X has placed more restrictions on Grok’s ability to generate explicit AI images, but tests show that the updates have created a patchwork of limitations that fail to fully address the issue.
Security Latest – Read More
AT&T has partnered with the airline to provide free high-speed Wi-Fi on more than 2 million flights a year.
Latest news – Read More
Welcome to this week’s edition of the Threat Source newsletter.
It’s become traditional at this time of year to make predictions about cybersecurity for the coming year. Obviously, no one has a crystal ball to predict the future, and if they did, they would be quietly making a fortune rather than sharing their insights in a newsletter. Any predictions about what lies ahead in the coming year should be taken with a generous pinch of salt.
However, the exercise isn’t futile. Taking time to pause and reflect on the current threat landscape, the forces driving change, and how our own exposure is evolving can help us form reasonable guesses about what might happen during the forthcoming year.
We’re living in a very tense geopolitical environment. We should expect continued use of infostealer malware and phishing campaigns as adversaries seek to map supply chains, and understand how organisations and governments may react to escalating aggression. As part of this activity, we’ll continue to see proxy actors conducting destructive attacks and financing their activities through extorting payment. Less sophisticated groups may also engage in website defacements or deploy disruptive malware in pursuit of political visibility or ideological goals.
Suffice to say that we are living in tense and difficult times. In a globally connected world, no one is isolated from the effects of conflict, no matter how distant it may seem.
At the same time, our use of technology continues to evolve, reshaping our threat exposure. Many organizations have already enthusiastically embraced generative AI. As AI systems are given more autonomy and broader access to internal systems, we can imagine that we will see breaches caused by poorly constrained or insufficiently governed AI agents.
Many accidental or malicious insider attacks are caused by individuals having excessive permissions or unfettered access to data with little oversight. We can imagine AI agents provoking similar incidents, whether through flawed design, unintended behavior, or deliberate prompt manipulation by an attacker.
While it is important to consider these newer and more exotic threats, we should not lose sight of the familiar ones. Unpatched systems, leaked credentials, accounts lacking multi-factor authentication, and poor network visibility continue to underpin many successful attacks.
One thing is certain: Cybersecurity teams will remain busy throughout 2026. There will be threat actors attempting to compromise our systems, there will be new techniques that they will use, but there will be many more attacks using techniques that we have seen before.
It’s going to be a demanding year. Wishing good fortune and happy threat hunting to everyone.
Cisco Talos is monitoring UAT-8837, which we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor. They have been actively targeting critical infrastructure organizations in North America since at least 2025. They typically gain access by exploiting vulnerabilities or using stolen credentials, then use a mix of open-source tools to steal sensitive data and create multiple ways back into the network. UAT-8837 adapts quickly, constantly changing up their tools to evade detection.
This group is focused on high-value targets and uses advanced, constantly evolving techniques that can bypass traditional defenses — even leveraging zero-day vulnerabilities. Their actions can lead to stolen credentials, persistent access, and potentially large-scale supply chain or infrastructure disruptions.
Stay vigilant by keeping systems patched, monitoring for the specific tools and behaviors outlined in the report, and using up-to-date detection rules from sources like Talos. Proactively hunting for these IOCs and unusual user/account activity, combined with strong credential and privilege management, will be crucial to reducing risk from UAT-8837.
BreachForums breached, exposing 324K cybercriminals
In an ironic development, an individual using the moniker “James” published a database containing detailed information of hundreds of thousands of BreachForum users who believed they were operatinganonymously. (DarkReading)
Target’s dev server offline after hackers claim to steal source code
An unknown threat actor has claimed to have stolen a trove of Target’s internal source code and documentation and is selling it on dark web marketplaces. Multiple Target employees have now confirmed the authenticity of leaked source code sample set. (BleepingComputer)
Predator spyware turns failed attacks into intelligence for future exploits
New research reveals previously undocumented mechanisms that return information to developers on failed individual attacks. This means Predator can learn from its own failures so that future versions may be hardened against detection and analysis. (SecurityWeek)
Instagram fixes password reset vulnerability amid user data leak
Social media giant Meta confirmed an Instagram password reset vulnerability but denied being breached. Meta said the resolved vulnerability allowed third parties to send password reset requests to Instagram users. (SecurityWeek)
Everest Ransomware claims breach at Nissan, says 900GB of data stolen
While no sensitive personal data is shown in the screenshots themselves, the folder names and file types imply access to operational systems and documents that could be used to map internal processes or extract more sensitive information. (Hack Read)
Talos Takes: Cyber certifications and you
In the first episode of the year, Amy Ciminnisi, Talos’ Content Manager and new podcast host, steps up to the mic with Joe Marshall to explore certifications, one of cybersecurity’s overwhelming (and sometimes most controversial) topics.
Humans of Talos: Brushstrokes and breaches with Terryn Valikodath
Join us as Terryn shares what keeps him motivated during high-pressure incidents, the satisfaction he finds in teaching others during Cyber Range trainings, and the creative outlets that help him recharge.
Microsoft Patch Tuesday for January 2026
Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical.”
SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59
MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59
Example Filename: APQCE0B.dll
Detection Name: Auto.90B145.282358.in02
SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
MD5: 7bdbd180c081fa63ca94f9c22c457376
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
Example Filename: e74d9994a37b2b4c693a76a580c3e8fe_3_Exe.exe
Detection Name: Win.Dropper.Miner::95.sbx.tg
SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Example Filename: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507.exe
Detection Name: Win.Worm.Coinminer::1201
SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610
MD5: 85bbddc502f7b10871621fd460243fbc
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610
Example Filename: 85bbddc502f7b10871621fd460243fbc.exe
Detection Name: W32.41F14D86BC-100.SBX.TG
SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
MD5: 71fea034b422e4a17ebb06022532fdde
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca
Example Filename: VID001.exe
Detection Name: Coinminer:MBT.26mw.in14.Talos
Cisco Talos Blog – Read More
Researchers have disclosed technical details on a new AMD processor attack that allows remote code execution inside confidential VMs.
The post New StackWarp Attack Threatens Confidential VMs on AMD Processors appeared first on SecurityWeek.
SecurityWeek – Read More
The new $130 AI HAT+ 2 unlocks generative AI for the Raspberry Pi 5.
Latest news – Read More
Researchers uncover a 5-year malware campaign using browser extensions on Chrome, Firefox and Edge, relying on hidden payloads and shared infrastructure.
Hackread – Cybersecurity News, Data Breaches, AI, and More – Read More
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely.
“Only a single click on a legitimate Microsoft link is required to compromise victims,” Varonis security
The Hacker News – Read More
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.
The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin
The Hacker News – Read More
New York, United States, 15th January 2026, CyberNewsWire
Hackread – Cybersecurity News, Data Breaches, AI, and More – Read More
In 2025, cybersecurity researchers discovered several open databases belonging to various AI image-generation tools. This fact alone makes you wonder just how much AI startups care about the privacy and security of their users’ data. But the nature of the content in these databases is far more alarming.
A large number of generated pictures in these databases were images of women in lingerie or fully nude. Some were clearly created from children’s photos, or intended to make adult women appear younger (and undressed). Finally, the most disturbing part: some pornographic images were generated from completely innocent photos of real people — likely taken from social media.
In this post, we’re talking about what sextortion is, and why AI tools mean anyone can become a victim. We detail the contents of these open databases, and give you advice on how to avoid becoming a victim of AI-era sextortion.
Online sexual extortion has become so common it’s earned its own global name: sextortion (a portmanteau of sex and extortion). We’ve already detailed its various types in our post, Fifty shades of sextortion. To recap, this form of blackmail involves threatening to publish intimate images or videos to coerce the victim into taking certain actions, or to extort money from them.
Previously, victims of sextortion were typically adult industry workers, or individuals who’d shared intimate content with an untrustworthy person.
However, the rapid advancement of artificial intelligence, particularly text-to-image technology, has fundamentally changed the game. Now, literally anyone who’s posted their most innocent photos publicly can become a victim of sextortion. This is because generative AI makes it possible to quickly, easily, and convincingly undress people in any digital image, or add a generated nude body to someone’s head in a matter of seconds.
Of course, this kind of fakery was possible before AI, but it required long hours of meticulous Photoshop work. Now, all you need is to describe the desired result in words.
To make matters worse, many generative AI services don’t bother much with protecting the content they’ve been used to create. As mentioned earlier, last year saw researchers discover at least three publicly accessible databases belonging to these services. This means the generated nudes within them were available not just to the user who’d created them, but to anyone on the internet.
In October 2025, cybersecurity researcher Jeremiah Fowler uncovered an open database containing over a million AI-generated images and videos. According to the researcher, the overwhelming majority of this content was pornographic in nature. The database wasn’t encrypted or password-protected — meaning any internet user could access it.
The database’s name and watermarks on some images led Fowler to believe its source was the U.S.-based company SocialBook, which offers services for influencers and digital marketing services. The company’s website also provides access to tools for generating images and content using AI.
However, further analysis revealed that SocialBook itself wasn’t directly generating this content. Links within the service’s interface led to third-party products — the AI services MagicEdit and DreamPal — which were the tools used to create the images. These tools allowed users to generate pictures from text descriptions, edit uploaded photos, and perform various visual manipulations, including creating explicit content and face-swapping.
The leak was linked to these specific tools, and the database contained the product of their work, including AI-generated and AI-edited images. A portion of the images led the researcher to suspect they’d been uploaded to the AI as references for creating provocative imagery.
Fowler states that roughly 10,000 photos were being added to the database every single day. SocialBook denies any connection to the database. After the researcher informed the company of the leak, several pages on the SocialBook website that had previously mentioned MagicEdit and DreamPal became inaccessible and began returning errors.
Both services — MagicEdit and DreamPal — were initially marketed as tools for interactive, user-driven visual experimentation with images and art characters. Unfortunately, a significant portion of these capabilities were directly linked to creating sexualized content.
For example, MagicEdit offered a tool for AI-powered virtual clothing changes, as well as a set of styles that made images of women more revealing after processing — such as replacing everyday clothes with swimwear or lingerie. Its promotional materials promised to turn an ordinary look into a sexy one in seconds.
DreamPal, for its part, was initially positioned as an AI-powered role-playing chat, and was even more explicit about its adult-oriented positioning. The site offered to create an ideal AI girlfriend, with certain pages directly referencing erotic content. The FAQ also noted that filters for explicit content in chats were disabled so as not to limit users’ most intimate fantasies.
Both services have suspended operations. At the time of writing, the DreamPal website returned an error, while MagicEdit seemed available again. Their apps were removed from both the App Store and Google Play.
Jeremiah Fowler says earlier in 2025, he discovered two more open databases containing AI-generated images. One belonged to the South Korean site GenNomis, and contained 95,000 entries — a substantial portion of which being images of “undressed” people. Among other things, the database included images with child versions of celebrities: American singers Ariana Grande and Beyoncé, and reality TV star Kim Kardashian.
In light of incidents like these, it’s clear that the risks associated with sextortion are no longer confined to private messaging or the exchange of intimate content. In the era of generative AI, even ordinary photos, when posted publicly, can be used to create compromising content.
This problem is especially relevant for women, but men shouldn’t get too comfortable either: the popular blackmail scheme of “I hacked your computer and used the webcam to make videos of you browsing adult sites” could reach a whole new level of persuasion thanks to AI tools for generating photos and videos.
Therefore, protecting your privacy on social media and controlling what data about you is publicly available become key measures for safeguarding both your reputation and peace of mind. To prevent your photos from being used to create questionable AI-generated content, we recommend making all your social media profiles as private as possible — after all, they could be the source of images for AI-generated nudes.
We’ve already published multiple detailed guides on how to reduce your digital footprint online or even remove your data from the internet, how to stop data brokers from compiling dossiers on you, and protect yourself from intimate image abuse.
Additionally, we have a dedicated service, Privacy Checker — perfect for anyone who wants a quick but systematic approach to privacy settings everywhere possible. It compiles step-by-step guides for securing accounts on social media and online services across all major platforms.
And to ensure the safety and privacy of your child’s data, Kaspersky Safe Kids can help: it allows parents to monitor which social media their child spends time on. From there, you can help them adjust privacy settings on their accounts so their posted photos aren’t used to create inappropriate content. Explore our guide to children’s online safety together, and if your child dreams of becoming a popular blogger, discuss our step-by-step cybersecurity guide for wannabe bloggers with them.
Kaspersky official blog – Read More