TikTok lives to scroll another day.
At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis [nye-heis], Founder and CEO of Vigilant, sharing practical steps to protect money, identity, and devices. Curl pulls the plug on bug bounties after drowning in AI slop.
Today is Friday January 23rd 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
At long last, a TikTok deal.
TikTok announced it has reached a deal for its U.S. operations to be majority owned by non-Chinese investors, ending a six-year political and legal battle over national security concerns. Under the agreement, investors including Oracle, MGX, Silver Lake, and Michael Dell’s investment office will own more than 80 percent of a new U.S.-based TikTok entity, while ByteDance will retain just under 20 percent. Former TikTok executive Adam Presser will lead the new company.
The deal aims to address U.S. fears that China could exploit TikTok to surveil or influence American users, a concern that led Congress to pass a 2024 law threatening a ban if ByteDance did not divest. While the agreement allows TikTok to remain in the U.S. market, critics note that ByteDance will still license its algorithm to the new company, raising questions about whether security concerns are fully resolved. President Trump praised the deal, calling it a decisive conclusion to the long-running dispute.
Officials urge lawmakers to keep an eye on the quantum ball.
Federal officials warned lawmakers that the lapse of the National Quantum Initiative Act risks undermining U.S. leadership in quantum computing, despite the law’s success in strengthening coordination across government, academia and industry. Testifying before the House Science Committee, leaders from the Department of Energy, NIST, NASA and the National Science Foundation said the 2018 law created a unified national framework, aligned federal investments and accelerated progress from lab research toward early-stage quantum systems with scientific and security relevance. The act expired in 2023, creating uncertainty for funding and workforce pipelines. Lawmakers have introduced a bipartisan reauthorization bill that would authorize nearly $1.5 billion to expand research, commercialization and workforce development. Witnesses cautioned that without sustained investment and stable authorization, the U.S. could fall behind global competitors, particularly China, in the accelerating race to quantum capabilities.
Fortinet confirms active exploitation of a critical authentication bypass flaw.
Fortinet confirmed active exploitation of a critical FortiCloud SSO authentication bypass, CVE-2025-59718, after customers reported compromises of fully patched firewalls. Researchers at Arctic Wolf say automated attacks began January 15, with attackers rapidly creating admin and VPN accounts and exfiltrating configurations. Fortinet acknowledged the activity mirrors December exploitation and is working on a complete fix. Until then, Fortinet urges customers to restrict admin access, disable FortiCloud SSO, and treat affected systems as compromised. CISA has listed the flaw as actively exploited.
Ireland plans to authorize spyware for law enforcement.
Ireland plans to draft legislation that would explicitly authorize law enforcement to use spyware, according to Justice Minister Jim O’Callaghan. The proposal would create a legal basis for covert surveillance software and expanded lawful interception powers to combat serious crime and security threats. Use of spyware would require court authorization and include safeguards to ensure necessity and proportionality. The bill would also allow electronic scanning tools to collect mobile device identifiers for location tracking. Ireland’s Department of Justice will develop the framework with other state agencies.
Okta warns customers of sophisticated vishing kits.
Okta is warning customers about sophisticated phishing kits designed specifically for voice-based social engineering, or vishing, attacks that steal single sign-on credentials in real time. According to Okta and reporting by BleepingComputer, the kits are sold as a service and actively used by multiple threat groups. During phone calls impersonating IT staff, attackers guide victims through fake login pages that dynamically mirror real authentication and multi-factor prompts, allowing credentials and one-time passcodes to be intercepted and immediately abused. The attacks can bypass push-based MFA and have been used for large-scale data theft and extortion, with some activity linked to ShinyHunters. Okta urges customers to adopt phishing-resistant MFA such as FIDO2 keys or passkeys.
Under Armour investigates data breach claims.
Under Armour is investigating claims of a major data breach after hackers allegedly posted 72 million customer records online. The incident was flagged by Have I Been Pwned, which linked it to a November 2025 attack attributed to the Everest ransomware group. Exposed data reportedly includes emails, names, demographics, locations and purchase details, but not payment card data. Under Armour says it is investigating and disputes claims that sensitive systems or passwords were compromised.
CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list.
CISA is urging federal agencies to immediately patch a Zimbra Collaboration Suite flaw that is being actively exploited. The vulnerability, CVE-2025-68645, is a local file inclusion issue in Zimbra’s webmail interface that allows unauthenticated attackers to access arbitrary files by manipulating request routing. Exploitation could expose sensitive information and enable further compromise if combined with other weaknesses. Although Zimbra released patches in November 2025, CISA added the bug to its Known Exploited Vulnerabilities catalog this week. Researchers at CrowdSec report targeted, intelligence-driven attacks and rising exploitation. CISA also flagged three additional actively exploited vulnerabilities and reminded organizations to prioritize KEV-listed flaws.
Poor OpSec enables recovery of data stolen by the INC ransomware gang.
Researchers uncovered a major operational security lapse by the INC ransomware gang that allowed recovery of data stolen from a dozen U.S. organizations. The work was conducted by Cyber Centaurs, which shared full findings with BleepingComputer. While investigating a RainINC ransomware attack on a client, analysts discovered remnants of the backup tool Restic that exposed long-lived attacker infrastructure. Scripts with hardcoded credentials pointed to cloud repositories storing encrypted data from multiple victims. Controlled analysis confirmed data from 12 unrelated U.S. organizations across healthcare, manufacturing, technology, and services sectors. Researchers decrypted and preserved the data, contacted law enforcement, and released detection rules to help defenders spot Restic abuse tied to INC ransomware activity.
The DOJ deports a pair of Venezuelans convicted of ATM jackpotting.
The U.S. Justice Department announced the deportation of two Venezuelan nationals convicted of ATM jackpotting using malware. US Department of Justice said Luz Granados and Johan Gonzalez-Jimenez installed malware on ATMs to force machines to dispense cash. Granados received time served and restitution orders, while Gonzalez-Jimenez was sentenced to 18 months in prison before deportation. The cases follow broader prosecutions tied to Venezuelan crime groups using the Ploutus malware, which authorities say remains active.
Curl pulls the plug on bug bounties after drowning in AI slop.
The curl project is an open-source effort that builds and maintains curl, a command-line tool and software library used to transfer data over networks. The curl project has decided it has had quite enough of being told, repeatedly and creatively, that it might be vulnerable. Its maintainer, Daniel Stenberg, announced that curl will shut down its HackerOne bug bounty program at the end of January 2026 after being swamped by low-quality, often AI-generated vulnerability reports.
Since 2019, curl and its sibling library libcurl have offered cash rewards through HackerOne. Recently, however, the signal-to-noise ratio collapsed. Stenberg says the security team has been buried under reports that sound impressive, require hours to triage, and ultimately describe non-issues.
The fix is blunt: remove the bounty, remove the incentive, and restore sanity. Starting February 1, curl will accept reports directly via GitHub, offer no money, and reserve the right to publicly mock especially bad submissions. A blog post, presumably more polite, is promised.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.
