January 28th – This Week’s Top Cybersecurity and Dark Web Stories

AI-Created VoidLink Malware Found

Check Point Research has unveiled VoidLink, an advanced, cloud-first malware framework for Linux systems created almost entirely by artificial intelligence (AI). This marks the first discovery of wholly original, sophisticated malware developed by AI.

Unlike previous, less-complex AI-generated code, VoidLink exhibits high functionality and a dynamic operating model. Check Point warns that AI is now a “force multiplier,” enabling single threat actors like the suspected Chinese actor linked to VoidLink to build and iterate complex systems at a speed previously reserved for high-resource teams.

The malware, designed for long-term persistence and automated evasion, was only traced back to its AI origins due to developer operational security (OPSEC) failures. Researchers found evidence that an AI assistant, TRAE SOLO, planned the entire architecture and execution in under a week.

The discovery signals that the “long-awaited era of sophisticated AI-generated malware has likely begun,” prompting an urgent call for defenders to adopt AI-enhanced security solutions.

Tudou Guarantee Cease Operations

In a victory for international law enforcement, Tudou Guarantee, a Telegram-based black-market service, appears to be ceasing operations. The platform had established itself as a dominant and trusted intermediary in Southeast Asia’s rapidly growing scam economy, processing an estimated $12 billion in illicit transactions before its apparent shuttering.

The closure is directly linked to the dramatic downfall of the Prince Group, a conglomerate that operated across the region. This collapse culminated with the January 6, 2026 arrest of its chairman, Chen Zhi, in Cambodia. Prince Group had been under intense international pressure, facing sweeping sanctions since October 2025, which ultimately crippled its ability to support and finance Tudou Guarantee’s vast operations.

While the loss of Tudou Guarantee is an undeniable, significant blow to the region’s cybercriminal infrastructure, investigators anticipate a swift market reaction. A rapid fragmentation of criminal activity is already underway, with displaced merchants expected to quickly migrate their operations to dozens of smaller, decentralized guarantee marketplaces. However, agencies like the US DOJ’s Scam Center Strike Force remain focused on the larger transnational networks. They plan to leverage the blockchain’s permanent record to effectively trace and track where these illicit activities are re-establishing and migrating next.

NCSC Warns UK Organizations of Persistent Russian Hacktivist Threat

The UK’s National Cyber Security Centre (NCSC), a part of GCHQ, has issued a high-priority alert on January 19, 2026, cautioning UK organizations about the persistent targeting by Russian state-aligned hacktivist groups. The groups’ primary goal is network disruption, which poses a significant threat to national cyber resilience.

The NCSC specifically called out local government authorities and operators of critical national infrastructure to immediately review and bolster their cyber defenses. The focus is on preparing for and rapidly responding to denial of service (DoS) attacks. While DoS attacks are often technically simple, their impact is anything but: a successful attack can completely disrupt core systems, leading to substantial costs, operational downtime, and a major drain on an organization’s resources for analysis, defense, and recovery.

The NCSC alert clarifies that the motivation behind these ongoing attacks is ideological, driven by the groups’ perception of Western support for Ukraine. Importantly, these hacktivist groups are noted to operate outside the direct control of the Russian state, though they align with its geopolitical interests. This aligns with a December 2025 advisory the NCSC co-sealed with international partners, which highlighted pro-Russian hacktivists targeting government and private sector entities across NATO states and other European countries opposed to Russia’s ambitions.

Jonathon Ellison, NCSC Director of National Resilience, stressed the importance of immediate action. “We continue to see Russian-aligned hacktivist groups targeting UK organisations and although denial-of-service attacks may be technically simple, their impact can be significant,” he stated.

“By overwhelming important websites and online systems, these attacks can prevent people from accessing the essential services they depend on every day.”

The NCSC strongly urges all organizations, particularly those identified in the alert, to act now by reviewing and implementing the Centre’s freely available guidance to protect against DoS and other sophisticated cyber threats.