Breaches
The European Commission has confirmed that attackers compromised its central mobile device management systems on January 30, potentially accessing the names and phone numbers of staff members. The intrusion targeted the infrastructure used to manage employee mobile phones and tablets. CERT-EU detected suspicious activity and contained the breach within nine
Alerts
A critical vulnerability in the React Native Community CLI Metro development server is being actively exploited to compromise developer workstations and CI/CD environments. Tracked as CVE-2025-11953 and dubbed Metro4Shell, the flaw carries a CVSS score of 9.8 and allows unauthenticated OS command injection through the server's
Threats
Recorded Future's Insikt Group has published a comprehensive analysis of Rublevka Team, a Russian cybercriminal operation that has generated over $10 million in cryptocurrency theft since 2023 through an affiliate-driven wallet draining ecosystem. Unlike traditional crypto-stealing operations that rely on infostealer malware, Rublevka Team deploys custom JavaScript drainer
Alerts
Cisco has released a security advisory for CVE-2026-20098, a high-severity vulnerability in Cisco Meeting Management that allows authenticated remote attackers to upload arbitrary files, execute commands, and escalate privileges to root. The flaw carries a CVSS score of 8.8 and affects all versions of Cisco Meeting Management prior to
Alerts
Microsoft has announced the integration of System Monitor (Sysmon) directly into Windows 11, bringing one of the most widely-used threat detection tools natively into the operating system. The feature is now available in Windows 11 Insider Preview Build 26300.7733 (KB5074178) in the Dev Channel. Previously available only as a
Alerts
A critical vulnerability chain has been disclosed in vLLM, a widely-used high-performance library for Large Language Model inference. Tracked as CVE-2026-22778 with a CVSS score of 9.8, the flaw allows remote attackers to execute arbitrary commands on vLLM servers by submitting a malicious video URL to the API. Default
Threats
Huntress has published details of a February 2026 intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to access a victim network, then deployed a custom EDR killer that abuses a legitimate Guidance Software (EnCase) forensic driver to terminate security processes from kernel mode. The attack was disrupted before ransomware
Breaches
ShinyHunters, one of the most prolific data breach and extortion groups of the past five years, has posted a message to their official Telegram channel claiming that a "second leader has been arrested." The brief update also confirmed that the group's X (formerly Twitter) account has
Threats
Palo Alto Networks' Unit 42 has published a major investigation into a newly identified cyberespionage group it tracks as TGR-STA-1030, also known as UNC6619. The group — assessed with high confidence to be state-aligned and operating out of Asia — has compromised at least 70 organizations across 37 countries over the
Threats
LockBit 5.0 has introduced cross-platform ransomware payloads capable of hitting Windows, Linux, and VMware ESXi environments in a single campaign, according to analysis of 19 samples published by LevelBlue. The release marks a significant technical evolution for the RaaS operation, with specialized routines designed to maximize damage across enterprise
Threats
ShadowSyndicate, a cybercrime cluster first identified in 2023, has been caught using a server transition technique designed to obscure operational continuity across its infrastructure — but OPSEC failures have given researchers visibility into the group's C2 network. Group-IB confirmed two additional SSH fingerprints linked to ShadowSyndicate operations in February
Alerts
CISA has been silently updating its Known Exploited Vulnerabilities (KEV) catalog when it confirms that vulnerabilities are being exploited by ransomware groups — without notifying defenders when those changes occur. Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, documented the gap by downloading daily KEV snapshots for