⚠️ Researchers map 175K publicly exposed Ollama LLM servers worldwide.

Tool-calling turns exposed AI into a highest-severity execution risk.

Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html

🔐 WARNING: Ivanti fixes exploited EPMM zero-days with CVSS 9.8 severity.

Exploits enable code execution, persistence, and access to sensitive device data.

Federal agencies face KEV deadlines; temporary patches don’t persist across upgrades.

Read → https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html

⚠️ SmarterMail fixed a critical unauthenticated RCE in its email server software.

The flaw, CVE-2026-24423 (CVSS 9.3), lets attackers execute OS commands via a crafted remote server. It affects builds before 9511.

🔗 Fixed builds and attack mechanics → https://thehackernews.com/2026/01/smartermail-fixes-critical.html

A U.S. jury convicted a former Google engineer of stealing AI trade secrets for China.

Prosecutors said 2,000+ internal documents were taken to help build a China-based startup while he was still employed.

The case shows how AI infrastructure is now treated as a national security issue.

🔗 Details → https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html

The FBI has seized the RAMP cybercrime forum, shutting down its Tor site and clearnet domain with DOJ coordination.

Threat actors are already migrating to other platforms, underscoring how fast the underground re-forms after takedowns.

🔗 Read → https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown

🌍 Cybercrime enforcement follows clear patterns. A new analysis maps 418 confirmed actions worldwide from 2021–2025, showing where arrests, takedowns, and sanctions are focused.

The U.S. and Europe lead, with private companies playing a growing support role.

🔗 How cybercrime is being targeted worldwide → https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html

China-linked UAT-8099 targets IIS servers in Asia using BadIIS SEO malware.

The group broke into vulnerable IIS servers, mainly in Thailand and Vietnam, using web shells and PowerShell. The aim remains SEO fraud, now tuned by region.

🔗 Read → https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis.html

🛑 Chrome extensions are being abused at scale.

Researchers uncovered tools that hijack affiliate links, scrape shopping data, steal ChatGPT login tokens, and even deliver phishing pages—while passing official store reviews.

🔗 Learn more about the affiliate fraud, AI token theft, and the browser as attack surface → https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html

⚠️ Poland confirms coordinated cyber attacks on 30+ renewable energy sites and a major CHP plant.

CERT Polska says the campaign was destructive, using wiper malware, but failed to disrupt power or heat supply. Access came via vulnerable Fortinet devices.

🔗 Read → https://thehackernews.com/2026/01/poland-attributes-december-cyber.html

🧑‍💻 Google Mandiant says ShinyHunters-linked crews are expanding extortion attacks by abusing vishing and fake login pages.

The goal is cloud SaaS access, not endpoints. Once inside, attackers steal data and escalate pressure with harassment.

🔗 Read → https://thehackernews.com/2026/01/mandiant-finds-shinyhunters-using.html

🛑 A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses.

HarfangLab tracks the activity as RedKitten, using Excel files themed around deceased protesters to deliver malware.

The tooling relies on GitHub, Google Drive, and Telegram for configuration and control, with indicators suggesting parts of the code may be LLM-assisted.

🔗 Read → https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html