Nike confirms it is investigating a potential breach after the World Leaks ransomware gang claimed to have stolen 1.4 TB of corporate data. The group, a rebrand of Hunters International, has targeted major organizations including the U.S. Marshals Service and Tata Technologies.
Google Threat Intelligence reveals widespread exploitation of CVE-2025-8088 by Russian APT groups, Chinese actors, and cybercriminals. The WinRAR path traversal flaw enables payload delivery via the Windows Startup folder, with active campaigns targeting Ukraine, LATAM, and financial sectors.
Microsoft announces NTLM will be disabled by default in upcoming Windows releases, marking the end of the 30-year-old authentication protocol that has been a persistent security vulnerability.
Two critical CVSS 9.8 vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2026-1281, CVE-2026-1340) are under active exploitation, allowing unauthenticated remote code execution. CISA has added them to the KEV catalog with a February 1 federal deadline.
Two actively exploited pre-auth RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile allow attackers to execute arbitrary commands via Bash arithmetic expansion. CISA has added these to the KEV catalog.
SmarterTools patches critical CVE-2026-24423 (CVSS 9.3) unauthenticated RCE vulnerability in SmarterMail email server. Two other flaws including one under active exploitation also addressed. Update immediately.
SolarWinds patches six severe vulnerabilities in Web Help Desk, including four critical flaws (CVSS 9.8) enabling unauthenticated remote code execution and authentication bypass. Organizations should update to WHD 2026.1 immediately.
Fortinet confirms CVE-2026-24858, a critical FortiCloud SSO authentication bypass zero-day actively exploited in the wild. The company has blocked FortiCloud SSO from vulnerable devices while patches are being developed.
Security researchers have identified sophisticated attack vectors leveraging Microsoft Office documents to bypass security measures and deliver malicious payloads. Learn about the latest threats and defensive strategies.
by: Jonathan Bennett Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle…
