Nation-state

LAPSUS$ Group collaborates with TeamPCP to sell GitHub internal repositories.

Microsoft failed to properly patch 2020 Windows CVE, allowing Nightmare Eclipse exploitation.

Nightmare Eclipse releases MiniPlasma vulnerability (CVE-2020-17103) in Windows Cloud Files Mini Filter Driver

Cisco SD-WAN maximum severity vulnerability exploited in active attacks.

Cisco SD-WAN Controller/Manager CVE-2026-20182 critical auth bypass under active exploitation

Cisco patches critical SD-WAN Controller authentication bypass (CVE-2026-20182) exploited in active zero-day attacks.

Guatemalan Ministry of Finance allegedly breached; 130K RGAE registrations and 235K PDFs exposed via IDOR.

Iraqi Ministry of Interior breached; 2025-2026 census and civil registry data exposed for sale.

Microsoft details Kazuar, a modular P2P botnet attributed to Russian state actor Secret Blizzard.

Researcher publicly discloses YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days in Windows.

Threat actor claims breach of Vietnamese Ministry of Health exposing 480,000 medical staff records.

Vietnam's Ministry of Health allegedly breached, exposing 480,000 medical staff records.

CISA launches CI Fortify initiative urging critical infrastructure operators to prepare for geopolitical conflict

LatAm Vibe threat campaigns use AI agents to generate custom hacking tools targeting Mexico and Brazil.

US House Committee demands briefing on Instructure Canvas data breach affecting 275M individuals

ShinyHunters' clearnet domain suspended after Canvas LMS attacks; group relocates to dark web.

Two new Microsoft Windows zero-day vulnerabilities disclosed with codenames GreenPlasma and YellowKey.

Researcher discloses two Microsoft vulnerabilities via GitHub, threatens escalation.

Kuwait's Public Authority for Civil Information breached, exposing 5.23M citizen records and sensitive government

Kuwait's Public Authority for Civil Information breached, exposing 5.23M citizen records.

TrickMo Android banking trojan variant uses TON blockchain for C2 and SOCKS5 proxying across France, Italy, Austria.

La Suite Numérique breach exposes 18M+ records from French government digital workspace.

Operation HookedWing phishing campaign steals 2,000+ credentials from 500+ organizations over four years.

LAPSUS$ Group claims to have leaked Vodafone customer data.

Threat actor claims 77.56 GB breach of Iranian nuclear program data with extortion demand.

Indonesian Ministry of Transportation database with 93GB+ vehicle and owner records allegedly breached.

Genesis ransomware group lists CarePoint Health with 70GB data and 4-day publication countdown.

BLS International allegedly breached, exposing 29M records, source code, and SSH keys.

Houghton Mifflin Harcourt added to ShinyHunters extortion portal.

Threat group 'L4TAMFUCKERS' claims breach of Venezuelan identity systems exposing 35M IDs and 13.4M birth certificates.

Ransomware negotiator sentenced for $56M attacks; DPRK IT fraud disrupted; PCPJack targets cloud credentials; Palo Alto

SecurityWeek roundup: US targets 72-hour patch cycles, PamDOORa Linux backdoor, CISA director frontrunner named.

CISA mandates four-day patch deadline for zero-day Ivanti EPMM flaw being actively exploited.

Polish security agency reports ICS breaches at five water treatment plants with state-sponsored attribution.

Ivanti patches CVE-2026-6973 zero-day in EPMM exploited in targeted attacks.

Palo Alto Networks zero-day CVE-2026-0300 exploited by likely Chinese state-sponsored group CL-STA-1132.

Antel TuID Digital, Uruguay's state telecom e-government platform, allegedly breached exposing 8GB of data.

PAN-OS CVE-2026-0300 RCE under active exploitation by suspected state-sponsored actors.

South African provincial government's Outlook Web App compromised to host PlugX malware samples.

Palo Alto Networks firewall zero-day exploited by state-sponsored hackers for nearly a month.

Threat actors used Claude AI to guide attack on Mexican water utility's OT systems in January 2026.

20-year-old sabotage malware from 2005 identified after NSA leak exposure.

Argentine government and educational institutions breached, 80M credentials exposed.

CEMIG Brazilian utility allegedly breached; 190GB Watson dump offered for sale.

FuckSpy threat actor offers 5M+ Hong Kong KGI investor records for sale.

Rowhammer attacks on NVIDIA Ampere GPUs enable full system compromise via GDDR bitflips.

CISA issues CI Fortify guidance for critical infrastructure to master isolation and recovery against nation-state

Palo Alto Networks reports critical PAN-OS User-ID portal RCE zero-day under active exploitation.

Palo Alto PAN-OS buffer overflow CVE-2026-0300 under active exploitation enables unauthenticated RCE.

Palo Alto Networks patches critical PAN-OS zero-day buffer overflow in Captive Portal affecting PA/VM firewalls.