- HX Weekly by Hexagon Center
- Archive
- Page 1
Archive
Quishing on the rise
We’ve talked about this before. The QR you see everywhere, it’s not as innocuous as it looks. The FBI has issued a warning regarding a spike in "quishing"—phishing attacks using QR codes. High-profile groups (like North Korea’s Kimsuky) are using these to bypass our email security filters and hijack employee accounts.Rounding out the week, the European Space Agency (ESA) confirmed a massive data exposure involving over 700GB of scientific and contractor data, highlighting the persistent vulnerability of high-value research institutions to state-sponsored and criminal intrusion.
They’re back, breaches.
The first week of 2026 saw significant breaches targeting critical infrastructure and international scientific organizations. A 139 GB data leak from engineering firm Pickett and Associates exposed sensitive LiDAR and design files for major U.S. utility providers. The healthcare and retail sectors faced renewed pressure as ManageMyHealth reported a breach affecting 126,000 users and Ledger disclosed a third-party leak of customer order details.
Deepfakes and Hallucinations in 2026
By 2026, forecasts indicate that synthetic media could make up a large share of what people see online, undermining trust in authentic information and institutions. Generative models can create highly realistic fake news, cloned voices, and impersonations that are hard for humans to distinguish from real content, especially around elections and crises. This week’s cybersecurity news is dominated by new regulations, continuing ransomware campaigns, and a fresh wave of crypto, cloud, and smart‐contract attacks as 2026 begins. The main themes are tighter laws, insider-enabled breaches, and highly targeted financial and ransomware operations.
Surge in pig butchering and consumer threat scams
We are seeing a surge in holiday-themed threats, including a massive "mega-leak" of 16 billion credentials and a wave of over 30,000 Christmas-themed phishing emails. Major incidents reported this week include a significant data breach at 700Credit exposing 5.6 million Social Security numbers and a widespread "ToolShell" exploitation targeting SharePoint servers. Meanwhile, the SEC has filed charges against several crypto firms involved in a $14 million investment scam, underscoring the industrial scale of modern online fraud.
A gift card tip for you this Christmas
The story of high-profile developer Paris Buttfield-Addison, whose account—containing 30 years of data and $30,000 in hardware—was "nuked" by automated fraud systems after he tried to redeem a $500 card purchased at a major retailer, went viral before being resolved by Apple Executive Relations on December 18. The week also saw a massive data breach at 700Credit exposing 5.6 million people and a critical 16-terabyte unsecured database leak containing 4.3 billion professional records, underscoring a period of heightened risk for digital identity and financial security.
To believe or not to believe?
We want to talk about Liar’s Dividend. This week's biggest news is a simple but important reminder: keep your software updated! 📲 A number of popular programs, including the Google Chrome web browser that billions of people use every day, needed urgent patches to fix security holes. Also in the news, law enforcement successfully shut down a major online platform used by criminals to "wash" stolen Bitcoin, which is good news for fighting cybercrime!
For the 100th time!
HX Weekly is your timely, weekly reminder and resource guide from the Hexagon Center to help you maintain that crucial level of preparedness. We draw from a wealth of resources to equip you with the knowledge you need to keep attackers at bay and protect your domain—whether from lurking threats or those already attempting entry. We are here to help you stay ahead.
Your cybersecurity help may be only at your fingertips
This week, AI-driven cyber warfare was a dominant theme, with reports detailing sophisticated, automated attacks and critical vulnerabilities. A significant concern is the rise of "agentic" AI threats, where state-sponsored actors are allegedly using Large Language Models (LLMs) to fully automate espionage campaigns, performing reconnaissance, generating exploits, and exfiltrating data with minimal human intervention.
AI Tools Used In Phishing Attacks Globally
But what’s new? Recently, we have extensively discussed how attackers are increasingly employing agentic AI and generative AI to conduct attacks against us. This week's cybersecurity news is dominated by active exploitation of major vulnerabilities. U.S. temporarily revived two major cybersecurity laws, and the U.K. proposed a new resilience bill, while Microsoft is rolling out anti-screenshot features for Teams Premium.
Malvertising targets everyone. Yes, including you.
With malvertising playing a key role in the initial breach, malicious search engine ads are impersonating software installers—similar to the Microsoft Teams attack mentioned in today’s edition—to drop a backdoor into corporate machines. This underscores the trend of threat actors using trusted applications and platforms to gain an early foothold. In a significant parallel development, Google warned about a dramatic evolution in malware, identifying new strains that use Generative AI models to dynamically rewrite and mutate their code hourly to evade detection. These dual threats—using deceptive advertising for initial access and then deploying AI-enhanced malware—signal a rapidly adapting environment where both human vigilance and advanced defensive tools are increasingly necessary.
LastPass Last Phish?
If you believe that phishing scams had diminished or subsided, this week’s cybersecurity landscape was characterized by the active exploitation of critical vulnerabilities and, notably, phishing scams. A sophisticated phishing scam targeted LastPass users by sending them fraudulent “death claims” emails, with the intention of obtaining Master Passwords. This financially motivated campaign was associated with the CryptoChameleon group, underscoring the persistent threat posed by social engineering alongside nation-state activities that exploit flaws in Windows and target critical infrastructure.