VulnHub

A significant data breach involving Nike has come to light, with the hacking group WorldLeaks leaking approximately 1.4 terabytes of sensitive files online. This leak reportedly includes internal documents, customer data, and other confidential information. The breach appears to coincide with ongoing concerns about data security at various companies, including Under Armour. With the scale of the leak, there are serious implications for Nike's customers and partners, as their personal information may be at risk. Companies like Nike must enhance their cybersecurity measures to prevent such incidents and protect their users' data.

Crunchbase has confirmed it was part of a data breach following claims by the hacking group ShinyHunters. Along with Crunchbase, SoundCloud and Betterment were also targeted in this campaign. The attackers reportedly accessed sensitive data, although specific details about the type of information compromised have not been disclosed. This incident raises concerns about the security of user data across these platforms and highlights the ongoing risks posed by organized hacking groups. Companies like Crunchbase are now under pressure to enhance their security measures to protect user information from future breaches.

Okta has reported a new type of vishing attack where scammers impersonate IT support teams to steal user credentials. These attackers create fake login pages in real-time using phishing kits, which makes it challenging for victims to detect the fraud. This method allows them to bypass multi-factor authentication (MFA), a security measure that many organizations use to protect sensitive information. Users who fall for this trick may unknowingly provide their login details, putting their accounts and sensitive data at risk. Companies should remain vigilant and educate employees about these tactics to prevent successful attacks.

This week, cybersecurity experts noted a series of vulnerabilities and security incidents that demonstrate how attackers are exploiting both old and new methods to breach systems. Flaws in firewalls and browser-based traps are particularly concerning, as they reveal weaknesses in tools that users often trust. These security lapses suggest that just because a software issue has been patched doesn't mean it is safe. The ongoing evolution of malware, including AI-generated variants, presents a significant challenge for companies trying to defend against increasingly sophisticated threats. Organizations need to stay vigilant and update their defenses regularly to protect against these emerging risks.

A new malware toolkit called 'Stanley' is being sold on cybercrime forums for between $2,000 and $6,000. This toolkit enables attackers to create counterfeit websites that mimic legitimate ones, facilitating phishing attacks. The post claims that the toolkit can publish these fraudulent sites on the Chrome Web Store, increasing their visibility and potential for success. This poses a significant risk to users who may unknowingly provide sensitive information to these spoofed sites. The emergence of such tools highlights the ongoing challenges in combating online fraud and the need for users to be vigilant when navigating web applications.

Poland's energy sector recently faced a severe cyber attack attributed to the Russian hacking group Sandworm. This incident involved a wiper malware that aimed to disrupt the functioning of the power grid, posing significant risks to the country's energy stability. Authorities have raised alarms about the potential for further attacks, as Sandworm is known for its destructive tactics and has previously targeted critical infrastructure. The implications of this attack extend beyond Poland, reflecting ongoing geopolitical tensions and the vulnerability of national infrastructures to cyber warfare. As the situation develops, experts urge energy companies to enhance their cybersecurity measures to prevent similar incidents in the future.

Researchers at Check Point have linked an active phishing campaign to the North Korean hacking group KONNI, also known by several other names. This campaign specifically targets software developers and engineers, using deceptive emails that present fake documentation related to blockchain projects. The attackers are employing an AI-generated PowerShell backdoor to infiltrate systems. This tactic not only showcases the group's evolving methods but also raises concerns about the security of developers working in the rapidly growing blockchain sector. The implications are significant, as successful compromises could lead to data theft and further exploitation of vulnerabilities within the tech community.

Russian hackers known as Sandworm have been accused of launching a cyberattack on Poland's power grid using data-wiping malware. This incident comes a decade after they disrupted the Ukrainian power grid, indicating a pattern of targeting critical infrastructure in Eastern Europe. The attack poses significant risks, not only to Poland's energy supply but also raises concerns about regional security and the potential for similar incidents in other countries. As tensions between Russia and NATO continue, this incident could escalate fears about cyber warfare and its impact on national security. Authorities are investigating the attack and assessing the full extent of its impact on the power grid operations.

In December 2025, Poland experienced a significant cyber attack on its power grid, attributed to the Russia-linked hacking group Sandworm. Researchers from ESET analyzed the malware involved and determined that the attack was one of the largest targeting Poland's energy infrastructure. The involvement of Sandworm, known for its previous cyber operations, raises concerns about the security of critical national systems. This incident not only endangers the stability of Poland's energy supply but also highlights the ongoing risks posed by state-sponsored cyber threats in Europe. As nations increasingly rely on digital infrastructure, the implications for energy security and national defense become more pronounced.

A newly discovered vulnerability in VMware products allows attackers to execute remote code by sending specially crafted network packets. This critical-severity flaw poses a serious risk for organizations using affected VMware systems, as it could lead to unauthorized access and control over their networks. VMware has not specified which products are impacted, but the nature of the vulnerability suggests that any systems relying on VMware technologies could be at risk. Companies should prioritize patching their systems as soon as updates are available to prevent potential exploitation. The urgency is heightened as this vulnerability is now a target for attackers.