Weekly Tech Digest | 22 Jan 2026

Weekly Tech Digest – 22-01-2026

Recent discussions in the tech community have been dominated by security vulnerabilities, exploitation techniques, and the ongoing evolution of AI technologies. From breaches affecting major platforms to innovative solutions in cloud security, this week’s highlights provide a comprehensive overview of current trends and concerns.

Vulnerabilities and Breaches

This topic covers recent security breaches and vulnerabilities found in various software and services, highlighting the implications of these issues.

• Third-party identity verification provider breach exposes government ID images (Total Wireless / Veriff)

  Regulatory disclosure filed with the Maine Attorney General describing a third-party identity verification system breach.

• oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

  submitted by /u/farrantt

• CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center

  Found a new Azure vulnerability – CVE-2026-2096, a high-severity flaw in the Azure SSO implementation of Windows Admin Center.

Exploitation Techniques

This topic focuses on various exploitation techniques, including how attackers can leverage vulnerabilities to gain unauthorized access or control.

• When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches

  From misconfigured cloud environments to wormable crypto-miners; how vulnerable “test” and “demo” environments turned into an entry point.

• Break LLM Workflows with Claude’s Refusal Magic String

  submitted by /u/RedTermSession

• Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure

  submitted by /u/va_start

Phishing and Fraud

This topic examines recent phishing schemes and fraudulent activities, particularly those involving financial transactions and user account takeovers.

• Fake PNB MetLife payment pages abusing UPI & Telegram bots

  I analyzed a set of phishing pages impersonating PNB MetLife Insurance that steal user details and redirect victims into fraudulent UPI payments.

• Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK

  submitted by /u/smaury

Cloud Security Issues

This topic discusses vulnerabilities and incidents related to cloud services, focusing on misconfigurations and their consequences.

• Cloudflare Zero-day: Accessing Any Host Globally

  submitted by /u/albinowax

• When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management

  submitted by /u/operator_dll

AI and Automation Security

This topic explores security concerns related to AI systems and automation, particularly in the context of exploitation and vulnerabilities in AI workflows.

• Demonstration: prompt-injection failures in a simulated help-desk LLM

  I built this as a small demonstration to explore prompt-injection and instruction-override failure modes in help-desk-style LLM deployments.

• Successful Errors: New Code Injection and SSTI Techniques

  Clear and obvious name of the exploitation technique can create a false sense of familiarity.

Key Topics from Recent Tech Discussions

Recent posts highlight significant security issues affecting various platforms and systems, including malware incidents and vulnerabilities in widely-used software.

• Zendesk ticket systems hijacked in massive global spam wave

  submitted by /u/ControlCAD

• Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026

  submitted by /u/ControlCAD

• ACF plugin bug gives hackers admin on 50,000 WordPress sites

  submitted by /u/ControlCAD

These topics encapsulate the key discussions happening in the tech community over the past week, reflecting ongoing concerns about security, innovation, and industry changes. Feel free to share your thoughts in the comments below.