Breaking cybersecurity news, vulnerability disclosures, and industry updates.
Huntress discovered a Chinese-linked exploit toolkit (MAESTRO) targeting VMware ESXi that was built in February 2024—a year before VMware disclosed CVE-2025-22224. Over 30,000 instances remain exposed.
CloudSEK analysis reveals MuddyWater's upgraded toolkit targeting diplomatic, maritime, financial, and telecom entities across the Middle East with Rust-based malware featuring advanced evasion techniques.
Investigation reveals service providers fueling Southeast Asian scam compounds where trafficking victims are forced to conduct investment fraud. Losses exceed $53 billion since 2023, with $17 billion projected for 2025 alone.
A breach at obscure data broker National Public Data exposed 2.9 billion records containing Social Security numbers for an estimated 170 million Americans, highlighting the unregulated data broker industry and its security failures.
CVE-2026-21858 'Ni8mare' (CVSS 10.0) enables unauthenticated attackers to read files, bypass authentication, and execute commands on n8n servers through a Content-Type confusion flaw.
CVE-2026-0625 enables unauthenticated remote code execution on legacy D-Link DSL, DIR, and DNS devices via command injection. Attacks observed since November 2025; no patch available for end-of-life devices.
A threat actor using the alias '888' exfiltrated 200GB+ from ESA systems including Bitbucket repositories, API tokens, and contractor data from SpaceX, Airbus, and Thales. Criminal probe initiated.
Crypto hardware wallet maker Ledger disclosed that customer names, addresses, and order data were exposed after hackers breached e-commerce partner Global-e. No wallet keys or recovery phrases were compromised.
A BlackSuit ransomware attack on CDK Global, the dominant dealer management system provider, shut down operations at 15,000 auto dealerships for nearly two weeks in June 2024, causing over $1 billion in losses and exposing critical supply chain risks.
A record merge error during a system enhancement exposed member PHI through Blue Shield's member portal. The October 2025 incident was disclosed in January 2026 under HIPAA requirements.
TridentLocker claims to have stolen 3.4GB from Sedgwick Government Solutions, which provides claims services to DHS, ICE, CBP, DOL, and CISA. The attack targeted an isolated file transfer system.
Extortion group Crimson Collective claims to have stolen data on over 1 million Brightspeed customers, including PII, billing details, and payment information. A class-action lawsuit has been filed.