Alright team, it's been a bit quiet on the news front over the last 24 hours, but we've still got some interesting bits to chew on, including ongoing database extortion, a wild deepfake job application story, and a new privacy feature from Apple. Let's dive in:

Exposed MongoDB Instances Under Attack ⚠️
- A persistent threat actor is still hitting misconfigured MongoDB instances, wiping databases and demanding low ransoms (around £400-£500 in Bitcoin) for data restoration, though there's no guarantee of recovery.
- Research shows over 208,500 MongoDB servers are publicly exposed, with 3,100 lacking authentication, and nearly half of those already compromised.
- Admins must avoid public exposure, enforce strong authentication, use firewalls, update to the latest versions, and continuously monitor for unauthorised activity.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/exposed-mongodb-instances-still-targeted-in-data-extortion-attacks/

Deepfake Job Applicants: A New Social Engineering Frontier 🧠
- An AI security startup CEO recently faced a sophisticated deepfake candidate applying for a security researcher role, highlighting the growing use of AI in recruitment scams.
- Even experienced professionals can struggle with the "inner turmoil" of confronting a deepfake, underscoring the challenge of verifying identity in remote hiring.
- Companies should implement a mix of low-tech (trust your gut, mandate cameras on, ask for physical interaction) and high-tech solutions (deepfake detection tools) to combat this evolving threat, as the cost of hiring a malicious actor can be substantial.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/

Apple Enhances iPhone Location Privacy 🔒
- Apple is rolling out a new "Limit Precise Location" feature for some iPhone and iPad models (iOS 26.3+), allowing users to restrict cellular networks to only approximate location data.
- This feature, which doesn't affect emergency calls or app-shared location, appears to be a response to past FCC fines against major carriers for illegally sharing user location data.
- While currently limited to specific devices and carriers (e.g., Telekom DE, EE/BT UK, Boost Mobile US, AIS/True TH), it marks a significant step towards giving users more control over how carriers track their movements.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/apple/new-apple-privacy-feature-limits-location-tracking-on-iphones-ipads/

#CyberSecurity #ThreatIntelligence #MongoDB #DataExtortion #Deepfake #SocialEngineering #AI #RecruitmentScams #Apple #DataPrivacy #InfoSec #CyberAttack #Vulnerability #IncidentResponse

It's been a busy 24 hours in the cyber world with significant updates on actively exploited zero-days, nation-state attacks on critical infrastructure, sophisticated vishing campaigns, and the evolving threat landscape of AI. Let's dive in:

Ivanti EPMM Zero-Days Under Active Exploitation ⚠️

- Ivanti has patched two critical zero-day vulnerabilities (CVE-2026-1281, CVE-2026-1340) in its Endpoint Manager Mobile (EPMM) product, both rated CVSS 9.8 for unauthenticated remote code execution (RCE).
- These flaws are actively being exploited in a limited number of customer environments, allowing threat actors to gain administrative access, move laterally, and potentially access sensitive data like phone numbers and GPS locations.
- While specific IOCs are scarce, defenders should scrutinise Apache access logs for unusual GET requests with bash commands in In-House Application Distribution and Android File Transfer Configuration features, and look for unexpected web shells or WAR/JAR files. If compromised, a full restore from backup or migration to a new EPMM instance is recommended.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/30/ivanti_epmm_zero_days/

Coordinated Cyber Attacks on Polish Critical Infrastructure 🚨

- CERT Polska has detailed coordinated destructive cyber attacks on over 30 wind and solar farms, a manufacturing company, and a combined heat and power (CHP) plant in Poland on December 29, 2025.
- The attacks, attributed to Russia's FSB-linked Static Tundra (aka Berserk Bear, Ghost Blizzard), involved reconnaissance, firmware damage, file deletion, and deployment of custom wiper malware like DynoWiper and LazyWiper.
- Initial access was gained via vulnerable Fortinet perimeter devices and statically defined accounts lacking two-factor authentication, with attackers also exfiltrating data related to OT network modernisation and SCADA systems from M365 services.

📰 The Hacker News | https://thehackernews.com/2026/01/poland-attributes-december-cyber.html

ShinyHunters-Style Vishing Bypasses MFA for SaaS Data Theft 🔒

- Mandiant has observed an expansion of financially motivated ShinyHunters-style (UNC6240) activity, tracked as UNC6661 and UNC6671, using advanced vishing and fake credential harvesting sites.
- These groups impersonate IT staff to trick employees into providing SSO credentials and MFA codes, then register their own devices for MFA to access cloud SaaS platforms, exfiltrate sensitive data, and extort victims.
- Organisations should enhance help desk verification processes, enforce strong passwords, remove SMS/phone/email as MFA options, restrict management access, and implement robust logging and detection for MFA lifecycle changes and SaaS export behaviours, moving towards phishing-resistant MFA like FIDO2.

📰 The Hacker News | https://thehackernews.com/2026/01/mandiant-finds-shinyhunters-using.html

Iran-Linked RedKitten Uses AI for Human Rights NGO Targeting 🐱

- A Farsi-speaking threat actor, RedKitten, linked to Iranian state interests, is targeting human rights NGOs and activists, likely leveraging large language models (LLMs) for tooling development.
- The campaign uses macro-laced Excel documents (fabricated protestor death details) in 7-Zip archives as lures, dropping a C#-based SloppyMIO implant via AppDomainManager injection.
- SloppyMIO uses GitHub as a dead drop resolver for Google Drive URLs, steganographically retrieving configuration for its Telegram Bot API-based command-and-control, enabling command execution, file exfiltration, and persistence.

📰 The Hacker News | https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html

Agentic AI: The Next Big Attack Surface 🤖

- A Dark Reading poll indicates that agentic AI is widely expected to become the top attack vector by the end of 2026, due to the expanded attack surface from agents' high access and autonomy, especially with insecure code and "shadow AI."
- Experts highlight that the primary vulnerability lies in what compromised AI agents can access, stressing that authentication and access control, rather than AI safety features, are the critical battleground for securing autonomous systems.
- Deepfakes are also rising as a major social engineering vector for high-value targets, while the adoption of phishing-resistant passkeys is lagging, leaving organisations vulnerable as agentic systems proliferate.

🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/2026-agentic-ai-attack-surface-poster-child

#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #Ivanti #NationState #APT #CriticalInfrastructure #Poland #Russia #Wiper #ShinyHunters #Vishing #MFA #SaaS #Extortion #Iran #RedKitten #LLM #AI #Deepfakes #ThreatLandscape #InfoSec #CyberAttack #Malware #IncidentResponse

Details of recent cyberattacks on Polish energy infrastructure.

https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/

#IoC #CyberAttack #CyberSecurity

Bumble, Match, Panera Bread and CrunchBase hit by cyberattacks

Bumble, Match Group and CrunchBase were hit by cyberattacks on Wednesday. Panera Bread also confirmed that an incident occurred

#bumble #match #crunchbase #PaneraBread #cyberattack #security #cybersecurity #hackers #hacking #hacked

https://www.reuters.com/business/bumble-match-panera-bread-crunchbase-hit-by-cyberattacks-bloomberg-news-reports-2026-01-29/

Connecticut city investigates network disruption at New Britain City Hall #NetworkDisruption #IncidentResponse #CyberAttack #CityHall #NewBritain #Connecticut #cybersecurity https://dysruptionhub.com/new-britain-city-hall-network-disruption-ct/

📰 Clop Ransomware Group Claims Attack on Canadian Helicopter Company

Notorious ransomware group Clop claims a cyberattack on Canadian company CMHHELI.COM. The group has threatened a data leak on its dark web site, a classic double-extortion tactic. 🇨🇦 #Ransomware #Clop #DataBreach #CyberAttack

🔗 https://cyber.netsecops.io/articles/clop-ransomware-claims-attack-on-canadian-company-cmhheli/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

It's been a bit quiet over the last 24 hours, but we do have a significant update on a supply chain compromise affecting an antivirus vendor. Let's dive in:

eScan Update Server Breached, Pushing Malware ⚠️

- Antivirus vendor eScan confirmed a breach of one of its regional update servers, which was used to push a malicious update to a limited number of customers on January 20, 2026, for a two-hour window.
- The malicious update, a modified `Reload.exe` signed with an invalid eScan certificate, enabled persistence, modified the Windows HOSTS file to block further updates, connected to C2 infrastructure, and deployed a backdoor (`CONSCTLX.exe`) and persistent downloader.
- eScan has isolated the affected infrastructure, rotated credentials, and released a remediation update for impacted customers; organisations should also block the identified command and control servers for additional security.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/escan-confirms-update-server-breached-to-push-malicious-update/

#CyberSecurity #ThreatIntelligence #SupplyChainAttack #Malware #InfoSec #IncidentResponse #Antivirus #CyberAttack

#Cyberattack on Polish energy grid impacted around 30 facilities

https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/

#Poland #infrastructure #cybersecurity #Russia

I gave my video from last week a new title and thumbnail:

“Cyberattack Prepper Ideas”
https://www.youtube.com/watch?v=-bUbplh5Q30

#CommPrep #prepper #CyberAttack #emergency #disaster #preparation #preparedness #EmergencyPrep

Walnuts producer affected by Qilin ransomware in Chile

https://www.security-chu.com/2026/01/Valbifruit-productora-nueces-con-ataque-de-ransomware-qilin.html

#Chile #ransomware #qilin #cyberattack

Hacker legen tausende Autos lahm! Der aktuelle Angriff auf den russischen Auto‑Alarmanlagenhersteller Starline zeigt auf dramatische Weise, wie verwundbar vernetzte Systeme sind. Pro‑ukrainische Hacker kompromittierten das Backend, deaktivierten Apps und legten Remote‑Funktionen lahm. Das Ergebnis: Fahrzeuge blieben stehen, Türen ließen sich nicht mehr öffnen, Flotten waren kurzfristig nicht einsatzfähig. #CyberSecurity #CyberAttack #starline #hackerangriff #cybercrime #russia #ukraine

It's been a busy 24 hours in the cyber world with significant updates on active exploitation of zero-days, widespread cyberattacks from sophisticated threat actors, and important discussions around data privacy and government initiatives. Let's dive in:

Recent Cyber attacks or breaches

ShinyHunters' SSO Vishing Spree Continues ⚠️
- The ShinyHunters group is actively targeting around 100 organisations, including major players like Canva, Atlassian, Epic Games, and Panera Bread, using evolved voice-phishing (vishing) techniques to compromise Okta, Microsoft, and Google SSO credentials.
- These attacks involve real-time phishing kits that mimic legitimate login pages and MFA requests, tricking employees into providing credentials and enrolling threat actor-controlled devices into MFA solutions.
- The group has claimed data theft from SoundCloud (29.8 million accounts), Betterment, Crunchbase, Panera Bread (14 million records), CarMax (500k+), and Edmunds (millions), often followed by extortion demands.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
🤫 CyberScoop | https://cyberscoop.com/shinyhunters-voice-phishing-sso-okta-mfa-bypass-data-theft/

Russian Security Firm Delta Hit by Cyberattack 🚨
- Delta, a major Russian provider of alarm and security systems for homes, businesses, and vehicles, suffered a "large-scale, coordinated" cyberattack attributed to an unspecified "hostile foreign state."
- The attack caused widespread service outages, with customers reporting issues like car alarms not deactivating, vehicles locking unexpectedly, and home systems switching to emergency mode.
- While Delta denies personal data compromise, an unidentified Telegram channel claiming responsibility has published an archive of alleged stolen data, the authenticity of which is unverified.
🗞️ The Record | https://therecord.media/russia-delta-security-alarm-company-cyberattack

Nike Investigates 1.4TB Data Leak by WorldLeaks 👟
- Sportswear giant Nike is investigating a potential cyber incident after the WorldLeaks extortion group claimed to have leaked over 1.4 terabytes of internal company data.
- The alleged stolen data includes internal documents, archives from 2020-2026, R&D assets, product creation details (technical packs, prototypes), supply chain information, and internal business presentations.
- WorldLeaks, believed to be a rebrand of the Hunters International ransomware group, briefly listed Nike on its leak site before removing the entry, suggesting potential negotiations or payment.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/
🗞️ The Record | https://therecord.media/nike-probes-alleged-cyber-incident
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/worldeaks-extortion-group-stole-1.4tb-nike-data

Ploutus ATM Jackpotting Ring Busted 💸
- US authorities have charged an additional 31 individuals, bringing the total to 87 members of the Venezuelan gang Tren de Aragua (TdA), for their involvement in a multi-million dollar ATM jackpotting scheme.
- The gang allegedly stole at least $5.4 million from 63 ATMs by physically accessing machines to replace hard drives or connect USBs, deploying Ploutus malware to force cash dispensing.
- TdA has been designated a Foreign Terrorist Organization by the U.S. Department of the Treasury, highlighting the increasing convergence of transnational organised crime and cyber-enabled financial fraud.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-charges-31-more-suspects-linked-to-atm-malware-attacks/
🗞️ The Record | https://therecord.media/dozens-more-charged-ploutus-jackpotting-atm

China-linked Hackers Accused of Years-Long UK Government Espionage 🇨🇳
- Chinese state-linked hackers, identified as Salt Typhoon, are accused of years-long access to the phones of senior Downing Street officials, potentially exposing private communications.
- The espionage focused on aides to former UK Prime Ministers and leveraged intrusions into telecommunications providers to skim metadata and communications without direct handset installation.
- This incident, discovered in 2024, underscores the persistent threat of nation-state espionage targeting critical government infrastructure and sensitive communications.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/chinalinked_hackers_accused_of_yearslong/

New Threat Research on Threat Actors/Groups, Ransomware, Malware, or Techniques and Tradecraft

ClickFix Attacks Evolve with App-V and Steganography 🎣
- A new ClickFix campaign is using fake CAPTCHA prompts to trick users into executing a command that abuses the signed Microsoft App-V script, SyncAppvPublishingServer.vbs, as a living-off-the-land (LoL) binary.
- This method proxies PowerShell execution through a trusted Microsoft component, making detection harder, and delivers the Amatera infostealer, which retrieves configuration from a public Google Calendar file and uses steganography to hide payloads in PNG images.
- The campaign is highly evasive, with checks for sandbox environments and a focus on enterprise-managed systems, reflecting a broader trend of ClickFix evolution into variants like GlitchFix and ClearFake, leveraging trusted web infrastructure for malware delivery.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-clickfix-attacks-abuse-windows-app-v-scripts-to-push-malware/
📰 The Hacker News | https://thehackernews.com/2026/01/clickfix-attacks-expand-using-fake.html

'Stanley' MaaS Guarantees Malicious Chrome Extensions 😈
- A new malware-as-a-service (MaaS) called 'Stanley' is being advertised, promising to bypass Google's review process and publish malicious phishing extensions to the Chrome Web Store.
- These extensions can overlay full-screen iframes with phishing content over legitimate webpages, silently auto-install on Chrome, Edge, and Brave, and support custom tweaks, C2 polling, and geographic targeting.
- This offering highlights the ongoing challenge of securing browser extension platforms and the commoditisation of sophisticated phishing techniques, urging users to be vigilant about extension installations and publishers.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-malware-service-guarantees-phishing-extensions-on-chrome-web-store/

Chinese Networks Dominate Illicit Crypto Laundering 💰
- Chinese money laundering networks processed an estimated $16.1 billion in illicit cryptocurrency in 2025, accounting for 20% of all laundered funds globally.
- These operations are highly professionalised, using Telegram groups, "guarantee" platforms for escrow protection, and offering services like "Black U" for hacking proceeds and crypto swapping.
- The continued resilience of these networks, despite crackdowns, underscores the global challenge of combating crypto-enabled financial crime and its links to transnational organised crime groups.
🗞️ The Record | https://therecord.media/chinese-money-launderers-moved-more-crypto-2025

Vulnerabilities, especially any mentioning Remote Code Exploitation (RCE), Active Exploitation, or Zero-Days

Microsoft Office Zero-Day Under Active Exploitation (CVE-2026-21509) 🚨
- Microsoft has issued an emergency out-of-band patch for CVE-2026-21509, a high-severity security feature bypass zero-day in Microsoft Office that is actively being exploited in the wild.
- The flaw bypasses OLE mitigations, allowing attackers to execute arbitrary code by convincing a user to open a specially crafted Office file; the preview pane is not an attack vector.
- CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply patches or implement registry-based mitigations for older Office versions by February 16.
📰 The Hacker News | https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/office_zeroday_exploited_in_the/

SmarterMail Servers Vulnerable to RCE via Auth Bypass (CVE-2026-23760) 🛡️
- Over 6,000 SmarterMail servers remain exposed online and are likely vulnerable to automated attacks exploiting CVE-2026-23760, a critical authentication bypass flaw.
- This vulnerability in the password reset API allows unauthenticated attackers to hijack admin accounts and achieve remote code execution (RCE) on affected servers.
- CISA has added CVE-2026-23760 to its KEV catalog, urging federal agencies to patch by February 16, as mass exploitation attempts have already been observed in the wild.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/

Critical Sandbox Escape in vm2 Node.js Library (CVE-2026-22709) 💻
- A critical sandbox escape vulnerability, CVE-2026-22709, has been discovered in the popular vm2 Node.js library, allowing arbitrary code execution on the host system.
- The flaw stems from improper sanitisation of Promise callbacks, enabling attackers to bypass the secure context designed to isolate untrusted JavaScript code.
- Despite the project being previously discontinued due to similar issues, vm2 remains widely used, and users are strongly advised to upgrade to version 3.10.3 immediately due to the trivial nature of exploitation.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2-nodejs-library/

WinRAR Path Traversal Flaw Actively Exploited (CVE-2025-8088) 📦
- The high-severity WinRAR path traversal vulnerability, CVE-2025-8088, continues to be actively exploited by both state-sponsored and financially motivated threat actors since July 2025.
- Attackers leverage Alternate Data Streams (ADS) to conceal malicious files within decoy archives, dropping payloads like LNK, HTA, or script files into Windows Startup folders for persistence.
- Google Threat Intelligence reports observing groups like RomCom, APT44, TEMP.Armageddon, Turla, and China-linked actors using this flaw to deliver various malware, highlighting the commoditisation of such exploits.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/

Data Privacy

Google Settles Voice Recording Lawsuit for $68 Million 🎤
- Google has agreed to a $68 million settlement in a class-action lawsuit alleging its voice-activated assistant illegally recorded and shared private conversations with third parties for targeted advertising.
- Plaintiffs claimed Google Assistant improperly triggered and recorded their words, leading to unwanted targeted ads, with the settlement funds to be distributed to Google device purchasers since May 2016.
- While Google settled without admitting wrongdoing, the case underscores ongoing concerns about privacy in voice-activated technologies and the use of personal data.
🗞️ The Record | https://therecord.media/google-settles-millions-privacy-recording

WhatsApp Introduces 'Strict Account Settings' for Spyware Protection 🔒
- WhatsApp is rolling out a new "Strict Account Settings" feature designed to combat sophisticated spyware attacks by allowing users to block attachments and media from non-contacts.
- This "lockdown-style" feature is specifically aimed at high-risk users like journalists and public figures, drawing parallels with similar protections offered by Apple and Google.
- The move follows WhatsApp's legal battles against NSO Group over Pegasus spyware, reinforcing the platform's commitment to user privacy and defence against advanced surveillance tools.
🤫 CyberScoop | https://cyberscoop.com/whatsapp-strict-account-settings-lockdown-style-spyware-protection/
🗞️ The Record | https://therecord.media/whatsapp-spyware-anti-lockdown

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #ActiveExploitation #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #SSO #MFA #Phishing #Vishing #PQC #DigitalSovereignty

Τον Νοέμβριο του 2025 άρχισαν να κυκλοφορούν πληροφορίες ότι η Under Armour, ένα από τα πιο αναγνωρίσιμα brands αθλητικής ένδυσης παγκοσμίως, έπεσε θύμα επίθεσης ransomware που αποδόθηκε στην ομάδα Everest. #BusinessRisk #cyberattack #cyberrisk #Cybersecur

https://www.crisismonitor.gr/2026/01/27/hackers-egdysan-tin-under-armour-ston-aera-dedomena-72-ekat-pelaton/

Sandworm Blamed for Wiper Attack on Poland Power Grid. Researchers attributed the failed attempt to the infamous Russian APT #sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
https://www.darkreading.com/threat-intelligence/sandworm-wiper-attack-poland-power-grid
#russia #cyber #energy #cyberattack

Τον Νοέμβριο του 2025 άρχισαν να κυκλοφορούν πληροφορίες ότι η Under Armour, ένα από τα πιο αναγνωρίσιμα brands αθλητικής ένδυσης παγκοσμίως, έπεσε θύμα επίθεσης ransomware που αποδόθηκε στην ομάδα Everest. #BusinessRisk #cyberattack #cyberrisk #Cybersecur

https://www.crisismonitor.gr/2026/01/27/hackers-egdysan-tin-under-armour-ston-aera-dedomena-72-ekat-pelaton/

📰 New QuantumLeap Ransomware Demands $50M, Halts Global Shipments at NaviGistics

🚨 BREAKING: New 'QuantumLeap' ransomware cripples logistics giant NaviGistics, halting global shipments. Attackers demand $50M ransom & threaten to leak 2TB of data. Initial access via VPN without MFA. ⚠️ #Ransomware #CyberAttack #SupplyChain

🔗 https://cyber.netsecops.io/articles/quantumleap-ransomware-cripples-global-logistics-giant-navigistics/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Security Week: Russian Sandworm APT Actors Blamed for Cyberattack on Polish Power Grid https://www.securityweek.com/russian-sandworm-hackers-blamed-for-cyberattack-on-polish-power-grid/ @SecurityWeek

The Record: Romania probes two suspects over alleged hitman-for-hire website https://therecord.media/romania-assassins-for-hire-website-investigation #infosec #malware #cyberattack

#ESET Research: #Russian cyber actor #Sandworm behind #cyberattack on NATO member #Poland’s power grid in late 2025. The attack involved data-wiping malware #DynoWiper. Coincidentally on the 10th anniversary of #Ukraine power grid.

🔗 https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/

#Apple's Secret Product Plans Stolen in #Luxshare #Cyberattack

https://www.macrumors.com/2026/01/21/apple-product-plans-stolen-in-luxshare-cyberattack/

#cybersecurity #DataBreach

Sandworm behind cyberattack on Poland's power grid in late 2025

Pulse ID: 6976fb12433099e6fae6af59
Pulse Link: https://otx.alienvault.com/pulse/6976fb12433099e6fae6af59
Pulse Author: Tr1sa111
Created: 2026-01-26 05:26:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Poland #RAT #Sandworm #Worm #bot #Tr1sa111