Australia Moves to Enact Sweeping New Hate Speech and Extremism Laws

Australia’s Attorney-General Michelle Rowland announced on January 12 what she described as “the toughest hate laws Australia has ever seen,” unveiling the Combatting Antisemitism, Hate and Extremism Bill 2026, which the Albanese government plans to push through Parliament on January 20.

The bill introduces a new racial vilification offense banning the public promotion or incitement of hatred based on race, color, or national or ethnic origin, with penalties of up to five years in prison. It removes the requirement to prove actual harm, declaring it “immaterial” whether hatred occurs or anyone feels fear, and instead relies on how a hypothetical “reasonable” member of a targeted group might react. The definition of “public place” is expanded to include all electronic communications, extending criminal liability to online and recorded speech.

Religious teaching that directly quotes religious texts is exempt, while others must rely on “good faith” defenses. The bill also reverses the burden of proof for hate symbol offenses, requiring defendants to show a legitimate purpose, and grants police powers to order content removals and seize items. It further authorizes the Australian Federal Police Minister to designate “prohibited hate groups” without procedural fairness, including retroactively and across borders, with penalties of seven to fifteen years in prison for membership or support.

More via Reclaim the net

Can x402 micropayments save Open Source Software?

Last week the plight of Tailwind CSS, circulated widely. Tailwind is an open source web framework that finds itself in the odd position of it’s software being downloaded and used more than ever, yet traffic to their documentation and premium support services is plummeting.

The reason? AI. Various agents and coding suites are downloading Tailwind CSS for use in “vibe coding” but actual humans aren’t looking at the documentation, which is how Tailwind gets most of it’s premium customers.

The result: the founder had to lay off his entire team (widely billed as “75% of his workforce”, he had three devs helping himself, and had to let them go).

Mark thinks micropayments are the solution to this problem, especially if there’s a way to implement them for both human and agentic users.

Thanks new a new protocol specification called X402, the ability to do this is now a reality.

More on Mark’s article here:

https://easydns.com/blog/2026/01/10/can-x402-save-the-open-source-software-movement/

And a The HackerNews thread here (upvotes appreciated):

https://news.ycombinator.com/item?id=46568845

Claude Cowork Exfiltrates Files

Anthropic shipped Claude Cowork as an “agentic” research preview, complete with a warning label that quietly punts core security risks onto users. The problem is that Cowork inherits a known, previously disclosed isolation flaw in Claude’s code execution environment—one that was acknowledged and left unfixed. The result: indirect prompt injection can coerce Cowork into exfiltrating local files, without user approval, by abusing trusted access to Anthropic’s own API.

The attack chain is depressingly straightforward. A user connects Cowork to a local folder, uploads a seemingly benign document (or “Skill”) containing a concealed prompt injection, and asks Cowork to analyze their files. The injected instructions tell Claude to run a curl command that uploads the largest available file to an attacker-controlled Anthropic account, using an API key embedded in the hidden text. Network egress is “restricted,” except for Anthropic’s API—which conveniently flies under the allowlist radar and completes the data theft.

Once uploaded, the attacker can chat with the victim’s documents, including financial records and PII. This works not just on lightweight models, but also on more “resilient” ones like Opus 4.5. Layer in Cowork’s broader mandate—browser control, MCP servers, desktop automation—and the blast radius only grows. Telling non-technical users to watch for “suspicious actions” while encouraging full desktop access isn’t risk management; it’s abdication.

More via Promptarmour


VoidLink: A Stealthy New Cloud Malware Targets Linux Infrastructure

Cybersecurity researchers at Check Point Research (CPR) have identified VoidLink, a highly advanced malware toolkit designed specifically for Linux-based cloud environments used by large enterprises. Discovered in December 2025, VoidLink stands out for being cloud-first, rather than Windows-focused, and is attributed to a likely Chinese-affiliated threat group with strong expertise in Zig, Go, C, and React, as well as a Chinese-language command dashboard.

Once deployed, VoidLink detects major cloud platforms including AWS, Google Cloud, Microsoft Azure, Alibaba, and Tencent, with expansion planned for DigitalOcean and Huawei. It harvests sensitive SSH keys and Git credentials, embeds itself in Docker and Kubernetes containers, and selects stealth techniques—LD_PRELOAD, eBPF, or Linux kernel modules—based on the host system. Stolen data is disguised as benign files using a custom protocol called VoidStream.

The malware’s 37-plugin modular design, adaptive risk scoring, mesh networking, and ability to self-delete when analyzed underscore its sophistication. While no confirmed victims have been reported, researchers warn organizations to strengthen cloud security defenses against this emerging threat.

More via Hackread

DeadLock Ransomware Exploits Blockchain to Evade Detection

DeadLock, first detected in July 2025 by Group-IB, is a ransomware operation targeting multiple organizations while staying largely under the radar. Unlike typical double extortion attacks, it has no data leak site (DLS) and threatens to sell stolen data on the underground market. Using Polygon smart contracts, DeadLock conceals its C2 infrastructure and rotates proxy server URLs.

Victims receive an HTML wrapper for the decentralized messenger Session. Analyst Xabier Eizaguirre highlighted the method’s flexibility. Similar blockchain-based tactics appear in North Korean attacks like EtherHiding (GTIG, Feb 2025). Cisco Talos links DeadLock to BYOVD exploits and EDR-killing vulnerabilities, combining traditional encryption with innovative blockchain stealth.

More via The Register

Microsoft and Law Enforcement Take Down RedVDS Cybercrime Platform

Microsoft, with US and UK legal partners and Europol, seized RedVDS on January 14, a cybercrime-as-a-service platform powering phishing, business email compromise (BEC), and fraud campaigns. For just $24 a month, RedVDS gave criminals disposable virtual computers with unlicensed Windows, enabling anonymous attacks worldwide. Since March 2025, it has caused over $40 million in US losses, including H2-Pharma ($7.3M) and Gatehouse Dock Condominium Association ($500K), affecting nearly 190,000 organizations globally, mainly in the US, Canada, and UK. RedVDS leveraged generative AI to target victims and create realistic phishing emails, attachments, deepfake videos, and voice-cloned impersonations. Microsoft praised victim cooperation and urged organizations to use multi-factor authentication, update software, verify payment requests, and report attacks to help dismantle criminal networks and prevent future losses.

More via Infosecurity Magazine

Fortinet Patches Six Critical Vulnerabilities Across Key Products

Fortinet on Tuesday released patches for six vulnerabilities affecting FortiFone, FortiSIEM, FortiOS, FortiSwitchManager, FortiClientEMS, FortiVoice, and FortiSandbox. The most severe, CVE-2025-64155 (CVSS 9.4), is an OS command injection in FortiSIEM affecting Super and Worker nodes via TCP; fixed in versions 7.1.9–7.4.1, with risk reduced by limiting phMonitor port 7900 access.

CVE-2025-47855 (CVSS 9.3) in the FortiFone web portal can leak configurations via HTTP/HTTPS; patched in 3.0.24 and 7.0.2. CVE-2025-25249 (CVSS 7.4), a heap-based overflow in FortiOS/FortiSwitchManager’s cw_acd daemon, allows remote code execution; patches cover FortiOS 7.0.18–7.6.4, FortiSASE 25.2.c, FortiSwitchManager 7.0.6/7.2.7, with 6.4.17 forthcoming.

Workarounds include blocking fabric access, the capwap daemon, or CAPWAP-CONTROL ports 5246–5249. Medium-severity FortiClientEMS and FortiVoice flaws and a low-severity FortiSandbox bug were also fixed. No active exploitation reported; users should update immediately. Full details are on Fortinet’s PSIRT advisories page.

More via Security Week 

Elsewhere Online:

Fake PayPal Alerts Lead to Corporate Compromise via RMM Software
Read: https://www.infosecurity-magazine.com/news/hackers-fake-paypal-notices-deploy/

German Language Phishing Wave Abuses Cloudflare Infrastructure to Deliver AsyncRAT
Read: https://www.darkreading.com/endpoint-security/attackers-abuse-python-cloudflare-deliver-asyncrat

Hackers use SSRF and reconnaissance to map out popular AI models
Read: https://hackread.com/hackers-attack-ai-systems-fake-ollama-servers/

New Windows Security Patch Addresses Active Exploit and Over 100 Other Flaws
Read: https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html

Hackers Target Betterment Systems to Send Fraudulent Crypto Notifications
Read: https://techcrunch.com/2026/01/12/fintech-firm-betterment-confirms-data-breach-after-hackers-send-fake-crypto-scam-notification-to-users/

Previously on #AxisOfEasy