13 Mar 2026
By Mary

InfoSec News Nuggets 03/13/2026

Medtech Giant Stryker Offline After Iran-Linked Wiper Malware Attack Fortune 500 medical technology company Stryker — manufacturer of surgical and neurotechnology equipment with over 53,000 employees and $22.6 billion in 2024 global sales — has been forced into a global operational shutdown after the pro-Iranian hacktivist group Handala claimed to have wiped more than 200,000 systems, servers, and mobile devices across the company's 79-country office footprint, simultaneously exfiltrating 50 terabytes of critical data before triggering…
Read More
12 Mar 2026
By Mary

InfoSec News Nuggets 03/12/2026

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours Google's Cloud Threat Horizons Report for H1 2026 details how a threat actor tracked as UNC6426 weaponized credentials stolen during the August 2025 "s1ngularity" supply chain compromise of the popular Nx build system npm package to completely devastate a victim's cloud environment — escalating from a single stolen GitHub Personal Access Token to full AWS administrator privileges in under 72 hours,…
Read More
11 Mar 2026
By Mary

InfoSec News Nuggets 03/11/2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets Researchers at Socket have uncovered five malicious Rust packages published to crates.io — chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync — that masquerade as legitimate time-synchronization utilities while silently harvesting developer credentials from .env files and exfiltrating them to attacker-controlled infrastructure hosted under the lookalike domain "timeapis[.]io." All five crates are assessed to be the work of a single threat actor based…
Read More
10 Mar 2026
By Mary

InfoSec News Nuggets 03/10/2026

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military ESET researchers have published a deep-dive on Russia's APT28 (Fancy Bear/Sednit), revealing that the GRU-linked group has been conducting sustained espionage against Ukrainian military personnel since April 2024 using two custom implants: BEARDSHELL, a C++-based backdoor that downloads and executes PowerShell scripts via cloud storage APIs, and a heavily modified fork of the open-source COVENANT post-exploitation framework that has been continuously adapted to abuse…
Read More
09 Mar 2026
By Mary

InfoSec News Nuggets 03/09/2026

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure Palo Alto Networks Unit 42 has published a detailed investigation into a previously undocumented Chinese threat actor cluster — designated CL-UNK-1068 — that has been quietly compromising high-value organizations across South, Southeast, and East Asia since at least 2020 with little to no detection. Targeted sectors span aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications, with the group deploying a cross-platform toolkit…
Read More
06 Mar 2026
By Mary

InfoSec News Nuggets 03/06/2026

Phobos Ransomware Leader Facing 20 Years in Prison After Pleading Guilty to Hacking Charges Evgenii Ptitsyn, the 43-year-old Russian national identified as the key developer and administrator behind the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud charges on Wednesday and is now facing up to 20 years in prison, with sentencing scheduled for July 15. Ptitsyn — who operated under the aliases "derxan" and "zimmermanx" — was arrested in South Korea and extradited to…
Read More
05 Mar 2026
By Mary

InfoSec News Nuggets 03/05/2026

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and Israeli operation that killed Supreme Leader Ayatollah Ali Khamenei. Amazon confirmed the physical strikes, with two of the UAE's three…
Read More
04 Mar 2026
By Mary

InfoSec News Nuggets 03/04/2026

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and Israeli operation that killed Supreme Leader Ayatollah Ali Khamenei. Amazon confirmed the physical strikes, with two of the UAE's three…
Read More
03 Mar 2026
By Mary

InfoSec News Nuggets 03/03/2026

CISA Replaces Acting Director After a Bumbling Year on the Job The Trump administration has ousted Madhu Gottumukkala as acting director of the Cybersecurity and Infrastructure Security Agency, replacing him with Nick Andersen, the agency's former top cybersecurity official, after a turbulent tenure marked by reports of Gottumukkala uploading sensitive government documents to a public version of ChatGPT, failing a counterintelligence polygraph, and presiding over the departure of at least one-third of the agency's workforce…
Read More
02 Mar 2026
By Mary

InfoSec News Nuggets 03/02/2026

South Korea's National Tax Service Accidentally Exposes Crypto Wallet Seed Phrase, $4.8M Stolen Twice South Korea's National Tax Service inadvertently published an unredacted photo of a seized Ledger hardware wallet's mnemonic recovery phrase in a press release touting a successful tax enforcement action against 124 high-value delinquents. Within hours, an attacker funded the wallet with ETH to cover gas fees and drained 4 million PRTG tokens valued at approximately $4.8 million in three transactions. In…
Read More
27 Feb 2026
By Mary

InfoSec News Nuggets 02/27/2026

Cisco SD-WAN Zero-Day CVE-2026-20127 Has Been Actively Exploited Since 2023 — CISA Patch Deadline Is Today Cisco disclosed a maximum-severity (CVSS 10.0) authentication bypass flaw in its Catalyst SD-WAN Controller and Manager products, tracked as CVE-2026-20127, confirming the vulnerability has been actively exploited in the wild since at least 2023 — a three-year blind spot that allowed threat actors tracked as UAT-8616 to compromise controllers, insert rogue peers into targeted networks, and chain the exploit…
Read More
26 Feb 2026
By Mary

InfoSec News Nuggets 02/26/2026

L3Harris Exec Sentenced to 7 Years for Selling Eight Zero-Days to Russian Broker Operation Zero  Peter Williams, 39, the former general manager of Trenchant — a specialized L3Harris division that develops zero-day exploits exclusively for the U.S. government and Five Eyes allies — was sentenced Tuesday to 87 months in federal prison for stealing and selling eight exploit components to Russian broker Operation Zero between 2022 and 2025. Williams used his privileged access to copy…
Read More
24 Feb 2026
By Mary

InfoSec News Nuggets 02/24/2026

AI-Augmented Threat Actor Compromises 600+ FortiGate Devices Across 55 Countries  Amazon Threat Intelligence published findings detailing a Russian-speaking, financially motivated threat actor that used commercial generative AI tools to compromise more than 600 FortiGate devices spread across 55 countries between January 11 and February 18, 2026. Notably, the attackers exploited no FortiGate vulnerabilities — the entire campaign succeeded by targeting exposed management ports and accounts protected only by weak single-factor credentials, with AI services handling…
Read More
23 Feb 2026
By Mary

InfoSec News Nuggets 02/23/2026

Ransomware Attack Forces Mississippi's Largest Health System to Shut Down Statewide Clinics The University of Mississippi Medical Center (UMMC), the state's only academic medical center, was hit by a ransomware attack in the early hours of February 19th that knocked out its entire IT network — including the Epic electronic health records platform, phone systems, and booking infrastructure. In response, UMMC shut down all 35 of its clinics statewide, canceled elective procedures and surgeries, and…
Read More
20 Feb 2026
By Mary

InfoSec News Nuggets 02/20/2026

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs Researchers disclosed multiple serious vulnerabilities in four widely used Microsoft Visual Studio Code extensions that collectively have over 125 million installs. The flaws could let attackers exfiltrate local files and run arbitrary code on developer machines. Users are urged to audit installed extensions and apply patches or remove risky ones until fixes are available.   Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails…
Read More
19 Feb 2026
By Mary

InfoSec News Nuggets 02/19/2026

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day Google’s threat intel team says a suspected PRC-nexus cluster (UNC6201) has been exploiting a Dell RecoverPoint for Virtual Machines zero-day (CVE-2026-22769, CVSS 10.0) since at least mid-2024. The writeup ties exploitation to lateral movement, persistence, and multiple malware families, including BRICKSTORM and a newly tracked backdoor. If you run RecoverPoint for VMs, treat this as “assume compromise” risk and prioritize patching, scoping,…
Read More
18 Feb 2026
By Mary

InfoSec News Nuggets 02/18/2026

Stable Channel Update for Desktop Google shipped an emergency Chrome stable update to 145.0.7632.75/76 (Windows and Mac) and 144.0.7559.75 (Linux). The release fixes CVE-2026-2441, a high-severity use-after-free bug in CSS. Google also states an exploit exists in the wild, so this is a restart-and-verify-your-fleet item, not a wait-for-the-next-window patch.   City of Marietta hit by nationwide ransomware attack A ransomware incident at third-party payment processor BridgePay is disrupting online credit card payments for the City…
Read More
17 Feb 2026
By Mary

Reducing the number of super admins in Google Workspaces

Apple fixes dangerous zero-day flaw affecting macOS, iOS and more, update now to avoid 'extremely sophisticated attack' Apple pushed updates across iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to fix a critical dyld memory corruption bug (CVE-2026-20700) that can enable arbitrary code execution. Apple says it may have been used in an “extremely sophisticated” targeted attack. The issue was reported by Google’s Threat Analysis Group, which often tracks state-linked activity. If you have Apple devices…
Read More
16 Feb 2026
By Mary

InfoSec News Nuggets 02/16/2026

Google patches first Chrome zero-day exploited in attacks this year Google released emergency updates for Chrome to fix CVE-2026-2441, which it says is being exploited in the wild. The issue is a use-after-free linked to iterator invalidation in Chrome’s handling of CSS font feature values. Google did not share exploit details, which usually means defenders should assume active scanning and targeted use are both possible. Action: force-update Chrome across managed endpoints and verify version compliance…
Read More
13 Feb 2026
By Mary

InfoSec News Nuggets 02/13/2026

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities CISA flagged multiple vulnerabilities as actively exploited, spanning SolarWinds Web Help Desk, Notepad++ update integrity issues, and Microsoft Configuration Manager. The practical takeaway is that these are not theoretical bugs, defenders should treat them as “patch and hunt” items. If you run any of the affected products, validate patch status, review logs around the timeframes noted by vendors, and look for signs of webshells, suspicious service creation,…
Read More
12 Feb 2026
By Mary

InfoSec News Nuggets 02/12/2026

Google says hackers are abusing Gemini AI for all attacks stages Google reports multiple state backed groups are using Gemini to support end to end operations, including recon, payload development, and post compromise tasks. The practical risk is faster iteration on lures, tooling, and procedures, even when the model is not directly producing malware. The main defensive takeaway is to treat AI assisted social engineering as higher volume and higher quality, and tighten controls around…
Read More
11 Feb 2026
By Mary

InfoSec News Nuggets 02/11/2026

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits Researchers have disclosed a new Linux botnet dubbed SSHStalker that leverages the old Internet Relay Chat (IRC) protocol for command‑and‑control, breathing fresh life into legacy communications channels for modern mass compromise. Initial reporting suggests the botnet scans SSH endpoints to find vulnerable systems and then installs its C2 payload, blending decades‑old techniques with current automation to stealthily spread. Some estimates say nearly…
Read More
10 Feb 2026
By Mary

InfoSec News Nuggets 02/10/2026

Winter Olympics hit by suspected 'Russian origin' cyberattack - as one of Europe's largest universities also reports major cybersecurity incident Italy said it blocked a wave of cyberattacks described as “of Russian origin” targeting systems tied to the Milano Cortina 2026 Winter Olympics, including hotels in Cortina d’Ampezzo. The pro Russian group NoName057(16) claimed the activity and framed it as retaliation for Italy’s support of Ukraine. The same reporting also notes a separate suspected ransomware…
Read More
09 Feb 2026
By Mary

InfoSec News Nuggets 02/09/2026

Please Don’t Feed the Scattered Lapsus ShinyHunters This piece profiles an extortion crew (“SLSH”) that pairs data theft with direct, personal harassment of executives and their families, including threats and swatting. The reporting highlights that the group’s behavior is less predictable than traditional ransomware operations, which increases risk if a victim engages. A key takeaway is that even limited back-and-forth can escalate pressure tactics quickly, so crisis comms and executive protection planning matter alongside technical…
Read More
06 Feb 2026
By Mary

InfoSec News Nuggets 02/06/2026

Data breach at govtech giant Conduent balloons, affecting millions more Americans A previously disclosed ransomware incident involving Conduent is now believed to impact far more people than initially reported, potentially reaching into the tens of millions. Reporting cites revised impact figures including at least 15.4M affected in Texas and 10.5M in Oregon, plus additional notifications across multiple states. The exposed data reportedly includes names, Social Security numbers, medical data, and health insurance information. The company…
Read More
05 Feb 2026
By Mary

InfoSec News Nuggets 02/05/2026

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs Kaspersky details multiple distinct infection chains observed in the Notepad++ update compromise, including rotating C2 infrastructure, changing delivery tooling, and targeting a small set of victims rather than broad distribution. The write-up highlights how legitimate updater execution was abused to run attacker-controlled installers and stage follow-on payload delivery. It also includes hunting ideas (process artifacts, unusual domains, and command execution patterns) to help defenders spot related…
Read More
04 Feb 2026
By Mary

InfoSec News Nuggets 02/04/2026

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Rapid7-linked research says the Notepad++ update mechanism was hijacked in targeted fashion and attributed to the China-linked group Lotus Blossom. The reporting emphasizes that the compromise was in update delivery infrastructure rather than a code flaw, which is a reminder that “trusted” software can be turned against you upstream. The practical takeaway is to verify you are on a fixed Notepad++ version, review any published IoCs…
Read More
03 Feb 2026
By Mary

InfoSec News Nuggets 02/03/2026

APT28 Leverages CVE-2026-21509 in Operation Neusploit A ThreatLabz writeup on a campaign attributed to APT28 using weaponized RTF files to exploit CVE-2026-21509 and drop multiple payloads. Notes include targeting in Ukraine, Slovakia, and Romania, plus timelines around Microsoft’s out-of-band fix and observed exploitation.   Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340) Exploitation details and practical remediation notes for Ivanti EPMM, including the impact of the two CVEs and…
Read More
02 Feb 2026
By Mary

InfoSec News Nuggets 02/02/2026

Here’s how we disrupted a massive, malicious proxy network Google says it disrupted IPIDEA, a large malicious residential proxy network used by criminals to route traffic and hide activity. It also notes added protections in Android via Play Protect and shared research with partners to prevent reconstitution.   Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340) Ivanti disclosed two critical code injection issues in EPMM, with vendor-indicated exploitation prior…
Read More
30 Jan 2026
By Mary

InfoSec News Nuggets – 01-30-2026

Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks Google announced on Wednesday that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. The company took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website is no longer accessible. Google's Threat Intelligence Group observed over…
Read More
29 Jan 2026
By Mary

InfoSec News Nuggets – 01-29-2026

Fortinet Patches Actively Exploited FortiCloud SSO Zero-Day (CVE-2026-24858) Fortinet has begun releasing security updates to address CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to bypass FortiCloud single sign-on (SSO) authentication and gain administrative access to FortiGate firewalls. The flaw, rated CVSS 9.4, was actively exploited in the wild by two malicious FortiCloud accounts before being blocked on January 22, 2026. Attackers created unauthorized admin accounts and modified VPN configurations on fully patched devices, indicating…
Read More
28 Jan 2026
By Mary

InfoSec News Nuggets – 01-28-2026

Critical vm2 Node.js Sandbox Escape Vulnerability Allows Remote Code Execution A critical sandbox escape vulnerability (CVE-2026-22709) has been disclosed in vm2, the popular Node.js library used to run untrusted JavaScript code in sandboxed environments. The flaw carries a CVSS score of 9.8 and allows attackers to bypass Promise callback sanitization and execute arbitrary code outside sandbox boundaries. The vulnerability exists because async functions return globalPromise objects where the .then() and .catch() callbacks are not properly…
Read More
27 Jan 2026
By Mary

InfoSec News Nuggets – January 27, 2026

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. The flaw stems from reliance on untrusted inputs in a security decision in Microsoft Office, allowing unauthorized attackers to bypass OLE mitigations locally. Successful exploitation requires user interaction – an attacker must send a user…
Read More
26 Jan 2026
By Mary

InfoSec News Nuggets – 01-26-2026

Sandworm Hackers Linked to Failed DynoWiper Attack on Poland's Power Grid Russian state-sponsored hacking group Sandworm has been attributed to what Polish officials called the "largest cyber attack" targeting Poland's energy infrastructure in years. The attacks occurred on December 29-30, 2025, targeting two combined heat and power plants and a system managing electricity from wind turbines and solar farms. ESET researchers analyzed the novel malware, which they named DynoWiper, and attributed the campaign to Sandworm…
Read More
23 Jan 2026
By Mary

InfoSec News Nuggets 01/23/2026

Pwn2Own Automotive 2026 Day Two Adds $439,250 and 29 Zero-Days Day Two of Pwn2Own Automotive 2026 in Tokyo delivered another wave of vulnerability discoveries, with researchers earning $439,250 for demonstrating 29 unique zero-day vulnerabilities. This brings the event totals to $955,750 awarded and 66 zero-days discovered across two days. Fuzzware.io currently leads the Master of Pwn standings after successful exploits against the Phoenix Contact CHARX SEC-3150, ChargePoint Home Flex, and Grizzl-E Smart chargers. Other highlights…
Read More
22 Jan 2026
By Mary

InfoSec News Nuggets 01/22/2026

Pwn2Own Automotive 2026 Day Two Adds $439,250 and 29 Zero-Days Day Two of Pwn2Own Automotive 2026 in Tokyo delivered another wave of vulnerability discoveries, with researchers earning $439,250 for demonstrating 29 unique zero-day vulnerabilities. This brings the event totals to $955,750 awarded and 66 zero-days discovered across two days. Fuzzware.io currently leads the Master of Pwn standings after successful exploits against the Phoenix Contact CHARX SEC-3150, ChargePoint Home Flex, and Grizzl-E Smart chargers. Other highlights…
Read More
21 Jan 2026
By Mary

InfoSec News Nuggets – 01-21-2026

Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026 Security researchers earned $516,500 after exploiting 37 zero-day vulnerabilities on the first day of the Pwn2Own Automotive 2026 competition in Tokyo. Synacktiv Team took home $35,000 after successfully chaining an information leak and an out-of-bounds write flaw to gain root permissions on the Tesla Infotainment System in the USB-based attack category. Teams also successfully hacked EV chargers from Alpitronic, ChargePoint, Phoenix Contact, and Autel, along with…
Read More
20 Jan 2026
By Mary

InfoSec News Nuggets – 01/20/2026

Canada's Investment Regulator Confirms Data Breach Affecting 750,000 Investors The Canadian Investment Regulatory Organization (CIRO) has confirmed that a sophisticated phishing attack it suffered in August 2025 impacted approximately 750,000 Canadian investors. After more than 9,000 hours of forensic investigation, CIRO disclosed that the compromised data includes dates of birth, phone numbers, annual income, social insurance numbers, government-issued ID numbers, investment account numbers, and account statements. CEO Andrew Kriegler said the complexity of the cyberattack…
Read More
19 Jan 2026
By Mary

InfoSec News Nuggets – 01/19/2026

Black Basta Ransomware Leader Added to INTERPOL Red Notice Ukrainian and German law enforcement have identified suspects linked to the notorious Black Basta ransomware group following coordinated raids in western Ukraine. Germany's Federal Criminal Police Office named 35-year-old Russian national Oleg Evgenievich Nefedov as the alleged leader, adding him to both the European Union's Most Wanted list and INTERPOL's Red Notice. Two Ukrainian nationals were also identified as "hash crackers" who specialized in extracting passwords…
Read More
16 Jan 2026
By Mary

InfoSec News Nuggets – 01/16/2026

Critical WordPress Plugin Flaw Under Active Exploitation A maximum-severity vulnerability in the WordPress plugin Modular DS is being actively exploited in the wild, according to security firm Patchstack. The flaw, tracked as CVE-2026-23550, carries a CVSS score of 10.0 and allows unauthenticated attackers to escalate privileges and gain administrator access due to a flawed routing mechanism. The plugin, which has more than 40,000 active installs, exposes API routes under the "/api/modular-connector/" prefix that can be…
Read More
15 Jan 2026
By Mary

InfoSec News Nuggets 01/15/2026

Microsoft disrupts massive RedVDS cybercrime virtual desktop service Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS's marketplace and customer portal offline as part of a broader international operation with Europol and German authorities. For as little…
Read More
14 Jan 2026
By Mary

InfoSec News Nuggets 01/14/2026

Cyber-stricken Belgian hospitals refuse ambulances, transfer critical patients A major cyberattack on Belgian healthcare facilities has entered its second day, forcing hospitals to turn away ambulances and transfer critical patients to other facilities. The attack has caused significant disruption to healthcare provision across affected regions, with IT systems remaining offline as teams work to restore services and assess the scope of the breach. Sean Plankey re-nominated to lead CISA President Donald Trump has re-nominated Sean…
Read More
13 Jan 2026
By Mary

InfoSec News Nuggets 01/13/2026

SAP Security Patch Day Delivers 17 Fixes Including Four Critical HotNews Vulnerabilities SAP released its January 2026 Security Patch Day package containing 17 security notes, with four rated as critical HotNews vulnerabilities requiring immediate attention. The most severe issue is CVE-2026-0501, a SQL injection flaw in S/4HANA Financials with a CVSS score of 9.9 that allows authenticated attackers with low privileges to execute arbitrary SQL queries and completely compromise financial data systems. Additional critical vulnerabilities…
Read More
12 Jan 2026
By Mary

InfoSec News Nuggets 01/12/2026

FBI Warns North Korean Kimsuky APT Targets U.S. Organizations with QR Code Phishing Campaign The Federal Bureau of Investigation issued a flash alert warning that North Korean state-sponsored threat group Kimsuky is using malicious QR codes embedded in spear-phishing emails to target U.S. think tanks, academic institutions, and government entities focused on North Korea policy and research. The "quishing" technique forces victims to scan QR codes with mobile devices, bypassing traditional email security controls and…
Read More
09 Jan 2026
By Mary

InfoSec News Nuggets 01/09/2026

Chinese-Speaking Threat Actors Exploited VMware ESXi Zero-Days Over a Year Before Disclosure Huntress security researchers uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit dubbed MAESTRO that was built over a year before VMware's public disclosure in March 2025. The toolkit exploits three critical vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) to achieve virtual machine escape and supports 155 ESXi builds spanning versions 5.1 through 8.0, with PDB paths revealing simplified Chinese strings and a development…
Read More
08 Jan 2026
By Mary

InfoSec News Nuggets 01/08/2026

Critical n8n Vulnerability (CVSS 10.0) Enables Unauthenticated Attackers to Take Full Control Security researchers disclosed CVE-2026-21858, a maximum-severity flaw in the n8n workflow automation platform nicknamed "Ni8mare" that allows unauthenticated remote attackers to gain complete control over vulnerable instances. The vulnerability stems from a Content-Type confusion issue in n8n's webhook and file handling mechanism, enabling attackers to extract sensitive secrets, forge administrator access, and execute arbitrary commands on the server without requiring any credentials. The…
Read More
06 Jan 2026
By Mary

InfoSec News Nuggets 01/06/2026

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers Cybersecurity researchers disclosed a persistent nine-month campaign targeting Internet of Things devices and web applications to enroll them into the RondoDox botnet, which has recently weaponized the critical React2Shell vulnerability (CVE-2025-55182, CVSS 10.0). The campaign evolved through three phases starting in March 2025, progressing from reconnaissance to daily mass vulnerability probing of WordPress, Drupal, and IoT devices, and ultimately to hourly automated…
Read More
05 Jan 2026
By Mary

InfoSec News Nuggets 01/05/2026

Sedgwick Discloses Data Breach After TridentLocker Ransomware Attack Global claims management provider Sedgwick confirmed a cybersecurity incident affecting its federal contractor subsidiary, Sedgwick Government Solutions, after TridentLocker ransomware group claimed to have stolen 3.4GB of data on New Year's Eve. The company, which handles claims and risk management for U.S. federal agencies including DHS, ICE, CBP, USCIS, DOL, and CISA, immediately activated incident response protocols with external cybersecurity experts. TridentLocker is a ransomware-as-a-service operation that…
Read More
02 Jan 2026
By Mary

InfoSec News Nuggets 01/02/2025

European Space Agency Confirms Cyber Breach After Hacker Claims System Access The European Space Agency acknowledged a security incident involving servers outside its corporate network after a threat actor known as '888' claimed on BreachForums to have accessed ESA systems for approximately one week. The affected servers supported unclassified collaborative engineering activities within the scientific community, and ESA says only a very small number of external systems were compromised. The agency is conducting forensic investigations…
Read More
31 Dec 2025
By Mary

InfoSec News Nuggets 12/31/2025

Two US cyber experts plead guilty to cooperating with notorious ransomware gang Two U.S. cybersecurity professionals have admitted guilt in federal court for conspiring with the ALPHV/BlackCat ransomware group to extort companies, using their expertise to assist in encryption and ransom demands. This high‑profile plea highlights insider misuse of security skills and carries potential prison sentences up to 20 years.   80 Hospitals May Have Been Affected by the Oracle Health Data Breach CISA has…
Read More