A new year brings new cybersecurity headlines, and this latest News Recap by SWK Technologies covers a significant assortment of major and developing stories. January 2026 saw breaches attacks with serious fallout for companies and their customers, vulnerabilities in major systems that included Microsoft’s Copilot LLM (large language model) product and several million Bluetooth-connected devices, takedowns of major cybercrime marketplaces and more:
Ransomware Attack Exposed Manufacturer’s Proprietary iPhone Data
On January 8, the ransomware group RansomHouse announced responsibility for a cyber attack targeting Luxshare Precision Industry Co. Ltd., a Chinese electronics manufacturer that provides assembly services for Apple iPhones and iPads. The attack, estimated to have occurred December 15, 2025, employed double extortion tactics that involved both stealing data to exfiltrate it and encrypting the local copies to charge multiple ransoms. Also tracked as “Jolly Scorpius,” this ransomware gang has been active since 2023 and has targeted businesses primarily in the healthcare, manufacturing and infrastructure sectors, with over 120 victims listed publicly on their data leak site since December 2021. The files stolen in this particular attack reportedly included 3D CAD product models, circuit board layouts, internal engineering PDFs and manufacturing drawings spanning from 2019 to 2025.
Betterment Customers Targeted by Crypto Scam After Breach
Customers of the investment platform, Betterment, received fraudulent messages promoting a cryptocurrency offer, after an attacker was able to gain access to “certain systems” according to a statement by the company. The hackers supposedly compromised a third-party marketing platform, gaining access to customer data including names, email addresses, physical addresses, phone numbers and dates of birth. Though an undisclosed number of customers were affected, no account access or login credentials were compromised. However, two of Betterment’s clients affected by the breach have already filed separate lawsuits against the company. On January 13, 2026, Betterment also experienced a separate DDoS attack that caused intermittent outages from the morning to the afternoon Eastern Time, though this did not affect account security according to the company.
Microsoft Patches Copilot After Researchers Prove “Reprompt” Attack
Cybersecurity researcher Varonis Threat Labs discovered a critical vulnerability in the Microsoft Copilot Personal application that enabled silent data exfiltration through a method they dubbed “Reprompt,” potentially allowing hackers to exploit prompting functionality via phishing link. Once victims clicked on the initial malicious URL, the attacker could then work past the basic security in this version of Copilot to provide follow-up instructions to the AI that would open access to file summaries, locational data, conversation history, account data and more. The Enterprise version of Microsoft 365 Copilot was not affected due to additional security controls, however. Microsoft ostensibly fixed the bug in the January 2026 Patch Tuesday round of updates after Varonis reported it earlier in August 2025, although no evidence suggests the vulnerability was exploited in the wild as of this writing.
Cybercrime Forum BreachForums Breached
On January 9, a database containing 323,988 member records from the notorious cybercriminal forum, BreachForums, was leaked online alongside a lengthy message by a self-proclaimed hacker “mentor” calling themselves simply “James.” The data leak includes usernames, passwords, email addresses, IP addresses and registration dates, while James also listed the real names of several individuals ostensibly responsible for managing BreachForums as well as the infamous Shiny Hunters hacker collective. On January 10, a PGP private key file used by these administrators to sign official messages was also leaked. The forum has been repeatedly shut down and relaunched, with its founder Conor Fitzpatrick arrested in 2023 and sentenced to 20 years supervised release.
Vulnerability in Google Fast Pair Puts Bluetooth Devices at Risk
Researchers at KU Leuven University in Belgium discovered a critical vulnerability affecting hundreds of millions of Bluetooth audio accessories using Google’s Fast Pair protocol. Nicknamed “WhisperPair,” the flaw affects major brands including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google’s own products, as well as both Android and iOS smartphones. The vulnerability stems from accessories failing to enforce a critical check, preventing them from verifying whether they are in the correct mode before responding to pairing requests and potentially allowing an attacker closer than 50 feet from the device to connect their own systems. The vulnerability was reported in August 2025 to Google, who classified it as critical and awarded the researchers a bug bounty. The only current fix is applying firmware updates from the manufacturer for each device, as disabling Fast Pair on Android phones does not prevent the attack.
Microsoft Claims Takedown of RedVDS Cybercrime Marketplace
On January 14, 2026, Microsoft announced the disruption of RedVDS, a cybercrime-as-a-service platform that been linked to $40 million in reported fraud losses in the U.S. alone since March 2025. The servers hosted common phishing tools including SuperMailer, UltraMailer, BlueMail, SquadMailer, Email Sorter Pro, Sky Email Extractor, VPNs, AnyDesk and even ChatGPT tools, as well as cyber attack services that included business email compromise (BEC), mass phishing, credential theft, account takeover and payment diversion fraud. Microsoft identified that all RedVDS virtual machines were created from a single cloned Windows Server 2022 image, sharing the same computer name, which provided a distinctive technical fingerprint for detection. The company then coordinated with law enforcement in the U.S., UK and Germany as well as the Europol agency to seize RedVDS infrastructure and domains that hosted its marketplace and customer portal.
Prepare Your Cyber Defense for 2026 with SWK Technologies
The cybersecurity stories above show threats evolving in both sophistication and scale, from ransomware groups upgrading their encryption capabilities to cybercrime marketplaces operating at industrial levels. The good news that there are ways to protect your valuable systems and data, with the right tools and expertise – get in touch with the expert team at SWK Technologies today to learn more.
Contact SWK here to discover how we can help secure your business against 2026’s top cybersecurity challenges, and beyond.