FBI Accesses Microsoft BitLocker Keys in Guam Fraud Case

In early 2025, the FBI served Microsoft in Redmond with a warrant for BitLocker recovery keys to access three laptops linked to Charissa Tenorio and others involved in Guam’s Covid unemployment program, suspected of fraud.

Microsoft complied, marking its first known release of keys to law enforcement. Experts warn that cloud-stored keys, unlike Apple or Google’s encrypted alternatives, pose broader privacy risks. The Guam case is ongoing.

Read: https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
More via Forbes

Open Source Supply Chains Under Attack: Malicious Packages Surge

Developers downloaded 9.8 trillion components from Maven Central, PyPI, npm, and NuGet in 2025, amid 454,648 newly identified malicious packages, according to Sonatype’s 2026 State of the Software Supply Chain report. Threats have evolved from spam to sustained, often state-sponsored campaigns, exploiting registries and CI/CD pipelines near sensitive data.

Malicious packages serve as first-stage intrusions—56% involve repository abuse, 28% are unwanted apps, and others include droppers, backdoors, and secrets exfiltration. Attackers leverage typosquatting, namespace confusion, and workflow lures, while AI models, container images, and LLM-assisted upgrades amplify risk. Severe vulnerabilities persist: 40% of Maven and 39% of NuGet releases carry CVSS 9+, 65% of CVEs remain unscored, and workflow inertia continues to expose development pipelines.

Read: https://www.infosecurity-magazine.com/news/454000-malicious-open-source/
More via Info Security 

Cybercrime Alliance Hits 100+ Global Organisations with Vishing Attacks

ShinyHunters and Scattered Lapsus$ Hunters, operating as the SLSH alliance, are targeting over 100 organisations with sophisticated voice phishing attacks. Using a Live Phishing Panel, they mimic SSO portals like Okta to steal passwords and multi-factor codes, gaining full access to company apps and data.

They exfiltrate sensitive files for ransom, lock data if ignored, and impersonate staff on Slack and Teams. Recent victims include Telstra, Mercury Insurance, Canva, ZoomInfo, SoundCloud, Crunchbase, Betterment, and Panera Bread. Experts advise staff vigilance, reporting unusual login requests, monitoring new device alerts, and blocking suspicious domains to prevent breaches.

Read: https://hackread.com/shinyhunters-target-firms-bypass-sso-security/
More via Hack Read

US Seizes RAMP Cybercrime Forum, Disrupting Ransomware Hub

US authorities have seized the Russian Anonymous Marketplace (RAMP) forum’s dark web and clearnet domains, a major hub for ransomware gangs, extortionists, and initial access brokers. The sites now display “This Site Has Been Seized,” crediting the FBI, the US Attorney’s Office for the Southern District of Florida, and the DOJ’s Computer Crime and IP Section, along with a mocking banner featuring Masha from a Russian cartoon.

Alleged operator Stallman confirmed the loss but plans to continue buying access. Experts, including Tammy Harper of Flare, note that groups like Nova and DragonForce are shifting to Rehub, introducing operational risks while offering rare intelligence opportunities for law enforcement.

Read: https://www.theregister.com/2026/01/28/fbi_seizes_ramp_forum/
More via The Register 

TikTok US Expands Data Access Under New Joint Venture

TikTok US now operates under TikTok USDS Joint Venture LLC, a consortium of Oracle, Silver Lake, and Abu Dhabi’s MGX, with ByteDance keeping under 20%. The move enables optional precise location tracking, previously limited to IP and SIM data, mirroring Europe’s “Nearby Feed.”

TikTok will also collect AI prompts and metadata, with Oracle securing the recommendation algorithm in its US cloud. The restructure resolves US-China tensions after 2024 legislation requiring ByteDance to divest or face a ban, localizing US user data control while broadening TikTok’s collection rights.

Read: https://reclaimthenet.org/tiktok-us-expands-data-collection-under-new-joint-venture
More via Reclaim the Net

Elsewhere Online:

Major n8n Security Gaps Threaten Cloud and Self Hosted Environments with RCE
Read: https://www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/

Critical Fortinet Vulnerability Under Attack Allows Unauthorized Admin Access
Read: https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html

PackageGate Flaws Expose JavaScript Ecosystem to Supply Chain Attacks
Read: https://www.securityweek.com/packagegate-flaws-open-javascript-ecosystem-to-supply-chain-attacks/

Nike Investigates Massive 1.4TB Data Breach Claimed by WorldLeaks
Read: https://www.darkreading.com/cyberattacks-data-breaches/worldeaks-extortion-group-stole-1.4tb-nike-data

ESET Attributes Failed Energy Grid Cyberattack in Poland to Russian Intelligence
Read: https://techcrunch.com/2026/01/23/researchers-say-russian-government-hackers-were-behind-attempted-poland-power-outage/

Previously on #AxisOfEasy