* New South Wales Criminalises AI-Generated Deepfakes and Non-Consensual Intimate Content

* DJI Romo Robot Vacuums Exposed Thousands of Devices Through Critical Security Flaws

* Developer Faces $82,000 Bill After Stolen Google Gemini API Key Enables Massive Unauthorised Usage

* ClawJacked Vulnerability Allows Malicious Websites to Hijack Local OpenClaw AI Agents via WebSocket

* Hacktivist Groups Launch 149 DDoS Attacks Against 110 Organisations Following Middle East Military Operations

* Iranian Threat Actors Launch Hundreds of Attacks Against IP Surveillance Cameras Across Middle East

* Critical Vulnerabilities in Anthropic’s Claude Code Enable Remote Code Execution and Credential Theft

* Google Disrupts Chinese Espionage Campaign Using Sheets for Command and Control

* Malicious Code Repositories Target Next.js Developers Through Fake Job Interview Projects

* AI Excels at Finding Software Bugs But Struggles With Meaningful Remediation

* Australian Businesses Making Regular Ransomware Payments Despite Government Warnings

* Viral AI Caricature Trend Poses Major Security Risks, Experts Warn

* North Korean Hackers Target Developers with Malware-Laced Coding Challenges

* Open Source Registries Face Critical Funding Shortfall as Security Threats Mount

* Microsoft Copilot Bug Bypasses Security Controls to Summarise Confidential Emails

* PromptSpy Android Malware Leverages Gemini AI to Achieve Device Persistence

* Apple Patches Critical Zero-Day Vulnerability Exploited in Targeted Attacks

* Australian Government Agencies Falling Short on Cyber Incident Reporting, Undermining National Security

* Service NSW Launches Pilot for New Digital Identity Verification System

* Fake 7-Zip Site Distributes Trojanised Installer Creating Residential Proxy Network

* Microsoft Patches Remote Code Execution Flaw in Windows 11 Notepad

* Apple Introducing Privacy Feature to Reduce Carrier Location Tracking on Select Devices

* Malicious Campaign Exploits OpenClaw AI Assistant to Distribute Password-Stealing Malware

* Iron Mountain Downplays Data Breach Claimed by Everest Extortion Gang

* Chinese State Hackers Hijacked Notepad++ Update Feature for Six Months

* Australian Real Estate Platforms Expose Millions of Lease Documents Through Insecure Links

* Nearly 800,000 Telnet Servers Exposed Globally as Critical Authentication Bypass Vulnerability Faces Active Exploitation

* JavaScript Package Managers Vulnerable to Supply Chain Attacks Despite npm’s Shai-Hulud Security Measures

* WhatsApp Launches Strict Account Settings to Shield High-Risk Users From Advanced Spyware Attacks

* Extortion Group WorldLeaks Claims 1.4 Terabyte Data Theft From Nike in Manufacturing-Focused Breach

* ShinyHunters Targets Approximately 100 Organisations in Okta Single Sign-On Credential Theft Campaign

Hey Everyone, for today’s Cyber Bites we’ll be covering stories about companies being compromised by their own security training tools, GitLab patching a two-factor authentication bypass, researchers saying that AI-powered browsers might be undoing years of web security progress, Zendesk support systems being turned into spam engines worldwide and a look at the popular passwords still being used in 2025.

* Fortune 500 Companies Compromised Through Vulnerable Security Testing Applications

* GitLab Releases Emergency Patches for Two-Factor Authentication Bypass and Denial-of-Service Vulnerabilities

* AI-Powered Browsers Reverse Decades of Web Security Advances, Researchers Warn

* Attackers Weaponise Zendesk Support Systems in Massive Global Spam Campaign

* Predictable Password Patterns Persist as Billions Continue Using Easily Cracked Credentials

Hey everyone, and welcome back to Cyber Bites! After a short three-week break, we’re kicking off 2026 with a fresh batch of cyber news. I hope you had a good break and your new year’s off to a safe and secure start.

* FBI Warns of North Korean Hackers Using Malicious QR Codes in Spear-Phishing Attacks

* WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

* Notorious BreachForums Hacking Site Hit by Data Breach, Over 324,000 Accounts Exposed

* Instagram Denies Data Breach Amid Claims of 17 Million Account Data Leak

* Thousands of New Zealanders Impacted by Manage My Health Data Breach