Breaking cybersecurity news, vulnerability disclosures, and industry updates.
Scattered Spider and ShinyHunters breached Allianz Life's Salesforce CRM through OAuth app social engineering, exposing SSNs and personal data. The attack is part of a larger campaign targeting Google, Qantas, and LVMH.
Russia's Sandworm deployed DynoWiper malware against ~30 Polish energy facilities on December 29-30, 2025—the first major cyberattack targeting distributed energy resources. Some equipment was damaged beyond repair.
Palo Alto Networks finalizes its $25 billion acquisition of CyberArk Software with 99.8% shareholder approval, integrating privileged access management into Cortex and Strata platforms to address human, machine, and AI agent identities.
Coordinated action with UK, German authorities, and Europol takes down subscription service that operated 2,600 VMs sending over 1 million phishing emails daily. Microsoft's 35th civil action against cybercrime.
CVE-2026-23550 in Modular DS plugin scores maximum CVSS 10.0, enabling unauthenticated privilege escalation. Attacks began January 13 targeting 40,000+ installations.
AZ Monica hospital in Antwerp shut down all servers at 6:32 AM after detecting ransomware, canceling 70+ operations and transferring 7 critical patients. Belgium pledged €10M for hospital cybersecurity.
Monthly security update addresses 114 CVEs including CVE-2026-20805, a Windows Desktop Window Manager flaw under active exploitation enabling ASLR bypass. Eight critical RCE and privilege escalation flaws patched.
January 2026 Security Patch Day addresses 19 vulnerabilities including CVE-2026-0501, a critical SQL injection in S/4HANA's General Ledger that enables full system compromise through arbitrary SQL execution.
Joint CISA/NSA/FBI advisory reveals Chinese state-sponsored group Volt Typhoon has expanded persistent access into US water, energy, and transportation infrastructure, maintaining dormant footholds for 12-18 months undetected.
A former ShinyHunters member leaked the BreachForums user database with 324,000 accounts, including usernames, emails, password hashes, and 70,000 IP addresses. Law enforcement interest is likely.
APT28 targets energy, defense, and policy organizations in Turkey, the Balkans, and Central Asia with phishing campaigns using legitimate PDFs from real think tanks and free hosting infrastructure.
Exposed API tokens in Disputifier's frontend allowed attackers to process unauthorized refunds and exfiltrate data from Shopify merchants. The app was delisted after the company allegedly refused bug bounty negotiations.