January 2026

Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.

Grok’s apology is unlikely to be the end of the story after the AI tool was used to generate content that may constitute illegal child sexual abuse material.

In 2025, Malwarebytes was repeatedly tested against real-world threats. Here’s what those tests found.

A list of topics we covered in the week of January 5 to January 11 of 2026

This week on the Lock and Code podcast, we speak with Cory Doctorow about enshittification and its dangerous impact online and off.

After years of security failures and partner-spying marketing, pcTattletale’s founder has pleaded guilty in a rare US federal stalkerware case.

Linking your medical records to ChatGPT Health may give you personalized wellness answers, but it also comes with serious privacy implications.

Two actively exploited flaws—one brand new, one 16 years old—have been added to CISA’s KEV catalog, signaling urgent patching.

A smart toy doesn’t have to be a risky one. Lego’s Smart Bricks add sensors and sound without apps, accounts, or AI. We explain how it works.

We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.