Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: China Hacked Email Systems Used by US Congressional Staff, New Report
This article reports on a sophisticated cyberespionage operation attributed to the Chinese threat actor known as Salt Typhoon, which successfully infiltrated the email systems of staffers serving on high-level U.S. House committees. These committees including those focused on China, foreign affairs, intelligence, and armed services handle unclassified but highly sensitive deliberations regarding national security and military strategy. The breach, detected in late 2025 and reported in January 2026, marks a significant escalation in the group’s activities. Salt Typhoon had previously gained notoriety for compromising major U.S. telecommunications providers like Verizon and AT&T to harvest call records and metadata, suggesting a persistent and long-term effort to map the internal communications of the American political and infrastructure landscape.
Strategically, the article highlights the unique value of the stolen data, which likely includes internal policy discussions and metadata that reveals the frequency and nature of interactions between key decision-makers. Cybersecurity experts cited in the report emphasize that even if classified networks were not directly breached, the ability to monitor the “low-hanging fruit” of staff email accounts provides Beijing with an intelligence “goldmine.” Such insights could allow the Chinese government to anticipate U.S. diplomatic moves, counter-espionage efforts, and legislative shifts before they are made public. Furthermore, the incident exposes a lingering vulnerability in congressional IT infrastructure; despite recent mandates for zero-trust models and multi-factor authentication, the persistence of legacy systems continues to provide entry points for state-sponsored actors.
The final section of the analysis addresses the diplomatic and political fallout described in the report. In response to the allegations, the Chinese Embassy in Washington dismissed the findings as “baseless speculation,” accusing the U.S. of spreading disinformation to smear China’s reputation. This predictable denial contrasts with the growing bipartisan pressure within the U.S. for tougher retaliation, including formal sanctions against the individuals and entities linked to the Ministry of State Security. Ultimately, the article portrays the breach as a symptom of the intensifying rivalry between Washington and Beijing, where the digital front has become a primary battlefield for eroding institutional trust and gaining a competitive edge in global policy.
Projects
Videos
Articles
- U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware – The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.
- University of Phoenix data breach impacts nearly 3.5 million individuals – The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university’s network in August.
- Palo Alto Networks security-intel boss calls AI agents 2026’s biggest insider threat – interview AI agents represent the new insider threat to companies in 2026, according to Palo Alto Networks Chief Security Intel Officer Wendi Whitmore, and this poses several challenges to executives tasked with securing the expected surge in autonomous agents.
- US broadband provider Brightspeed investigates breach claims – Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang.
- Hacktivist deletes white supremacist websites live onstage during hacker conference – A hacktivist remotely wiped three white supremacist websites live onstage during their talk at a hacker conference last week, with the sites yet to return online.
- NordVPN Denies Breach After Hacker Leaks Data – The VPN company has conducted an investigation after a threat actor claimed to have hacked its systems.
- Dozens of Major Data Breaches Linked to Single Threat Actor – The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations.
- ClickFix attack uses fake Windows BSOD screens to push malware – A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.
- China Hacked Email Systems Used by US Congressional Staff, New Report – A sophisticated Chinese hacking group known as Salt Typhoon has breached email systems used by U.S. Congressional staff, targeting committees focused on China, foreign affairs, intelligence, and armed services.
- FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing – The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.
- Illinois man charged with hacking Snapchat accounts to steal nude photos – U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online.
- New China-linked hackers breach telcos using edge device exploits – A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe.