This week in tech and cybersecurity, high-risk users get extra protection, a hidden cybercrime hub is taken down, software flaws are patched, an antivirus update causes problems, and a popular platform goes offline. A major payment service is also returning to Nigeria.
Let's look at the details.
WhatsApp’s Hidden Security Upgrade for People Facing Online Threats
Meta is rolling out a new WhatsApp security feature called Strict Account Settings. It is built for high-risk individuals like journalists, activists, and public figures, who need extra protection against advanced spyware.
WhatsApp already uses end-to-end encryption for everyone, but this setting adds another layer of security. Once turned on, it automatically tightens several safety controls. Two-step verification is enabled, files from unknown senders are blocked, and calls from unfamiliar numbers are silenced. It also limits what others can see by hiding profile photos and online status, and disables link previews to reduce the risk of data leaks.
WhatsApp stated that while most users will not need this level of protection, it is taking the security measure seriously. It is also rewriting parts of its code using the Rust programming language, which makes it harder for spyware to exploit the app. This follows years of reports involving high-profile accounts being hacked with specialised tools.
With this update, WhatsApp is taking a similar approach to Apple’s Lockdown Mode, which was introduced to help people protect themselves from targeted digital surveillance.
FBI Takes Down RAMP Forum Used by Ransomware Groups
The FBI has seized RAMP, a well-known cybercrime forum linked to ransomware gangs and other hacking services. Both its Tor site and public website now show a seizure notice confirming the action was carried out with support from the U.S. Department of Justice.
RAMP was one of the few remaining forums where ransomware activities thrived. It was a hub for cybercriminals to advertise malware, recruit partners, and trade access to hacked networks.
Following the seizure, the forum’s domain was moved to FBI-controlled servers, which suggests law enforcement may now have access to user data like messages, emails, and other records.
Shortly after the seizure, a person claiming to be a former RAMP operator confirmed the shutdown on another hacking forum. While the FBI has not released an official statement, the seizure appears to be final.
Fortinet Patches a Critical Flaw
Fortinet is deploying critical updates to patch a critical flaw in its FortiOS software. The flaw, tracked as CVE-2026-24858, lets attackers bypass login screens and take control of affected devices. The weakness is already being used in real attacks, so, security experts are urging users to act quickly.
At the centre of the problem is Fortinet’s single sign-on feature. Someone with a FortiCloud account can access devices across organisations, as long as single sign-on was enabled. Because of this, attackers have been able to create hidden admin accounts, alter VPN settings, and copy sensitive system files.
To slow down the attacks, Fortinet temporarily disabled the single sign-on feature. Now, users must install the latest updates before they can use it again.
If you rely on Fortinet products, updating your firmware should be the first step. After that, review device settings, look for unexpected changes, and reset passwords. Meanwhile, government agencies have been given strict deadlines to apply the fixes.
eScan Antivirus Update Spreads Malware
An Indian-based IT company, MicroWorld Technologies (the company behind eScan antivirus) is facing scrutiny after its update system was used to spread malware. On January 29, 2026, security researchers revealed that a file called Reload.exe had been delivered to users through eScan’s official update channel.
Once installed, the malware edited the HOSTS file to block access to security updates and created scheduled tasks to keep itself running. This meant affected users were left exposed, as their antivirus software could no longer update or properly protect the system. Reports suggest that both home users and businesses in parts of South Asia were impacted.
MicroWorld later confirmed that its infrastructure had been accessed without authorisation as early as January 20. In response, the company shut down the affected update servers and released a cleanup tool to undo the damage.
However, tension has grown between MicroWorld and the research community. While researchers describe the incident as a supply-chain attack, MicroWorld disputes that label and has hinted at legal action over the wording.
Users are being advised to run the manual cleanup tool, as automatic fixes may still be blocked.
Microsoft Moves Closer to Ending NTLM Authentication
Microsoft has announced that it will soon disable NTLM authentication by default, marking a major change in how Windows systems handle sign-ins. NTLM has been part of Windows for over three decades but is vulnerable to credential and brute-force attacks.
Although Microsoft officially moved on to Kerberos-based authentication years ago, NTLM has lingered on in many organisations because older systems still depend on it. That is now changing. In upcoming releases of Windows 11 (version 24H2) and Windows Server 2025, NTLM will be turned off by default.
To avoid breaking older setups overnight, Microsoft is rolling out new auditing tools that help IT teams see exactly where NTLM is still being used. The company is also introducing alternatives for local account sign-ins, which previously relied on NTLM. These changes are meant to give organisations time to adjust, not catch them off guard.
Admins will still be able to re-enable NTLM if necessary, but Microsoft has made it clear: the window for relying on outdated authentication methods is closing, and preparation should start now.
NationStates Goes Offline After Security Breach
NationStates, an online political simulation game, has taken its servers offline after confirming a serious security breach on January 27, 2026.
The game’s creator, Max Barry, said the incident began when a player uncovered a Remote Code Execution (RCE) flaw in the ‘Dispatch Search’ feature, which was added late last year. Although the player had previously reported bugs responsibly and even earned a “Bug Hunter” badge, this time they crossed a line.
Instead of reporting the issue, the player took advantage of the vulnerability and breached the NationStates’ main server, accessing information such as email addresses, MD5-hashed passwords, login IP addresses, and browser details. While NationStates does not store real names, payment details, or financial data, private in-game messages may also have been accessed.
The individual later apologised and claimed the data was deleted. However, the NationStates team says there is no reliable way to confirm this, so the entire system is being treated as compromised. As a result, the servers are being rebuilt from the ground up, and password protection is being upgraded. The site is expected to be offline, or only partially available, for several days while security work continues.
PayPal and Paga Partnership Opens New Door for Nigerians
A new partnership between PayPal and Nigerian fintech company Paga is changing how Nigerians receive money from abroad. As of January 27, 2026, users can now link their PayPal accounts directly to their Paga wallets, making it possible to receive international payments and convert them into naira.
For years, PayPal users in Nigeria could make online payments but struggled to receive funds. With this integration, PayPal balances can now be moved into Paga, spent locally, used to pay bills, or transferred to Nigerian bank accounts. This addresses a long-standing limitation freelancers and small businesses have experienced in the past.
The impact is expected to be strongest in the gig and remote-work space. Nigerian professionals can now accept payments from clients worldwide without relying on informal workarounds or expensive intermediaries. With PayPal’s global reach and Paga’s local infrastructure, the process becomes straightforward.
To use the service, users must verify their identity within the Paga app, helping ensure compliance with financial regulations.
_____________________________________________________
For a broader view of emerging risks and trends, download our 2026, download our 2026 Cyber Threat Outlook to stay ahead of the latest risks.
You can also join our newsletter to get security updates delivered straight to your inbox.