News
-
Worm-driven TeamPCP campaign compromises cloud native infrastructure at scale
A worm-driven campaign by TeamPCP exploited exposed Docker, Kubernetes, Ray and React vulnerabilities around Dec 25, 2025 to build proxy and scanning infrastructure for data theft, extortion and cryptocurrency mining, researchers report.
-
European Commission discloses breach of mobile device management platform
The European Commission detected a cyber-attack on its mobile device management system on January 30 that may have exposed staff names and mobile numbers. The system was cleaned within nine hours and investigations are under way.
-
BeyondTrust patches critical pre-auth RCE in Remote Support and Privileged Remote Access
BeyondTrust released patches for CVE-2026-1731, a critical pre-auth remote code execution flaw affecting Remote Support and older Privileged Remote Access versions. Self-hosted instances must apply updates or upgrade to reach patchable releases.
-
Spain Ministry of Science partially shuts electronic services after technical incident
A technical incident prompted a partial shutdown of Spain’s Ministry of Science electronic headquarters, suspending administrative procedures. A threat actor claims an IDOR exploit and leaked data samples, while the ministry says the closure is under assessment.
-
Sapienza University offline after cyberattack disrupts campus systems
Sapienza University in Rome shut down network systems after a cyberattack, taking its website offline and disrupting services for more than 112,500 students as technicians and national authorities work to restore systems.
-
Romanian oil pipeline operator reports cyberattack that took website offline
Conpet reported a cyberattack that disrupted its corporate IT systems and disabled its website on Tuesday. Operational technology remained unaffected and authorities were notified. A ransomware group using the Qilin name posted files presented as proof.
-
Substack notifies users after email and phone data stolen in October 2025
Substack says attackers accessed email addresses, phone numbers and metadata in October 2025 and discovered the issue on February 3 2026. A posted database claims 697,313 records were leaked. The company says no financial data was exposed.
-
Italy thwarts cyberattacks tied to Russia ahead of Milano Cortina Games
Italy has begun defending against cyberattacks that targeted foreign ministry sites and some Milano Cortina Winter Olympics locations. The attacks were described as of Russian origin and mitigations were put in place before the Games.
-
Infy resumes operations with new C2 infrastructure after nationwide outage
Infy paused C2 activity on January 8, 2026 and reestablished new command and control servers on January 26, 2026, deploying Tornado version 51 and new delivery methods that include a weaponized WinRAR SFX.
-
Critical vulnerability CVE-2026-25049 in n8n could allow system command execution
A critical CVE-2026-25049 vulnerability in a workflow automation platform can enable authenticated users to run system commands. The flaw has CVSS 9.4 and is fixed in 1.123.17 and 2.5.2. Restrict workflow creation and apply patches.
