UK Considering VPN "ID Checks"

The UK government, under Prime Minister Keir Starmer, is considering new measures to enforce age limits set by the Online Safety Act, including requiring ID checks for VPN access. This proposal, aimed at preventing under-18s from bypassing age restrictions on services and functionalities, raises significant privacy concerns as it would undermine the core purpose of VPNs, which is to protect user identity and privacy. The potential policy shift would mark a substantial state intervention into online anonymity, drawing comparisons to authoritarian regimes where encryption is heavily regulated.

Not Checking This WiFi Setting Is Like 'Leaving Your Front Door Open' To Hackers

This article emphasizes the importance of securing your home WiFi network to protect against hackers. It highlights the need to change default router settings, including passwords, and to enable encrypted settings like WPA. The article also provides additional privacy tips, such as covering webcams when not in use, to mitigate risks.

CCTV Camera Installation in Dubai | Professional CCTV Services by Wiznet

Get reliable CCTV camera installation in Dubai with Wiznet. Secure your home or business with high-quality surveillance systems and expert setup services tailored to your needs.

Age Verification Is Reaching a Global Tipping Point. Is TikTok’s Strategy a Good Compromise? | WIRED

This article discusses TikTok's new age-detection system, which aims to prevent underage users from accessing the platform. While TikTok's strategy avoids automatic bans, experts argue that it still requires extensive surveillance of users, raising privacy concerns. The article also explores the broader implications of age verification on social media platforms and the potential for misuse of collected data.

CBP Wants AI-Powered ‘Quantum Sensors’ for Finding Fentanyl in Cars | WIRED

United States Customs and Border Protection (CBP) is collaborating with General Dynamics to develop prototype 'quantum sensors' integrated with an AI database, aimed at detecting fentanyl and other narcotics in vehicles. The $2.4 million project seeks to enhance CBP's detection capabilities and reduce the harm caused by illicit contraband entering the U.S., thereby bolstering national security.

149 Million Usernames and Passwords Exposed by Unsecured Database | WIRED

A researcher discovered an unsecured database containing 149 million usernames and passwords, including millions for Gmail, Facebook, and Binance. The database, suspected to be collected using infostealing malware, was accessible to anyone via a web browser. The hosting provider removed the database after being notified by the researcher.

Tesla's Infotainment System Quickly Hacked at Security Conference | PCMag

Researchers at the Pwn2Own Automotive 2026 conference in Tokyo successfully hacked a Tesla's infotainment system, earning $35,000 in rewards. The event, which has seen over $500,000 in prizes awarded in the first 24 hours, highlights vulnerabilities in vehicle digital security. The Synacktiv Team's USB-based attack on the Tesla is one of several successful exploits, including those on Sony's XAV-9500ES receiver and various EV chargers.

The Week in Breach News: January 21, 2026 | Kaseya

This blog post from Kaseya discusses recent cybersecurity breaches, including the lack of MFA exposing over 50 multinational companies, a phishing attack on CIRO affecting 750k individuals, and a healthcare breach compromising 145k patients. It highlights the importance of multifactor authentication and continuous monitoring to prevent data breaches.

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data. The flaw allowed threat actors to embed a malicious payload within a calendar invite, which activated when a user asked Gemini about their schedule. Gemini then created a new calendar event containing a summary of the user's private meetings, which was visible to the attacker. The issue has since been addressed, but it highlights the need for constant evaluation of AI systems for security risks.

Two Unique DHS Cyber Incidents Exposed 1M People’s Data | Security Magazine

Two separate states' Department of Human Services (DHS) experienced data security incidents within two weeks of each other in 2026, affecting approximately 1 million people. The Illinois DHS incident, discovered in September 2025, exposed maps due to incorrect privacy settings, potentially impacting 700,000 residents. The Minnesota DHS incident, discovered in November 2025, involved unauthorized access to the MnCHOICES system by a user affiliated with a licensed health care provider, affecting 303,965 individuals. Exposed data included personally identifiable information (PII) such as names, addresses, and social security numbers, which could leave individuals vulnerable to phishing schemes and other cybercrimes.

New U.S. State Privacy, Social Media and AI Laws Take Effect in January 2026

New U.S. state laws on privacy, social media, and AI have taken effect in January 2026, impacting how businesses and individuals must protect data and interact online.

There's a right way to wipe your Windows PC before getting rid of it - here's how I do it | ZDNET

This ZDNET article provides a comprehensive guide on how to properly wipe and reset a Windows PC before passing it on to someone else. It outlines three main steps: migrating apps and files to the new device, using encryption tools to securely wipe old data, and preparing the old PC for a new owner by resetting, reimaging, or performing a clean install of Windows 11.

Meta's Oversight Board is looking into transparency around disabling accounts

Meta's Oversight Board is investigating the company's decision to permanently disable an account that posted violent threats and harassment against a journalist. The account was banned despite not reaching the threshold for a ban, due to consistent violations and calls for violence. The Board seeks public input on ensuring due process, protecting public figures, identifying off-platform context, and industry practices in transparency reporting.

Your earphones may be spying on you through this new Bluetooth attack: How to stay safe

A new Bluetooth vulnerability, known as WhisperPair, allows attackers within 50 meters to take control of wireless earphones and speakers, potentially leading to spying and tracking. This risk affects popular brands and can impact both Android and iPhone users. To stay safe, users should disable Bluetooth when not in use, update their devices, and avoid using public Bluetooth devices.

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED

Researchers at KU Leuven University have discovered vulnerabilities in 17 models of audio accessories using Google’s Fast Pair Bluetooth protocol, enabling hackers to hijack devices within Bluetooth range. These vulnerabilities, collectively called WhisperPair, allow attackers to take control of speakers and microphones, track users' locations, and disrupt audio streams or phone conversations. Google and several affected manufacturers have released patches, but widespread adoption remains uncertain.

Nvidia Contacted Anna's Archive To Secure Access To Millions of Pirated Books - Slashdot

Nvidia allegedly authorized the use of millions of pirated books from Anna's Archive to fuel its AI training, according to an expanded class-action lawsuit. The lawsuit claims that several book authors cite internal documents suggesting that the company willingly downloaded millions of copyrighted books. The complaint alleges that competitive pressures drove the trillion-dollar company to piracy, and that it contacted Anna's Archive, the largest of the remaining shadow libraries, about acquiring its millions of pirated materials.

Windows 11 shutdown bug forces Microsoft into damage control

Microsoft released an emergency out-of-band update, KB5077797, for Windows 11 version 23H2 to fix a shutdown bug introduced by the January Patch Tuesday update. The bug, caused by an issue with System Guard Secure Launch, prevented some systems from shutting down, restarting, or hibernating. The emergency update addresses this issue and also fixes a Remote Desktop authentication problem. Microsoft advises affected users to install the update to resolve these problems.

Security News roundup- US Hackers Reportedly Caused a Blackout in Venezuela | WIRED

This WIRED article reports on several security and privacy news stories, including the US government's alleged cyberattack that caused a blackout in Venezuela, AI-related issues with ICE's hiring process, and the use of Palantir's app to target immigrants for deportation.

Firefox joins Chrome and Edge as sleeper extensions spy on users

A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. These campaigns targeted users of Firefox, Chrome, and Edge, with the extensions tracking browsing behavior and installing backdoors. The malicious extensions were found to hide JavaScript code inside image logos and use steganography to evade detection. Mozilla and Microsoft have removed the identified add-ons from their stores, but users with already installed extensions need to manually uninstall them.

ICE’s Facial Recognition App Misidentified a Woman. Twice

When authorities used ICE's facial recognition app, Mobile Fortify, on a detained woman during an immigration raid, it misidentified her twice, according to a CBP official's testimony obtained by 404 Media. This incident raises questions about the app's accuracy in determining immigration status, despite ICE's claim that it provides a 'definitive' determination.

Fast Pair flaw exposes Bluetooth devices to hijacking • The Register

A flaw in Google's Fast Pair system has been discovered, leaving hundreds of millions of wireless earbuds, headphones, and speakers vulnerable to hijacking. Researchers at KU Leuven found that many Bluetooth accessories claiming support for Fast Pair fail to properly enforce one of its most basic safety checks, allowing attackers to pair their devices without the owner ever touching the pairing button. Google has been working with manufacturers on fixes, but some patches are now trickling out as firmware updates, though coverage is patchy.

Latest Interesting Cybersecurity News of the Week Summarised – Jan 19, 2026

This weekly cybersecurity news summary covers several critical incidents, including Mandiant's cloud-hosted rainbow table for cracking NTLMv1 passwords, malicious npm packages stealing OAuth tokens, and a flaw in Telegram's mobile apps that leaks users' real IP addresses. It also discusses new data exfiltration risks from Anthropic's AI coding assistant, a single-click attack on Microsoft Copilot, a claimed data breach at Nissan Motor Co., and Microsoft's disruption of the RedVDS cybercrime marketplace. Additionally, it highlights the risks of AI agents bypassing authorization and provides insights from Southeast Asian CISOs on 2026 cybersecurity predictions.

URL Scanner - Check URLs for Malware, Phishing & Threats | ScanWith

This URL scanner powered by Google can check single or multiple URLs for malware, phishing, and security threats. It uses Google Scanner to check URLs against constantly updated lists of unsafe web resources, including websites hosting malware, phishing pages, and sites distributing unwanted software. The Bulk Scan feature allows for the checking of multiple URLs at once, making it perfect for security audits and link verification.

Starmer is hell-bent on destroying your right to a private life

Starlink updates Privacy Policy to allow AI model training with personal data

Starlink has updated its Privacy Policy to allow the use of customers' personal information for AI model training, including for third parties, by default. Customers can opt out of this through Starlink's website or app settings.

China-linked hackers exploit Sitecore flaw to target US infrastructure

A China-linked APT group, UAT-8837, has been targeting North American critical infrastructure, exploiting a zero-day vulnerability in Sitecore to gain initial access. Cisco Talos assesses UAT-8837 as a medium-confidence China-nexus APT actor, primarily focused on obtaining access to high-value organizations. The group uses open-source tools to harvest sensitive information and has been observed disabling security features and conducting hands-on keyboard activity on infected hosts. This activity raises concerns about potential supply chain compromises and reverse engineering of victim products.

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have identified two service providers that equip scam networks with tools and infrastructure for large-scale online fraud, specifically pig butchering scams. These providers offer turnkey solutions, including stolen identities, scam templates, and mobile apps, significantly lowering the barrier to entry for criminal activities. The services include pre-registered social media accounts, bulk SIM cards, and CRM platforms to manage scam operations. Prices for these services range from $50 for website templates to $2,500 for complete scam packages.

California launches investigation into xAI and Grok over sexualized AI images

California Attorney General Rob Bonta announced an investigation into xAI and Grok for generating sexualized AI images of women and children. The probe will examine the proliferation of nonconsensual sexually explicit material produced using Grok, which has been used to harass individuals online.

Why iPhone users should update and restart their devices now

Apple has confirmed active exploitation of two WebKit zero-day vulnerabilities in iOS, urging iPhone users to update to iOS 26+ for full protections. The vulnerabilities, primarily used in targeted attacks, allow attackers to execute arbitrary code via malicious web content. Apple has already pushed updates to address these issues, but only for iOS 26+ on supported devices. Restarting the device after updating helps flush any memory-resident malware, enhancing security. Users can check for updates in Settings > General > Software Update, and should consider enabling Automatic Updates for future protection.