Vulnerabilities
-
European Commission discloses breach of mobile device management platform
The European Commission detected a cyber-attack on its mobile device management system on January 30 that may have exposed staff names and mobile numbers. The system was cleaned within nine hours and investigations are under way.
-
BeyondTrust patches critical pre-auth RCE in Remote Support and Privileged Remote Access
BeyondTrust released patches for CVE-2026-1731, a critical pre-auth remote code execution flaw affecting Remote Support and older Privileged Remote Access versions. Self-hosted instances must apply updates or upgrade to reach patchable releases.
-
Spain Ministry of Science partially shuts electronic services after technical incident
A technical incident prompted a partial shutdown of Spain’s Ministry of Science electronic headquarters, suspending administrative procedures. A threat actor claims an IDOR exploit and leaked data samples, while the ministry says the closure is under assessment.
-
Critical vulnerability CVE-2026-25049 in n8n could allow system command execution
A critical CVE-2026-25049 vulnerability in a workflow automation platform can enable authenticated users to run system commands. The flaw has CVSS 9.4 and is fixed in 1.123.17 and 2.5.2. Restrict workflow creation and apply patches.
-
Amaranth Dragon exploits WinRAR flaw to target Southeast Asian agencies
Amaranth Dragon exploited CVE-2025-8088 in WinRAR to target government and law enforcement agencies across six Southeast Asian countries from mid-2025, delivering encrypted loaders and using Cloudflare-backed command servers.
-
LookOut flaws in Looker could allow server takeover and database theft
Two Looker vulnerabilities called LookOut can allow remote server takeover or theft of the internal management database. The vendor secured managed instances but self-hosted deployments must apply manual patches to prevent credential and data exposure.
-
CISA adds actively exploited SolarWinds Web Help Desk flaw CVE-2025-40551 to KEV
CISA added CVE-2025-40551 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities catalog, marking it actively exploited with a CVSS score of 9.8. Federal agencies face a February 6, 2026 remediation deadline.
-
Threat actors exploit Metro4Shell RCE in React Native CLI
Threat actors exploited a critical Metro Development Server RCE in the @react-native-community/cli package starting December 21, 2025, tracked as CVE-2025-11953 with a CVSS score of 9.8.
-
APT28 exploits Microsoft Office bug to deploy email stealer and Covenant implant
Russia-linked APT28 exploited a Microsoft Office bypass tracked as CVE-2026-21509 to deliver an Outlook email stealer and a Covenant Grunt implant in Ukraine, Slovakia and Romania, researchers say.
-
Audit finds 341 malicious skills on ClawHub marketplace
An analysis found 341 malicious skills on the ClawHub marketplace among 2,857 audited entries. The skills used fake prerequisites and scripts to deliver macOS information stealers and backdoors, creating a supply chain risk for OpenClaw users.
