Create a Zero Trust Tax Season

This week’s headlines were dominated by a record-breaking 31.4 Tbps DDoS attack linked to the "apex" of botnets, alongside reports that Italian Winter Olympics systems are being targeted by cyberattacks of Russian origin. Critical data security incidents also emerged, including a breach at fintech firm Betterment exposing 1.4 million accounts and a separate notification from the newsletter platform Substack. Supply chain concerns intensified as the Notepad++ official update mechanism was reportedly hijacked to deliver malware, while researchers uncovered a vast cyber-espionage operation targeting dozens of governments worldwide. Additionally, UK leaders issued a stark warning that the country remains vulnerable to "absorbing" hybrid attacks without stronger offensive deterrence measures.

AuthorAuthorAuthor

Daniel Masterson, Ai Courtrie Buson & Bard Gee
February 06, 2026

for the week February 1, 2026, 107th edition

Your quick weekend update and reminder.
☝️ TWA
Linkin Park Fall GIF

Gif by suchyw0w on Giphy

It’s an especially good habit for tax season.

See glossary for definition of “zero trust.”

🤷‍♀️ What now?: Are there any accounts out there that you think you might need to change or make stronger?

Tools: Consider a password manager (not risk-free) or different ways of authentication.

  • The ICE-tracking service says it doesn't store usernames or addresses

  • ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been "sent to the authorities."

about this edition and Inside Hexagon

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords, consider using long passwords that are totally random and irrelevant to you.

This week’s cybersecurity news may not be so much breaches but is almost overwhelmingly pure cyber attacks. The threat is real.

It’s official, we are releasing commercials on our YouTube channel, https://www.youtube.com/@HexagonCenter. Please support the channel by subscribing or visiting our homepage at hexagoncenter.org 

HOUSEKEEPING

Glossary/Legend:

  • Vishing - the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

  • SaaS - “software as a service” is a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers.

  • DDoS - “distributed denial of service“ is a target with a distributed denial of service attack.

  • Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources. 

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  • Moltbook is a newly launched (January 2026) "social network" designed exclusively forAI agentsto interact, post, comment, and upvote content, with humans acting only as observers.

  1. Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  2. Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  3. Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

DISCLAIMER

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.