VoidLink malware was likely AI-generated.

Summary

By the CyberWire staff

VoidLink malware was likely AI-generated.

Researchers at Check Point say the newly observed Linux malware "VoidLink" was likely written almost entirely by AI, probably under the direction of a single person. Check Point states, "From a methodology perspective, the actor used the model beyond coding, adopting an approach called Spec Driven Development (SDD), first tasking it to generate a structured, multi-team development plan with sprint schedules, specifications, and deliverables. That documentation was then repurposed as the execution blueprint, which the model likely followed to implement, iterate, and test the malware end-to-end."

Threat actors using AI to assist in malware development isn't new, but Check Point says VoidLink stands out due to its sophistication. The researchers note, "Until now, solid evidence of AI-generated malware has primarily been linked to inexperienced threat actors, as in the case of FunkSec, or to malware that largely mirrored the functionality of existing open-source malware tools. VoidLink is the first evidence-based case that shows how dangerous AI can become in the hands of more capable malware developers."

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

GitLab fixes high-severity 2FA bypass flaw.

GitLab has patched a high-severity 2FA bypass flaw (CVE-2026-0723) impacting community and enterprise editions of its platform, BleepingComputer reports. The company says the vulnerability "could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses."

GitLab also fixed two high-severity denial-of-service vulnerabilities (CVE-2025-13927 and CVE-2025-13928) that could be exploited by unauthenticated users.

Minnesota notifies over 300,000 people of data breach.

Minnesota's Department of Human Services is notifying nearly 304,000 people of a data breach affecting the state's MnChoices eligibility system, BankInfoSecurity reports. The breach occurred from late August to mid-September 2025. The incident involved a user affiliated with a licensed healthcare provider who "had legitimate reason to access limited information in MnCHOICES," but "accessed more data than was reasonably necessary to perform work assignments."

The exposed data potentially included personal and contact information, Medicaid IDs, last four digits of Social Security numbers, ethnicities, races, birth records, physical traits, education, income, benefits, Medicaid information, financial eligibility, and program eligibility.

Notes.

Today's issue includes events affecting Germany, Israel, and the United States.

Attacks, Threats, and Vulnerabilities

ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover (Zafran Security) Zafran Labs discovers ChainLeak vulnerabilities in Chainlit AI framework enabling arbitrary file read and SSRF attacks. CVE-2026-22218 and CVE-2026-22219 expose cloud credentials, user data, and enable lateral movement in enterprise AI systems.

Legislation, Policy, and Regulation

Trump administration concedes DOGE team may have misused Social Security data (Politico) Some DOGE personnel had more access to data than previously acknowledged, according to a court filing.

Germany and Israel Pledge Cybersecurity Alliance (BankInfoSecurity) Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it's looking to key ally Israel for

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

HIP Europe 26 (Frankfurt, Germany, Feb 10, 2026) Get ready to elevate your identity security skills at HIP Europe — your gateway to becoming a Hybrid Identity Protection (HIP) Hero. With the departure of original Active Directory experts and the rise of identity as the primary attack surface, the need for identity threat detection and response (ITDR) talent has never been greater. This event is the perfect opportunity to enhance your (or your team's) ITDR strategy and strengthen your organization's operational resilience.

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

AI SOC Summit (Tysons, Virginia, USA, Mar 3, 2026) For Security Teams who use AI and defend AI deployments: There is a lot of AI hype for Sec Ops. Come hang out as early adopters of AI dive into the good, the bad and the ugly . No vendor pitches, no AI theory. If you are trying out AI products for Sec Ops or building them in house, this is the place for you.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.21.26

Top stories.

VoidLink malware was likely AI-generated.

GitLab fixes high-severity 2FA bypass flaw.

Minnesota notifies over 300,000 people of data breach.

Notes.

Attacks, Threats, and Vulnerabilities

Legislation, Policy, and Regulation

Events