This week's news features an investigation at Grok as well as breaches at McDonald’s, Nissan and other companies. Moreover, the hacker who leaked the US Supreme Court's data has pleaded guilty. 

In addition, Ghana has recently dismantled a cybercrime ring in Accra, and Cameroon is strengthening its national cyber defenses.

Let's explore these incidents and other stories in detail.

Elon Musk’s xAI Faces Investigation Over “Spicy Mode”

California Attorney General Rob Bonta has opened an investigation into Grok, the company’s AI model, over a feature known as “spicy mode.” The feature was rolled out to give the AI fewer restrictions.

Authorities say that freedom may have gone too far. Reports claim users have used Grok to generate non-consensual and sexually explicit deepfakes involving women and children. The investigation focused on whether xAI broke state laws by releasing a tool that makes unlawful content easy to produce.

Elon Musk has denied knowing about any illegal images created by the model. Just as the investigation began, the U.S. Senate passed the DEFIANCE Act unanimously. The law gives victims of deepfakes the right to sue the people who create or spread them. It signals a shift in how AI misuse is treated legally.

McDonald’s India Hit by an 861 GB Data Breach

If you have eaten at McDonald’s in India recently, your information could be at risk. A ransomware group called Everest claims it breached McDonald’s Indian operations and stole a massive 861 GB of data.

To back up the claim, the group released screenshots showing far more than basic customer details. According to them, the stolen data includes:

• Financial reports and audit records
• Internal emails and pricing strategies
• A contact database with investor and partner details from the US, UK, and Singapore
• Personal phone numbers of store managers across multiple locations

Everest reportedly gave McDonald’s two days to respond before publicly releasing the stolen data. The company has not commented so far, but the scale of the breach alone makes this one of the most serious retail data leaks this year.

Nissan Targeted by the Same Ransomware Group

Everest has not limited itself to fast food. The group has also listed Nissan Motor Corporation on its leak site, claiming it stole close to 900 GB of company data.

The leaked folders reportedly include sales documents, marketing plans, and dealer order information. Most of the material appears tied to Nissan’s Canadian operations, with some records linked to the United States. Nissan has faced cyber incidents before, including one in late 2025.

What makes Everest dangerous is how it operates now. Rather than simply locking files and demanding payment, the group often sells access to corporate networks to other criminals. Nissan has not confirmed the breach, but Everest is threatening to publish the data soon if no ransom is paid.

LastPass Users Targeted in New Phishing Scam

LastPass users should be on high alert. Around January 19, 2026, a new phishing campaign started spreading through email inboxes.

The scam works by creating panic. Victims receive messages claiming LastPass is performing urgent system maintenance and that users must back up their vault within 24 hours. The link leads to a fake login page designed to steal master passwords.

LastPass has been clear that they will never ask for your master password. While the company is taking down fake websites, attackers keep switching email addresses to stay active. If you see messages mentioning urgent maintenance or a 24-hour deadline, it is almost certainly a scam. Users should never enter their master password via unsolicited links and should verify alerts through the official LastPass website.

GitLab Releases Emergency Patch for 2FA Flaw

GitLab, a core tool for developers worldwide, recently fixed a serious security issue that could let attackers bypass two-factor authentication.

The vulnerability, labeled CVE-2026-0723, allows attackers with previously compromised credentials to bypass 2FA.

GitLab rushed out emergency updates in versions 18.8.2, 18.7.2, and 18.6.4. Developers should apply the update promptly. Unpatched accounts could allow attackers to inject malicious code into widely used software.

Hacker Who Leaked Supreme Court Data on Instagram Pleads Guilty

A 24-year-old man has confessed to repeatedly breaching the US Supreme Court’s electronic filing system using stolen login credentials. Nicholas Moore, from Tennessee, accessed the restricted platform at least 25 times across two months in 2023, according to court filings.

What makes the case particularly disturbing is what followed. Rather than conceal the intrusion, Moore broadcast it. Using the Instagram account @ihackedthegovernment, he shared screenshots displaying victims’ names and confidential filing details. 

The Supreme Court was only one of several targets. Moore also breached systems connected to AmeriCorps and the Department of Veterans Affairs, exposing sensitive data ranging from Social Security numbers to a Marine Corps veteran’s private medical records.

Moore has pleaded guilty to a computer fraud offence. Although the charge carries a maximum sentence of one year, the incident highlights how easily stolen credentials can be weaponised against institutions assumed to be secure.

Canadian Investment Watchdog Confirms Breach Affecting 750,000

The Canadian Investment Regulatory Organization (CIRO) has confirmed a cyber incident that exposed personal data linked to approximately 750,000 individuals. The breach originated from a targeted phishing attack in August 2025 and affected information connected to CIRO member firms and their employees.

The compromised data includes:

• Dates of birth and Social Insurance numbers
• Annual income information and government-issued identification numbers
• Investment account numbers and financial records

CIRO reports that passwords and PINs were not accessed. Even so, the volume and sensitivity of the exposed financial information present clear risks. Impacted individuals are being offered two years of credit monitoring, and CIRO maintains that there is currently no evidence that the data has been circulated on underground forums.

Ingram Micro Ransomware Attack Hits Over 42,000 People

Ingram Micro is still addressing the consequences of a ransomware attack that affected the personal data of more than 42,521 individuals. The July 2025 incident forced parts of the company’s infrastructure offline, disrupting operations worldwide for nearly a week.

Investigators believe that the Safepay ransomware group carried out the attack. Employee and job applicant records were exfiltrated, including Social Security numbers, passport information, and driver’s licence details. A large dataset later appeared on Safepay’s leak site, indicating that ransom negotiations had stalled or failed.

Verizon Begins Issuing $20 Credits Following Nationwide Outage

Verizon has started rolling out $20 account credits to customers affected by last week’s nationwide outage, notifying eligible users through text messages sent to primary account holders.

The message includes a brief apology and a link directing customers to redeem the credit through their Verizon account. According to the company, the $20 credit is intended to cover several days of service. Verizon is clear that the gesture is not meant to fully compensate for the disruption, but rather to acknowledge the inconvenience caused.

To apply for the credit, customers must log in to Verizon’s website, navigate to the Mobile section, and complete the redemption process using a prompt marked with a notification badge. Only one credit is being issued per account, regardless of how many lines are attached.

The outage occurred on January 14, when Verizon users across the United States began reporting widespread loss of cellular service around midday Eastern Time. 

For many, devices were pushed into SOS mode, cutting off normal calling and data access for hours. That evening, Verizon later confirmed that service had been restored and advised customers to restart their phones to reconnect.

The company previously attributed the disruption to a software-related issue and stated there was no evidence of a cyberattack.

While the credit rollout addresses customer frustration on some level, some users have raised concerns. They warn that text messages containing links could blur the line between legitimate notifications and phishing attempts, especially now that scam messages are rampant.

“Access Broker” Faces Sentencing for Selling Corporate Backdoors

Feras Khalil Ahmad Albashiti, a Jordanian national known online as “r1z,” has pleaded guilty to selling unauthorized access to at least 50 corporate networks. Albashiti operated as an initial access broker, obtaining credentials and selling entry points to criminal groups that specialize in ransomware attacks.

His arrest followed a controlled transaction in which he sold network access to an undercover law enforcement officer in exchange for cryptocurrency. After being extradited from Georgia in 2024, Albashiti now awaits sentencing in May and faces a possible prison term of up to 10 years.

Ghana Dismantles Cybercrime Ring in Accra

Authorities in Ghana have arrested nine Nigerian nationals suspected of running organised online fraud operations in Accra. The operation resulted in the seizure of dozens of laptops, mobile phones, and firearms.

Investigators also uncovered evidence of human trafficking. Forty-four individuals were found living under coercive conditions after being recruited from Nigeria with promises of legitimate work. Their identification documents were reportedly confiscated, and they were forced to participate in romance scams and business email compromise schemes. Ghana’s Cyber Security Authority is now coordinating with regional partners as extradition proceedings are explored.

Cameroon Strengthens Its National Cyber Defenses

Not all the news is bad. Cameroon has completed a major upgrade to its national cybersecurity systems.

With support from the World Bank, the National Agency for Information and Communication Technologies received over 735 million FCFA worth of new equipment. This includes servers, workstations, and tools used for penetration testing, which means finding vulnerabilities before criminals do.

The upgrade comes at the right time. Cybercrime cases in Cameroon rose by 30% in 2025. The new systems allow real-time monitoring of national networks, helping authorities shut down fake social media accounts and protect essential services like electricity and water.

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

That is all for today’s roundup.

If you found this helpful, you can download our December 2025 Threat Intelligence Report on Artificial Intelligence for more insights.

You can also join our newsletter to get security updates delivered straight to your inbox.