Ireland Moves to Expand Digital Surveillance Powers

The Irish government is set to introduce the Communications (Interception and Lawful Access) Bill, replacing the outdated 1993 Postal Packets and Telecommunications Messages Act. Justice Minister Jim O’Callaghan described the legislation as “long overdue,” aiming to give law enforcement authority to intercept all communications—including IoT devices, emails, and messaging platforms—“whether encrypted or not.”

While technical methods for accessing encrypted messages remain unspecified, the bill includes legal safeguards, privacy protections, and provisions for cooperation with service providers. Aligned with the European Commission’s 2024 roadmap on lawful interception and encryption, the legislation also legalizes spyware in strictly necessary cases under judicial oversight. Police would also gain powers to scan electronic equipment in specific locations, including using IMSI catchers, to identify people of interest and associates in serious crime investigations.

More via The Register

Senators Reintroduce KOSMA, Raising Age Verification and Privacy Concerns

Senators Ted Cruz and Brian Schatz have revived the Kids Off Social Media Act (KOSMA), citing studies linking heavy screen time to anxiety, depression, and social isolation in youth. The bill would ban social media for children under 13 and limit algorithms for teens 13–17, while legally obligating platforms to remove underage accounts.

Expected mandatory age verification—using IDs or biometrics—and linking school funding to phone restrictions could expand surveillance, override parental oversight, and lay the groundwork for a digital ID–based internet, raising broader privacy concerns.

More via Reclaim The Net

New Linux Malware Built by AI and One Developer

Following up on last week’s report on VoidLink, new analysis confirms the sophisticated Linux malware was built by a single Chinese-speaking developer with the help of AI coding agent TRAE SOLO, reaching 88,000+ lines and functional implant in under a week.
Using Spec Driven Development and Chinese-language planning documents, the AI generated standardized debug output, API versioning, and JSON templates.

Check Point confirmed precise alignment with instructions. Experts Eli Smadja, Group-IB, and Craig Jones warn AI is accelerating complex malware, while dark web tools like Nytheon AI make advanced cybercrime more accessible globally.

More via The Hacker News

Google Gemini AI Vulnerability Exposes Calendar Data

Researchers at security firm Miggo uncovered a prompt injection flaw in Google’s Gemini AI that lets attackers access sensitive data through Google Calendar. Malicious instructions hidden in event descriptions can bypass privacy controls, exfiltrate private meetings, and create deceptive events without user action.

Triggered by routine scheduling questions, the attack exploits Gemini’s automatic parsing of calendar data. Traditional security measures fall short, requiring semantic monitoring, intent tracking, and full application-layer governance to protect AI-powered tools.

More via Dark Reading 

Tennessee Hacker Pleads Guilty to Breaching Supreme Court, AmeriCorps, and VA Systems

Nicholas Moore, 24, of Springfield, Tennessee, pleaded guilty to hacking the U.S. Supreme Court’s filing system, AmeriCorps’ network, and the Department of Veterans Affairs. Using stolen credentials, he accessed victims’ accounts and posted personal data on Instagram, @ihackthegovernment.

Supreme Court victim GS had their name and filing records exposed. AmeriCorps victim SM’s details included name, birthdate, email, address, phone, citizenship and veteran status, service history, and the last four digits of their SSN. VA victim HW’s health information, including medications, was shared via a MyHealtheVet screenshot. Moore faces up to one year in prison and a $100,000 fine. The case highlights the breadth of government systems targeted and the public exposure of sensitive personal and health data.

More via Techcrunch 

Elsewhere Online:

New EU Proposal Strengthens Supply Chain Security and ENISA Authority
Read: https://www.infosecurity-magazine.com/news/eu-unveils-cybersecurity-act-2/

Over 800 GB of Customer and Internal Data Stolen from McDonald’s India
Read: https://hackread.com/everest-ransomware-mcdonalds-india-breach-customer-data/

Fake Maintenance Emails Target LastPass Users to Steal Master Passwords
Read: https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html

UStrive Remediates Security Lapse That Exposed Private Details of High School Students
Read: https://techcrunch.com/2026/01/20/ustrive-security-lapse-exposed-personal-data-of-its-users-including-children/

Fake Ad Blockers Deliver Malware via New CrashFix Social Engineering
Read: https://www.darkreading.com/cyberattacks-data-breaches/crashfix-scam-crashes-browsers-delivers-malware

Previously on #AxisOfEasy