January 2026

Old Windows quirks help punch through new admin defenses

Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.…

Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle

Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …

Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim

Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other…

China-linked group accused of spying on phones of UK prime ministers’ aides – for years

Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.…

France to replace US videoconferencing wares with unfortunately named sovereign alternative

French govt says state-run service 'Visio' will be more secure. Now where have we heard that name before? France has officially told Zoom, Teams, and the rest of the US videoconferencing herd to take a hike in favor of its own homegrown app.…

Microsoft illegally installed cookies on schoolkid’s tech, data protection ruling finds

Austrian education ministry unaware of tracking software until campaigners launched case Updated  Microsoft illegally installed cookies on a school pupil's devices without consent, according to a ruling by the Austrian data protection authority (DSB).…

High Court to grill London cops over live facial recognition creep

Victim and Big Brother Watch will argue the Met's policies are incompatible with human rights law The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live facial recognition (LFR) tech.…

Office zero-day exploited in the wild forces Microsoft OOB patch

Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes. Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.…

EU looking into Elon Musk’s X after Grok produces deepfake sex images

Probe follows outcry over use of creepy image generation tool The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.…

Data thieves borrow Nike’s ‘Just Do It’ mantra, claim they ran off with 1.4TB

US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.…

Copyright © 2026 Lugapel