Issue #180 - January 5, 2026
- Weekly INK
- Jan 5
- 2 min read
Updated: Jan 8
CTO New Year’s Resolutions for a More Secure 2026
Source: Dark Reading
Experts lay out practical security goals for the new year, from operationalizing AI governance to hardening CI/CD and improving CISO–CTO alignment. For smaller teams, the list doubles as a roadmap: standardize secure-by-default build paths, tighten vendor access, and measure security like any other business KPI.
Texas court blocks Samsung from collecting smart TV viewing data
Source: BleepingComputer
A Texas judge temporarily barred Samsung from gathering audio and visual data from smart TVs in the state. If your product or workplace uses consumer devices, revisit default telemetry, consent language, and retention. Clear setting controls and documented opt-outs reduce risk when laws or lawsuits target data collection.
Orthopedic Practice Pays $500K Settlement to NYS in Hack
Source: Bank Info Security
A New York orthopedic practice agreed to a $500,000 settlement and stronger safeguards after a 2023 breach affecting 650,000 people. This underscores regulators’ focus on breach response and minimum controls. Audit access management, encryption, vendor contracts, and patient notification playbooks to avoid costly enforcement.
Hospitality Sector Hit By PHALT#BLYX ClickFix Malware Campaign
Source: Infosecurity Magazine
A social engineering campaign abuses “ClickFix” lures and Windows tools to drop multi-stage malware on hotels and related firms. For any business with public-facing booking or guest systems, strengthen email filtering, block risky script hosts, and monitor for unusual MSBuild or LOLBin activity.
Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats
Source: SecurityWeek
Investigators found popular extensions exfiltrating users’ chatbot conversations and browsing activity. Lock down enterprise browsers: enforce extension allow-lists, review permissions, and monitor data flows from the browser to unknown domains. Treat extensions like apps with access reviews, offboarding, and incident procedures.