Archive for January 13, 2026

Guest Post: 115 CVEs Mark One of the Biggest January Patch Tuesdays Yet

Posted in Commentary with tags on January 13, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

CISOs this month should be paying a lot of attention to CVE-2026-21265 and the guidance associated with it. More specifically, they should be looking at the Windows Secure Boot certificate expiration and CA Updates that Microsoft published June 26, 2025. When the Secure Boot certificates expire in June of this year, organizations that haven’t prepared will not only find Secure Boot no longer operational, but they may also find that Windows boot manager and Secure Boot vulnerabilities have become an issue. It is important to note that the document is not a single page, but contains a multitude of links – including an entire deployment playbook for IT professionals. With less than half a year to prepare, it is time to ensure that environments and teams are prepared for this update.

One of the more interesting updates this month is the Windows Agere Soft Modem Driver elevation of privilege (CVE-2023-31096). It is not often that you see a CVE from 3 years ago show up, but Microsoft is finally cleaning up a problem that has been around for a while. This driver ships with Microsoft Windows, but according to a post about this vulnerability, the driver has been EOL since 2016. The solution to this vulnerability is simply to remove the impacted drivers, agrsm64.sys and agrsm.sys, from systems.

If you’re a fan of statistics, here’s one for you. Microsoft moved away from the security bulletin system in February of 2017 and ushered in the new era of security guidance. Last year, January 2025, saw the largest January Patch Tuesday under this new system with 162 CVEs. This year, we see the third largest January Patch Tuesday with 115 CVEs. For those wondering, 2022 had the second largest January Patch Tuesday with 127 CVEs. This is also only the third time that we’ve seen more than 100 CVEs under the security guidance system. We’re sitting above the average 89 CVEs that we’ve seen over the 9 January Patch Tuesdays that we’ve had under the new system.

Leave a comment »

Target Appears To Have Been Pwned By Hackers

Posted in Commentary with tags on January 13, 2026 by itnerd

Yesterday, BleepingComputer exclusively reported that hackers claimed to be selling Target’s internal source code and developer documentation after publishing a sample of stolen repositories on public software development platform, Gitea.

The hacker’s listings include 57,000 files and directory names, with an advertised total dump size of around 860 GB that the threat actor says is being offered for sale. The repositories appear to originate from Target’s private development environment, reportedly showing internal naming conventions, commit metadata with engineer names, and references to internal systems.

After security researchers contacted Target about the exposed repositories, the sample files were taken offline and Target’s developer Git server (git.target.com) became inaccessible from the internet, effectively taking the dev infrastructure offline as part of the company’s response. In parallel, Target also implemented an “accelerated” lockdown of its Git environment, restricting access to require connection via the company’s VPN or managed network to help prevent further unauthorized access.

Multiple current and former Target employees have since corroborated that the leaked source code samples match real internal platforms, tooling, and technology stacks used by the company, including references to CI/CD systems, Hadoop datasets, and proprietary service names.  

Target has not publicly confirmed the full scope of any breach or whether the entire dataset was exfiltrated.

Michael Bell, Founder & CEO, Suzu Labs had this to say:

   “Source code exposure gives attackers a roadmap. They can study authentication flows, find hardcoded secrets, identify vulnerable dependencies, and understand internal architecture before launching follow-on attacks. The code becomes reconnaissance.

   “The “accelerated” lockdown to require VPN access raises an obvious question… why wasn’t that already required? Exposing internal Git servers to the public internet, even behind authentication, creates unnecessary attack surface. The fact that this change was accelerated after the breach suggests the access controls weren’t where they should have been.

   “Employee confirmation of authenticity matters more than the threat actor’s claims. Anyone can claim to have breached a company. When current and former employees independently verify that internal system names, CI/CD tooling, and proprietary project references match real infrastructure, that’s substantive validation.

   “The infostealer angle is worth watching. Hudson Rock identified a compromised Target employee workstation from September 2025 with access to IAM, Confluence, wiki, and Jira. No confirmation it’s connected, but infostealer logs are increasingly how initial access happens. Credentials get harvested, sit in underground markets, and show up months later when someone decides to monetize them.”

John Carberry, CMO, Xcape, Inc. follows with this comment:

   “The reported thiler’s technical security, potentially giving attackers a detailed understanding of their digital infrastructure. The leak of 57,000 files, including CI/CD pipelines, Hadoop setups, and proprietary service names, offers a “blueprint for exploitation.” This enables future attackers to find hardcoded secrets or vulnerabilities in Target’s supply chain.

   “Target’s quick response, including taking down its Git server, while necessary, shows a failure to protect its developers from credential theft or misconfiguration. This breach is especially harmful because it reveals the names and details of internal engineers, creating a targeted list for spear-phishing or social engineering.

   “Unlike a simple data breach, a source code leak is a persistent threat on the dark web, as researchers can now analyze Target’s core business logic for vulnerabilities offline. Target spent over a decade rebuilding its reputation after the 2013 POS breach. This exposure of their internal code indicates the importance of network segmentation and identity-first security.

   “When source code leaks, attackers stop probing and start hunting.”

Ryan McCurdy, VP of Marketing, Liquibase adds this:

   “This is a reminder that delivery infrastructure is now part of the attack surface. Locking Git behind a managed network or VPN is a practical containment step, but containment isn’t the same as trust. At enterprise scale, the real control point is before production: governance at the point of change with enforced access, separation of duties, automated policy gates, and audit-grade evidence from commit to deployment. And the database layer is where this matters most, because one ungoverned schema change can ripple across applications, analytics, and AI workloads. Runtime is response. Trust is built before production.”

The good thing is that Target shut this down pretty quickly. But to be frank, they may have a fair amount of damage control to do as it’s hard to put the genie back in the bottle once is has been let out.

Leave a comment »

The Department Of War Welcomes a NEW Defense Unicorn

Posted in Commentary with tags on January 13, 2026 by itnerd

Today, Defense Unicorns announced the completion of a $136 million Series B financing round led by Bain Capital. The investment brings the company to unicorn status with a valuation exceeding $1 billion, driven by the company’s rapid and profitable growth. The company has seen a 300% increase in adoption year-over-year in military systems.

The Department of War is prioritizing modernization and speed, and Defense Unicorns’ platform addresses a critical infrastructure challenge by enabling secure, rapid software updates across disconnected environments from submarines, ships, and aircraft to forward operating bases. Warfighters often operate in conditions where connectivity is limited or nonexistent, and the ability to deploy software updates securely and instantly is now essential to mission success. Unicorn Delivery Service (UDS) bridges high security requirements while supporting partners and allies with modern softwaresolutions essential for next-generation national security capabilities.

The funding round was led by Bain Capital’s Tech Opportunities fund, the growth technology platform of Bain Capital. With participation from Ansa Capital, Sapphire Ventures, Valor Equity Partners, AVP, Uncorrelated Ventures, and the former Director of the Central Intelligence Agency, David H. Petraeus.

The new capital will enable Defense Unicorns to further scale and integrate open-source and commercial dual-use technology throughout the U.S. military and allied forces. To address the most critical modernization needs in defense, the company plans to advance product development across the following strategic products:

● UDS: A secure, portable, airgap-native runtime platform, purpose-built to solve DOW-specific software delivery challenges. UDS makes deploying and updating software on military systems fast and easy, with essential tools for packaging, deploying, monitoring, and sustaining mission applications.

● UDS Registry: The first software registry of its kind to offer the speed, reliability, and mission-critical performance required by military systems operating in the most extreme environments. UDS Registry gives the U.S. and our allies an American-maintained solution that secures our software supply chain and maintains trust and reliability across the software development lifecycle.

● UDS Army: A new approach to accelerate the continuous delivery of secure, mission-ready software to soldiers. UDS Army gives commercial software vendors a faster, simpler path to bring their capabilities to Army missions by combining secure DevSecOps pipelines with pre-authorized cloud environments.

Leave a comment »

Worldwide Ransomware Research for 2025: Attacks Increased 32% Globally: Comparitech

Posted in Commentary with tags on January 13, 2026 by itnerd

Comparitech has published its annual Worldwide Ransomware  Roundup for 2025. 

In 2025, there were a recorded 7,419 ransomware attacks across the globe. This is 32% increase from the year before. Across the 1,173 confirmed attacks, nearly 59.2 million records were breached (and counting!). 

In the study, the researchers dove deep into every tracked confirmed and unconfirmed attack of the year, finding out which sectors were hit the most, which countries were most targeted, as well as which ransomware gangs were the most prolific. 

Rebecca Moody, Comparitech’s Head of Data Research, had this to say: 

“If 2025’s figures have shown us anything, it’s that ransomware attacks remain a dominant threat for companies of all sizes and across all industries. As we enter 2026, hackers will likely continue to exploit vulnerabilities, target key infrastructure, public services, and manufacturers, and seek to steal large quantities of data in the process.

2025’s findings also highlight that hackers see third-party service providers as the perfect target because they not only give them potential access to hundreds of companies through one source but they also enable large-scale data breaches. From the crippling attack on Collins Aerospace, which disrupted travel at multiple airports across Europe, to the ripple effects of data breaches on the likes of Marquis Software Solutions and Oracle, 2025 should serve as a stark reminder that – no matter how secure an organization’s systems may be, they’re only as secure as the third parties they use to carry out various services.

So, while companies are going to want to make sure they’re on top of all the key basics (carrying out regular backups, patching vulnerabilities as soon as they’re flagged, providing employees with regular training, and making sure systems are up to date), it’s also critical that they’re vetting the third parties they use.”

For full details, the research can be read here: https://www.comparitech.com/news/worldwide-ransomware-roundup-2025-end-of-year-report/

1 Comment »

Recast and System Center Dudes Showcase Free Tools for Intune from Microsoft MVPs

Posted in Commentary with tags on January 13, 2026 by itnerd

Recast, a leader in modern application and endpoint management, and System Center Dudes (SCD), a globally recognized consulting firm specializing in Microsoft Enterprise Mobility, today announced a joint initiative to discuss innovative, free tools for Microsoft Intune developed by Microsoft Most Valuable Professionals (MVPs) worldwide. This collaboration empowers organizations to unlock the full potential of Intune and simplify the complexities of daily systems management with input from top MVPs.

Empowering IT Teams Through Community Innovation

Since joining forces in October, Recast and SCD have focused on helping customers design, deploy, and optimize Microsoft endpoint environments by integrating SCD’s MVP-driven consulting with Recast’s robust systems management tools. Their combined expertise aims to make endpoint management more efficient, secure, and effective for enterprises of all sizes.

Webinar Series: Community Tools for Intune from MVPs Around the Globe

To further support the IT community, Recast and SCD will host a four-part webinar series, “Community Tools for Intune from MVPs Around the Globe.” Each session will feature a different MVP sharing insights and demonstrating the free tools they’ve developed for Microsoft Intune administrators. Topics include:

  • Using agents to proactively identify and resolve errors
  • Managing multi-tenant, multi-customer environments
  • Comparing Intune policies across tenants or between tenants and baselines
  • Backing up, restoring, and minimizing configuration drift

Session details:

  • January 22 at 10 a.m. CT – Sandy Zeng, MVP, Security, Windows and Devices, will do a deep dive into her IntuneDiff tool.
  • January 29 at 10 a.m. CT – Jannik Reinhard, MVP, Security, Azure AI Foundry, will announce the release of his new agent for Intune.
  • February 5 at 10 a.m. CT – Andrew Taylor, MVP, Security, will discuss four of the most popular free tools he has created for the Intune community.
  • February 12 at 10 a.m. CT – David Segura, MVP, Microsoft Azure, will share some of his favorite tools designed to improve user experiences with Intune.

Those interested can register for these events on Recast’s website.

Leave a comment »

Foxit and Ingram Micro Expand Partnership into Canada

Posted in Commentary with tags on January 13, 2026 by itnerd

Foxit and Ingram Micro today announced the expansion of its already successful U.S. partnership to include the Canadian market. The move gives Canadian resellers and their end clients access to the most modern, secure, and productivity-boosting document management solutions available today.

With Foxit now on the Ingram Micro Canada line card, resellers can offer end customers a complete suite of enterprise-grade solutions — including Foxit PDF Editor and eSign — packed with features that today’s organizations demand: intuitive design, lightning-fast performance, airtight compliance and security controls, and AI-driven intelligence and automation that turbo-powers everything from editing to redaction.

From legal and financial services to healthcare, government, and education, Canadian resellers can now meet the rising demand for modern document workflows with a solution that’s fast, secure, and constantly raising the bar. With Foxit, organizations gain tools that not only match the capabilities of legacy products — they exceed them, without the complexity or heavy cost burden.

Key benefits for Ingram Micro’s Canadian reseller network include:

  • New revenue opportunities from a high-demand, high-growth product category
  • AI-enhanced productivity tools that make life easier for content creators, legal teams, HR departments, and more
  • Enterprise-grade security and compliance features tailored for industries where data privacy, protection, and auditability are non-negotiable
  • An R&D-driven roadmap that constantly evolves to meet changing customer needs
  • A partner-focused approach that includes onboarding support, sales enablement, and co-marketing initiatives 

Foxit’s expansion into Canada with Ingram Micro reflects a shared vision to drive digital transformation at scale. As remote work, data protection, and operational efficiency continue to shape buying decisions, the timing couldn’t be better for resellers to add Foxit to their portfolios.

To learn more about Foxit’s solutions through Ingram Micro Canada, please visit https://usa.ingrammicro.com/cep/app/product/productsearch?keywords=foxit&displaytitle=foxit&sortBy=relevance.

Leave a comment »

Deepgram Raises $130M Series C at $1.3B Valuation to Power the Voice AI Economy

Posted in Commentary with tags on January 13, 2026 by itnerd

Deepgram today announced it has raised $130 million in Series C funding at a $1.3 billion valuation. The round was led by AVP, an independent global investment platform dedicated to high-growth technology companies across Europe and North America. 

All major existing investors joined the round, including Alkeon, In-Q-Tel, Madrona, Tiger, Wing, Y Combinator, and funds and accounts managed by BlackRock. Several new investors, including Alumni Ventures and Princeville Capital, invested in the round, in addition to industry leaders such as Twilio, ServiceNow Ventures, SAP, and Citi Ventures. University of Michigan and Columbia University also invested, joining other existing academic investors such as Stanford University.

With this investment, Deepgram is ideally positioned to deliver the real-time frontier Voice AI models and platform required to reliably power billions of live conversations with the naturalness, latency, and accuracy of human voice. AVP was selected as lead investor for its deep expertise scaling category-defining companies globally and its ability to support Deepgram’s international expansion, including Europe and other key markets.

Powered by Deepgram

Today, more than 1,300 organizations build Voice AI functionality powered by Deepgram APIs. Deepgram APIs are a foundational infrastructure layer of a global set of offerings delivering real-time, accurate, and reliable speech understanding, speech generation, analytics, orchestration, and fully autonomous voice agents.

Deepgram’s industry-leading offerings include:

  • Aura-2, the world’s most professional, cost-effective, and enterprise-grade text-to-speech model
  • Nova-3, the world’s most accurate, real-time and reliable speech-to-text model
  • Flux, the world’s first Conversational Speech Recognition model built specifically to solve the biggest problem in voice agents – interruptions
  • Voice Agent API, the world’s only enterprise-ready, real-time, and cost-effective conversational AI API
  • Saga, the Voice OS

All Deepgram models can be customized to domain-specific terminology and acoustic environments and deployed as cloud APIs or through self-hosted and on-premises options. A full SDK library is available to simplify development and accelerate production timelines.

See the Powered by Deepgram page to learn more about how the most innovative AI organizations in the world build Voice AI functionality powered by Deepgram. 

Deepgram Acquires OfOne to Expand Real-Time Voice Automation into Restaurants

Deepgram also announced today the acquisition of OfOne, an AI-native voice platform created for restaurants and the quick-service drive-thru market. OfOne has consistently delivered more than 95% containment, with high employee satisfaction scores and strong operational impact for national QSR brands.

The OfOne team has joined Deepgram, and its technology now anchors Deepgram for Restaurants, an offering built to help restaurants improve customer experience, increase order accuracy, and support overstretched staff with real-time AI assistance. Additional functionality and expanded integrations will be delivered in the coming months.

Expansion of Patent Portfolio

New funding will also accelerate Deepgram’s expansion of its intellectual property, building on a patent portfolio filed continuously since 2016, with several key U.S. patents granted in 2025. US 12,380,880 for End-to-End Automatic Speech Recognition With Transformer establishes a novel method for integrating and training ASR and transformer models as a single system, leading to improvements in accuracy and speed. This is complemented by US 12,334,075 for Hardware-Efficient Automatic Speech Recognition, which utilizes intelligent batching and parallel processing to ensure optimal hardware use, directly reducing latency and cost for customers handling massive volumes of voice data. Most recently, US 12,499,875 for Deep Learning Internal State Index-Based Search and Classification protects techniques for leveraging internal neural representations to enable faster audio search and more accurate classification at scale. These newly granted patents solidify Deepgram’s leadership in core deep learning architecture, representation learning, and deployment efficiency.

New Voice AI Collaboration Hub in San Francisco

Deepgram is opening a new Voice AI Collaboration Hub in San Francisco to bring the voice AI community together in person. Designed for meaningful collaboration with customers, partners, and builders, the space will host hands-on working sessions, live demonstrations, executive briefings, community meetups, and developer hackathons – creating a shared environment where ideas turn into products and the future of Voice AI is built together.

Leave a comment »

New Magecart Network Disrupts Online Shoppers: Campaign Targets AmEx, Mastercard, Capital One Subsidiary

Posted in Commentary with tags on January 13, 2026 by itnerd

Silent Push has uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer campaign, known under the umbrella name: “Magecart.” 

This campaign utilizes scripts targeting at least six major payment network providers: American Express, Diners Club, Discover (a subsidiary of Capital One), JCB Co., Ltd., Mastercard, and UnionPay. 

The most likely victims of this web-skimming campaign are online shoppers and enterprise organizations that are clients of the various payment providers. 

Current findings suggest this campaign has been active for several years, dating back to the beginning of 2022. 

You can read the details here: https://www.silentpush.com/blog/magecart

Leave a comment »