VulnHub

Russian hackers known as Sandworm have been accused of launching a cyberattack on Poland's power grid using data-wiping malware. This incident comes a decade after they disrupted the Ukrainian power grid, indicating a pattern of targeting critical infrastructure in Eastern Europe. The attack poses significant risks, not only to Poland's energy supply but also raises concerns about regional security and the potential for similar incidents in other countries. As tensions between Russia and NATO continue, this incident could escalate fears about cyber warfare and its impact on national security. Authorities are investigating the attack and assessing the full extent of its impact on the power grid operations.

In December 2025, Poland experienced a significant cyber attack on its power grid, attributed to the Russia-linked hacking group Sandworm. Researchers from ESET analyzed the malware involved and determined that the attack was one of the largest targeting Poland's energy infrastructure. The involvement of Sandworm, known for its previous cyber operations, raises concerns about the security of critical national systems. This incident not only endangers the stability of Poland's energy supply but also highlights the ongoing risks posed by state-sponsored cyber threats in Europe. As nations increasingly rely on digital infrastructure, the implications for energy security and national defense become more pronounced.

A newly discovered vulnerability in VMware products allows attackers to execute remote code by sending specially crafted network packets. This critical-severity flaw poses a serious risk for organizations using affected VMware systems, as it could lead to unauthorized access and control over their networks. VMware has not specified which products are impacted, but the nature of the vulnerability suggests that any systems relying on VMware technologies could be at risk. Companies should prioritize patching their systems as soon as updates are available to prevent potential exploitation. The urgency is heightened as this vulnerability is now a target for attackers.

A new ransomware strain called Osiris was identified in a November 2025 attack targeting a significant food service franchise in Southeast Asia. Researchers from Symantec and Carbon Black reported that the attackers used a malicious driver known as POORTRY through a technique called Bring Your Own Vulnerable Driver (BYOVD) to disable security tools. This method allowed the ransomware to operate without detection, posing a serious risk to the affected organization. With ransomware attacks on the rise, this incident highlights the need for companies to strengthen their defenses against evolving tactics. The incident serves as a reminder for businesses to continuously update their security measures and remain vigilant against such threats.

The North Korean hacker group Konni is targeting blockchain developers and engineers with malware created using artificial intelligence. This new form of PowerShell malware is designed to infiltrate systems and steal sensitive information from individuals working in the blockchain sector. As the blockchain industry continues to grow, these attacks pose a significant risk to its security and the integrity of its projects. Developers in this field need to be particularly vigilant and ensure they have the latest security measures in place to protect against these sophisticated threats. The use of AI in malware creation represents a concerning evolution in cybercrime tactics, making it harder for security professionals to defend against such attacks.

Nike is currently investigating a potential security incident after the WorldLeaks cybercrime group claimed to have stolen sensitive data from the company. The attackers have threatened to leak this information if their demands are not met. This situation raises concerns about the security of customer data and proprietary company information, which could lead to significant reputational damage for Nike. As the investigation unfolds, it is important for users and stakeholders to stay informed about the nature of the data involved and any implications for their privacy and security. Companies like Nike must remain vigilant to protect against such threats as cybercriminals continue to target large organizations.

Researchers have discovered a critical vulnerability in the GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, which has remained unnoticed for nearly 11 years. This flaw affects all versions from 1.9.3 to 2.7 and has a high severity score of 9.8, indicating a significant risk. If exploited, attackers could gain root access to affected systems, posing a serious threat to security. This vulnerability impacts a variety of systems that rely on GNU InetUtils, making it imperative for users and organizations to address this issue promptly. As this flaw has been present for so long, it raises concerns about the security practices in place for maintaining software.

The SagaEVM blockchain has suspended its operations after a significant security breach that resulted in the theft of nearly $7 million in cryptocurrency assets. The incident, reported by Cybernews, raises concerns about the safety and security of blockchain technologies, particularly for investors and users involved with SagaEVM. This event not only impacts the immediate financial stability of the platform but also shakes user confidence in blockchain security as a whole. As the cryptocurrency landscape continues to evolve, incidents like this underscore the necessity for robust security measures and protocols within blockchain systems. Users and stakeholders will need to stay informed about the situation as it develops.