In today’s cybersecurity news…
Gemini prompt injection flaw exposes calendar info
Miggo Security found a prompt injection issue in Google Gemini that lets attackers hide instructions inside calendar invites. When users asked Gemini basic scheduling questions, the model copied private meeting details into a new calendar event visible to the attacker. Google patched the issue after disclosure. Researchers say AI-native workflows broaden the attack surface as other labs recently demonstrated similar data exfiltration and privilege escalation paths across Copilot, Vertex AI agents, and multiple AI coding IDEs. (The Hacker News)
Hacker admits to leaking stolen Supreme Court data
24-year-old Nicholas Moore, of Springfield, Tennessee pleaded guilty to hacking the U.S. Supreme Court’s electronic filing system more than 25 times in 2023 using stolen credentials, then posting screenshots to an Instagram account to show off the breach. Prosecutors say he also accessed AmeriCorps and VA systems with stolen logins, leaking personal and health data from victims. He faces up to a year in prison and a $100,000 fine. (BleepingComputer)
Researchers uncover PDFSIDER malware
PDFSIDER is a newly documented backdoor malware delivered via DLL side-loading in spear-phishing ZIP files. Security firm Resecurity says it uses a fake PDF24 executable to evade AV and EDR, runs commands in memory over an AES-encrypted C2 channel, and includes anti-VM checks, DNS exfiltration, and decoy intelligence docs. Researchers describe it as APT-style tooling focused on stealth and long-term access rather than mass infection. (Infosecurity Magazine)
Acting CISA chief sought ouster of CIO
Politico’s sources say acting CISA director Madhu Gottumukkala moved to push out the agency’s Chief Information Officer Robert Costello last week, issuing a rapid reassignment that would have forced him to resign or transfer within the Department of Homeland Security. Senior political appointees reportedly objected and DHS halted the move. Costello is viewed by many as one of CISA’s strongest technical leaders. Sources say Costello and Gottumukkala previously clashed on contracting and policy decisions. (Politico)
Huge thanks to our sponsor, Dropzone AI
By the time they piece together the evidence, forty-five minutes have passed. Was it a real threat or another false positive? The clock is ticking.
Tomorrow, I’ll tell you how 300 enterprises solved this exact problem. But if you can’t wait, head over to dropzone.ai to learn more.
Malware broker set for sentencing
Jordanian national Feras Khalil Ahmad Albashiti pleaded guilty to acting as an initial access broker, selling network access and malware to an undercover FBI agent in 2023. Prosecutors say Albashiti, operating as “r1z,” facilitated attacks against at least 50 US companies and sold an EDR-disabling tool that ultimately exposed his IP address and tied him to a $50 million ransomware incident. He was extradited in 2024 and faces sentencing in May with up to ten years in prison and a $250,000 fine. (The Register)
Ingram Micro says attack affected 42k+ people
Ingram Micro disclosed updated details from its July 2025 ransomware incident, confirming stolen data affected more than 42,000 people, including Social Security numbers and job applicant records. The attack caused a days-long outage, work-from-home orders, and 3.5TB of documents stolen. While the company still hasn’t formally attributed the breach, SafePay claimed responsibility last summer and has since become one of the most active ransomware crews, filling gaps left by LockBit and BlackCat. (BleepingComputer)
TP-Link patches VIGI camera vulnerability
TP-Link pushed fixes for a high-severity auth bypass in more than 32 VIGI and VIGI InSight surveillance camera models. Redinent co-founder Arko Dhar says attackers can reset admin passwords and take full control, including video feeds. When he found the bug back in October he counted more than 2,500 exposed cameras online. The cameras are widely deployed globally and previous TP-Link flaws have been abused in the wild, making patching urgent. (SecurityWeek)
Windows 11 shutdown bug forces Microsoft into out-of-band damage control
Microsoft issued an out-of-band Windows 11 update on January 17th to fix shutdown, restart, and hibernation issues caused by January’s Patch Tuesday. The problem affected systems with System Guard Secure Launch enabled, preventing proper shutdowns and causing laptops and desktops to drain power. The update also addresses a Remote Desktop authentication bug, while a separate Outlook POP issue remains unresolved. Microsoft urges affected users to install KB5077797, reminding us that security updates can create unexpected side effects. (The Register)