VulnHub

Companies House, the British agency responsible for company registration in the UK, recently confirmed that a security flaw in its WebFiling service exposed sensitive business information since October 2025. The agency temporarily took the service offline on Friday to address the issue, which raised concerns about the privacy of companies' data. While they have since restored the service, the breach could have serious implications for businesses relying on the registry for compliance and reporting. Companies should review their security practices and remain vigilant about potential misuse of their exposed information. This incident underscores the need for robust security measures in public-facing services.

Recent vulnerabilities in CrackArmor's AppArmor have been discovered, allowing local users of Linux systems to escalate their privileges to root access. This flaw not only compromises the host system but also allows attackers to break out of container environments and launch denial-of-service (DoS) attacks. The implications are significant for any organization relying on Linux, as it increases the risk of unauthorized access and system disruption. Users should be particularly vigilant if they are running systems with AppArmor enabled, as these vulnerabilities could lead to severe security incidents if exploited. Immediate action is advised to mitigate potential risks associated with these flaws.

A recent glitch on the Companies House website in the UK has exposed sensitive personal and corporate information of millions of users, raising serious concerns about data security. The issue allowed unauthorized access to details that should have been protected, potentially enabling fraudsters to exploit this information. Companies House, which is responsible for maintaining the official register of companies in the UK, has acknowledged the problem and is working to rectify it. This incident is particularly alarming as it affects the privacy of business owners and the integrity of the corporate registration process. Users and businesses are advised to monitor their information and report any suspicious activity immediately.

The U.S. government has officially classified cyber-enabled fraud as transnational organized crime through a new executive order. This change emphasizes the need for a more aggressive approach to combat cybercrime, moving beyond just defensive measures. The article argues that the private sector must also take a proactive stance to dismantle the criminal infrastructure that supports these activities. By recognizing cybercrime as organized crime, U.S. authorities are urged to target the business models that enable these operations, rather than simply responding to individual attacks. This shift is crucial for reducing the overall impact of cybercrime on businesses and individuals alike.

China's National Computer Network Emergency Response Technical Team (CNCERT) has raised alarms about vulnerabilities in OpenClaw, an open-source AI agent. The platform, previously known as Clawdbot and Moltbot, has been found to have weak default security settings that could allow attackers to perform prompt injection attacks and exfiltrate sensitive data. This poses a significant risk for users who deploy the AI agent without proper security configurations. As OpenClaw is self-hosted, organizations need to be particularly vigilant about their security practices to prevent potential exploitation. The warning serves as a reminder of the importance of securing AI tools and ensuring that default settings do not leave systems vulnerable.

Cisco's recent SD-WAN vulnerabilities have sparked confusion and some fraudulent activity among users. Some individuals are taking advantage of the situation by creating fake proof-of-concept (PoC) exploits, which has added to the chaos surrounding the bugs. This has led to misunderstandings about the actual risks posed by the vulnerabilities. As a result, companies using Cisco's SD-WAN products may be unsure about how to respond and protect their networks effectively. It’s crucial for organizations to be aware of these issues and seek accurate information to mitigate potential risks.

Nonprofits are increasingly becoming targets for cybercriminals due to their often inadequate security measures and the valuable data they hold. However, many incidents involving these organizations go unreported, leading to a lack of comprehensive data on the extent of the problem. The absence of sufficient reporting makes it challenging to fully understand the risks nonprofits face and the tactics used by attackers. This situation not only jeopardizes sensitive information but also threatens the operational integrity of nonprofits, which often rely on public trust and donations. As these organizations typically operate with limited resources, they may struggle to implement the necessary security protocols to protect themselves from cyber threats.

Poland's National Centre for Nuclear Research (NCBJ) recently experienced a cyberattack aimed at its IT infrastructure. Fortunately, the attack was detected and neutralized before it could have any effect on operations or data. This incident raises concerns about the security of critical national research facilities, especially those involved in sensitive areas like nuclear technology. Cyberattacks on such institutions can pose risks not just to the organizations themselves, but also to national security and public safety. The swift detection and response by NCBJ’s cybersecurity measures demonstrate the importance of having robust defenses in place to protect against potential threats.