Vulnerabilities
-
NationStates confirms data breach after player gained server access
NationStates took its site offline on January 27, 2026 after an unauthorized user gained remote code execution on the production server and copied user data. Exposed items include email addresses and MD5 password hashes.
-
State actors hijacked Notepad++ updater to redirect users to malicious servers
Notepad++’s maintainer said attackers compromised hosting infrastructure to hijack the updater and redirect some users to malicious servers. The activity began in June 2025 and credentials persisted until December 2 2025.
-
eScan update servers used to deliver persistent downloader in supply chain attack
Unknown attackers distributed a malicious eScan update on January 20, 2026 that replaced reload.exe and deployed a downloader. The vendor isolated servers for over eight hours and published a patch to revert the changes.
-
Threat actor compromises about 1,400 exposed MongoDB servers in low-value extortion campaign
A technical analysis found a threat actor compromised about 1,400 exposed MongoDB servers, leaving ransom notes demanding about 0.005 BTC per victim. Researchers identified roughly 208,500 exposed servers and many running outdated versions.
-
Researchers find Chrome extensions that hijack affiliate links and scrape data
Security researchers uncovered Chrome extensions that rewrite affiliate links and scrape product data. A Socket technical analysis links the behavior to a cluster of 29 add ons that target major e commerce sites and exfiltrate information.
-
China-linked UAT-8099 targets IIS servers in Asia with BadIIS SEO fraud
Researchers found a late 2025 to early 2026 campaign by UAT-8099 that used web shells and BadIIS malware to run SEO fraud on IIS servers, concentrating attacks in Thailand and Vietnam.
-
SmarterMail patched critical unauthenticated RCE and path coercion flaws
SmarterMail fixes address a critical unauthenticated remote code execution flaw CVE-2026-24423 rated 9.3 and a medium severity path coercion issue that can enable NTLM relay. Administrators should install the updated builds immediately.
-
Ivanti issues fixes for two critical EPMM code injection zero day flaws
Ivanti released updates for two critical EPMM code injection vulnerabilities that allow unauthenticated remote code execution. One was added to the CISA KEV catalog. Patches, detection steps and remediation guidance are published in the vendor advisory.
-
eScan update server breached to deliver malicious update on January 20 2026
An eScan update server was breached on January 20 2026 and pushed a malicious update to a subset of customers. Morphisec’s security bulletin details the modified updater and final backdoor payload.
-
Critical vm2 sandbox escape CVE-2026-22709 allows arbitrary code execution
A critical sandbox escape in the vm2 Node.js library, tracked as CVE-2026-22709 and rated CVSS 9.8, lets attackers run code on host systems. Users should update to vm2 3.10.3.
