Cybersecurity Articles

74/69 Friday, February 6, 2026 CISA has disclosed that ransomware groups have begun exploiting a VMware ESXi vulnerability related to virtual machine sandbox escape. The flaw, tracked as CVE-2025-22225, was previously used in zero-day attacks and is classified as an arbitrary write vulnerability that could allow attackers with privileges inside the VMX process to write […]

73/69 Friday, February 6, 2026 Researchers from DataDog Security Labs have discovered a cyberattack campaign targeting NGINX servers, a widely used web traffic management software. Threat actors modify configuration files to secretly install redirect commands, routing user data through hacker-controlled infrastructure before forwarding it to the legitimate destination. The campaign primarily targets websites using Asian […]

72/69 Thursday, February 5, 2026 Cybersecurity researchers from Noma Labs have disclosed a critical vulnerability named DockerDash affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI. The flaw allows attackers to perform Remote Code Execution (RCE) and secretly exfiltrate sensitive data by exploiting how the assistant reads and processes metadata attached […]

71/69 Thursday, February 5, 2026 Researchers from vulnerability intelligence firm VulnCheck have revealed that a critical vulnerability in the React Native platform has been actively exploited since late December. The flaw, tracked as CVE-2025-11953, carries a CVSS score of 9.8 (Critical) and affects the widely used @react-native-community/cli package, a key tool for developing React Native […]

70/69 Thursday, February 5, 2026 Cybersecurity experts have issued a warning after discovering two newly identified critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM), a platform widely used by large organizations to manage employee mobile devices. These flaws carry a severity score of 9.8 out of 10, as they allow attackers to […]

69/69 Wednesday, February 4, 2026 Security researchers have identified a large number of malicious add-on packages, or “Skills,” targeting OpenClaw-an open-source personal AI assistant formerly known as Moltbot and ClawdBot. These threats were discovered on the official registry (ClawHub) and GitHub between January 27 and February 1. More than 230 harmful Skills were found impersonating […]

68/69 Wednesday, February 4, 2026 Have I Been Pwned (HIBP) has confirmed that the Panera Bread data breach affected approximately 5.1 million user accounts, a figure significantly lower than the 14 million accounts previously claimed by the cybercriminal group ShinyHunters. The group alleged that it had gained access to Panera Bread’s systems and stolen a […]

67/69 Wednesday, February 4, 2026 Ukraine’s CERT-UA has identified a new cyberattack campaign carried out by the APT28 hacking group, also known as Fancy Bear, which is linked to Russia. The attackers targeted government agencies and organizations across Europe by distributing phishing emails containing malicious Microsoft Word attachments. These documents referenced “EU COREPER consultations in […]

66/69 Tuesday, February 3, 2026 Researchers from cybersecurity firm Flare have released a report on attacks targeting publicly exposed MongoDB databases, where threat actors scan for misconfigured servers that allow unauthenticated access. The investigation identified more than 208,500 MongoDB servers accessible from the internet, with approximately 3,100 instances lacking any form of protection. Nearly half […]

65/69 Tuesday, February 3, 2026 A security vulnerability has been identified in Mitsubishi Electric Iconics Suite, a widely used Supervisory Control and Data Acquisition (SCADA) software platform deployed across industrial sectors such as energy, automotive, and manufacturing. The vulnerability, tracked as CVE-2025-0921, is rated medium severity (CVSS 6.5) and can be exploited to trigger a […]