consideration | Impact: Cybersecurity Industry

The Trump administration is reportedly considering proposals to allow private companies to conduct offensive cyber operations—a significant departure from existing law that prohibits private sector involvement in offensive cyberwarfare. The proposal would require Congressional approval, though some lawmakers have been pushing “hack back” legislation and even suggesting repurposing Civil War-era Letters of Marque for cyber.

The cybersecurity community is divided. Critics warn that private firms conducting offensive operations could create “chaos in the environment” and trigger international incidents when foreign governments cannot distinguish between official U.S. policy and contractor actions. Proponents argue the U.S. needs to scale up rapidly to match adversaries like China’s Salt Typhoon, and the private sector has talent the government lacks.

The proposal emerges as House subcommittees examine offensive cyber operations and the limits of cyber deterrence, with officials citing Chinese state-sponsored attacks on U.S. water and electric systems in places like Littleton, Massachusetts.

Key Requirements:

• Congressional approval required
• New legal framework needed for private offensive operations
• Oversight mechanisms under debate
• International incident prevention protocols

References: New York Times, House Homeland Security Committee, BankInfoSecurity

💼 Industry & Business

Cybersecurity Funding Hits $14 Billion in 2025—Best Year Since 2021

Type: Market Analysis | Value: $14 Billion | Source: Pinpoint Search Group

Cybersecurity startups raised approximately $14 billion in funding during 2025, marking the strongest year for cybersecurity investment since the 2021 peak of $20.6 billion. The resurgence reflects renewed investor confidence in the sector after a post-pandemic correction period.

The funding surge comes alongside significant consolidation activity. CrowdStrike recently completed a $1.16 billion acquisition spree (Seraphic + SGNL), Cyera hit a $9 billion valuation on a $400 million Series F, and numerous startups across identity, AI security, and cloud security have secured significant rounds.

The investment focus has shifted notably toward AI-related security—both securing AI systems and using AI for security operations. This aligns with the broader industry recognition that AI represents both the greatest opportunity and greatest risk in the current threat landscape.

Business Impact: Strong M&A activity expected to continue; AI security startups commanding premium valuations

References: SecurityWeek, Pinpoint Search Group, Crunchbase

Apple Partners with Google for Gemini-Powered Apple Intelligence

Type: Strategic Partnership | Companies: Apple, Google | Impact: AI Market Dynamics

Apple and Google have announced a multi-year partnership where Gemini will power Apple’s next-generation foundation models for Apple Intelligence features, including the revamped Siri launching in iOS 26.4. The deal effectively ends Apple’s partnership with OpenAI, which will be relegated to a “supporting role” for complex, opt-in tasks.

Reports indicate OpenAI made a “conscious decision” to sit out the deal, though the strategic dynamics remain unclear. Apple’s choice to partner with Google aligns with its focus on privacy and ecosystem features while outsourcing the intensive backend engineering to Google’s infrastructure.

This represents a significant market shift: the world’s largest consumer technology company is now aligned with Google’s AI rather than OpenAI’s. Meanwhile, Anthropic is raising $10 billion at a $350 billion valuation, suggesting investors see room for multiple major players in the AI landscape.

Business Impact: Major realignment in AI market; OpenAI loses significant consumer distribution

References: Reuters, TechCrunch, CNET, Seeking Alpha

🎯 Threat Intelligence

Gootloader Returns: Partnership with Vanilla Tempest and Rhysida Ransomware

Actor: Gootloader + Vanilla Tempest | Targets: Enterprise | Campaign: Active

Gootloader malware has returned after a hiatus, now working in partnership with Vanilla Tempest (the threat group currently operating Rhysida ransomware). Expel’s research reveals they’ve maintained their signature technique of using deliberately malformed ZIP files to evade detection.

The archives are intentionally broken—concatenating 500-1000 identical ZIP files and manipulating file structures so that tools like 7zip and WinRAR fail to process them, but Windows’ built-in unarchiver handles them correctly. Every download is unique thanks to randomized values, rendering hash-based detection useless.

However, these evasion techniques create detection opportunities for defenders. The malformed ZIP structure can be identified with YARA rules, WScript executing JS files from temp folders is anomalous, and the process chains where CScript spawns PowerShell are detectable. A simple but effective mitigation: change Group Policy to make Notepad the default handler for JS files instead of Windows Script Host.

TTPs Observed:

• Malformed ZIP archives (concatenated 500-1000 times)
• JavaScript execution via Windows Script Host
• PowerShell spawned by CScript
• Unique file hashes per download
• Partnership with ransomware operators

References: Expel Blog, CyberInsider

Bluspark Global Shipping Platform Exposed Customer Data Since 2007

Actor: N/A (Exposure) | Targets: Logistics/Retail | Status: Patched

A security researcher spent months attempting to alert Bluspark Global about critical vulnerabilities in their shipping platform—including plaintext passwords, unauthenticated APIs exposing customer data going back to 2007, and the ability to create admin accounts without verification. The company ghosted repeated contact attempts via email, voicemail, and LinkedIn.

It wasn’t until TechCrunch included part of the CEO’s password in an email that the company finally responded (through lawyers). This matters because Bluspark powers freight shipments for major retailers and grocery stores worldwide, and researchers have been warning about hackers increasingly targeting logistics companies to redirect cargo shipments.

The vulnerabilities are now patched, and Bluspark claims no evidence of exploitation. However, the fact that a journalist had to include someone’s actual password in an email to get a response hardly inspires confidence in their security posture.

TTPs Observed:

• Plaintext password storage
• Unauthenticated API endpoints
• Data exposure spanning 17+ years
• Admin account creation without verification

References: TechCrunch, Vulnerable U Newsletter

📚 Best Practices & Guidance

Understanding BOLA: The #1 API Vulnerability That Costs Companies Their Customer Databases

Source: Igboanugo David Ugochukwu | Topic: API Security | Audience: Developers/Security Teams

A new deep-dive article on Broken Object Level Authorization (BOLA)—the #1 API security vulnerability identified by OWASP—poses a deceptively simple question: “Once I’m logged in as User 47, what stops me from just requesting User 48’s data?”

As the author notes, BOLA is “the vulnerability that sounds boring in conference talks but costs companies their entire customer database on a Tuesday afternoon.” The fix requires cultural change: every engineer who touches user data must ask “Am I checking that this user is allowed to access this specific object?” Every time. No exceptions.

BOLA needs a proper DevSecOps approach, yet too many companies are not tackling it correctly—resulting in countless APIs likely leaking data right now. The article provides detailed technical explanations and practical remediation guidance.

Key Recommendations:

• Implement object-level authorization checks on every endpoint
• Automate authorization testing in CI/CD pipelines
• Conduct regular API security audits
• Train developers on secure API design patterns
• Use API gateways with authorization enforcement

References: HackerNoon, OWASP API Security Top 10, APIsecurity.io

🛠️ Products & Services

Confer: Signal Creator Launches Privacy-Focused AI Chat

Vendor: Confer (Moxie Marlinspike) | Product: Confer AI | Type: Privacy-Preserving AI Assistant

Moxie Marlinspike, the creator of Signal, has launched Confer—an open-source AI assistant designed to provide strong assurances that user data remains unreadable to the platform operator, hackers, or anyone else. The product encrypts both prompts and responses end-to-end, with encryption keys that never leave the user’s device.

Marlinspike’s argument is compelling: when using AI assistants, users aren’t just sharing information—they’re revealing how they think. Conversational interfaces trick our brains into oversharing compared to the transactional feel of search. Current AI assistants make this feel private, but it’s “really more like a group chat with OpenAI employees, future advertisers, hackers, and whoever else gets access to that data lake.”

He also warns about the imminent arrival of advertising in AI chatbots: “Imagine ads that know not just what you bought, but how you think and what makes you hesitate.” Confer is positioned as the privacy-respecting alternative, particularly relevant given the prompt injection data exfiltration vulnerabilities disclosed this week.

Key Features:

• End-to-end encryption for prompts and responses
• Keys never leave user device
• Open source for auditability
• No data accessible to platform operator

References: Ars Technica, Gizmodo, BoingBoing

👥 Community & Culture

OSINT Newsletter #90: Investigation Techniques and New Tools

Type: Resource | Topic: OSINT Investigation

The latest OSINT Newsletter highlights several useful investigation techniques and tools for security researchers:

GitHub Investigation Tips: Contributions to branches other than main don’t appear in the contribution graph until merged—meaning a “dormant” GitHub profile may actually be quite active. Always examine full commit history before concluding an account is inactive.

Gmail Address Changes Coming: Google is reportedly rolling out the ability for Gmail users to change their email addresses. This has significant OSINT implications, as email address uniqueness as a personal identifier may be weakened.

New Tools:

• God’s Eye: Subdomain enumerator with local AI (Ollama) integration for vulnerability analysis and CVE detection
• Telegram Spoiler Decoder: Reveals hidden text that Telegram displays as braille-like characters on macOS
• Surfface: New face recognition reverse image search (requires VPN to Russian IP)

References: The OSINT Newsletter, Jake Creps

💡 Security Professional Action Items

1. Patch HPE OneView immediately - CVE-2025-37164 is actively exploited and on CISA KEV with maximum CVSS 10.0

2. Review IBM API Connect deployments - Apply iFixes for CVE-2025-13915 authentication bypass (CVSS 9.8)

3. Audit AI assistant integrations - Claude Cowork and Superhuman prompt injection attacks demonstrate systemic risks; review what data AI tools can access

4. Implement BOLA checks - Ensure every API endpoint validates object-level authorization, not just authentication

5. Update Gootloader detection rules - Deploy YARA rules for malformed ZIP detection; consider changing JS file default handler to Notepad

6. Review offensive cyber policy developments - Prepare for potential private sector involvement in cyber operations; understand liability implications

7. Evaluate privacy-preserving AI alternatives - Consider tools like Confer for sensitive use cases

8. Check logistics vendor security - Supply chain attacks targeting shipping/logistics are increasing; audit vendor security postures

9. Monitor Microsoft’s RedVDS IOCs - Check for the “WIN-BUNS25TD77J” hostname and associated infrastructure in your environment

10. Update GitHub investigation procedures - Remember that branch contributions don’t show in contribution graphs until merged

📈 Threat Landscape Analysis

Today’s briefing reveals three converging trends reshaping the security landscape:

AI as Both Weapon and Vulnerability: The Claude Cowork and Superhuman prompt injection attacks demonstrate that AI assistants are creating new attack surfaces faster than they can be secured. Meanwhile, Moxie Marlinspike’s launch of Confer shows the market recognizing demand for privacy-preserving AI alternatives. The elite developer community’s wholesale shift to AI-only coding will only accelerate code generation—and potentially, security vulnerabilities within that code.

Cybercrime Infrastructure Sophistication: The RedVDS takedown reveals how cybercrime has evolved into a mature services ecosystem. For $24/month, criminals could access disposable Windows VMs pre-loaded with offensive tools including AI assistants for crafting phishing emails. This infrastructure-as-a-service model democratizes cybercrime while complicating attribution.

Policy at an Inflection Point: The U.S. consideration of private sector offensive cyber operations represents a potential fundamental shift in how nations approach cyber conflict. Combined with continued concerns about Chinese APT activity and the ongoing Iran internet shutdown, we’re seeing cybersecurity increasingly intertwined with geopolitical strategy.

The $14 billion in 2025 cybersecurity funding suggests the market recognizes these challenges—but capital alone won’t solve fundamental problems like prompt injection or the secure-by-default implementation of AI systems.

Comprehensive balanced analysis from: Vulnerable U, Unsupervised Learning, APIsecurity.io, OSINT Newsletter, Microsoft Security Blog, PromptArmor, Black Lotus Labs, CISA, IBM, HPE, Reuters, TechCrunch, Ars Technica, SecurityWeek

Issue #8 | January 16, 2026 | Coverage: 12 stories across 9 security segments

12 new stories | 1 update