VulnHub

Amazon Web Services (AWS) has released an updated compliance report for its Payment Cryptography service, confirming that it meets Payment Card Industry Personal Identification Number (PCI PIN) standards. This update follows a thorough audit by a Qualified Security Assessor (QSA). The compliance package is now available on AWS's compliance portal and includes an Attestation of Compliance (AOC) as well as additional documentation. This is significant for businesses using AWS Payment Cryptography, as it assures them that the service adheres to stringent security measures for handling payment data. Ensuring compliance not only helps protect sensitive information but also builds trust with customers who rely on secure payment processing.

Nike is currently investigating a potential data breach following claims from the WorldLeaks cybercrime group that they accessed and stole information from the company’s systems. The company has acknowledged the situation and is working to determine the extent of the security incident. This investigation comes at a time when many companies are facing increasing threats from hackers looking to exploit vulnerabilities for sensitive data. If the claims are verified, it could lead to serious implications for Nike, affecting customer trust and potentially exposing personal information. The outcome of Nike’s investigation will be closely watched, as it may reveal more about the tactics used by cybercriminals today.

Microsoft is looking into issues with some Windows 11 devices that are failing to boot after users installed the January 2026 Patch Tuesday security updates. Affected users are encountering 'UNMOUNTABLE_BOOT_VOLUME' errors, which prevent their systems from starting up properly. This situation could disrupt the workflow of many individuals and organizations that rely on Windows 11 for daily operations. Microsoft has not yet provided a specific fix or workaround for the problem, leaving users uncertain about how to resolve the issue. The investigation is ongoing as the company seeks to identify the root cause of the boot failures and implement a solution.

In a recent incident, the FBI accessed the BitLocker recovery keys of Windows laptops after Microsoft shared these keys as part of a legal request. This situation raises significant concerns about user privacy and data security, as it reveals how easily law enforcement can obtain sensitive information stored on personal devices. Affected users include anyone using Windows laptops that utilize BitLocker encryption for data protection. The implications are serious; users may feel their encrypted data is not as secure as previously thought, prompting a reevaluation of reliance on built-in security features. This incident serves as a reminder that while encryption is a valuable tool, it does not guarantee absolute privacy when legal authorities are involved.

In late December 2025, the Russian hacking group Sandworm attempted a significant cyber attack on Poland's power sector, described by officials as the largest of its kind targeting the country's energy infrastructure. The attack involved a new type of malware called DynoWiper, which was designed to disrupt power operations. Fortunately, the attack was thwarted, and Poland's energy minister, Milosz Motyka, confirmed that the country's cyberspace forces detected and responded to the threat in time. This incident emphasizes the ongoing risks facing critical infrastructure from state-sponsored actors and highlights the importance of robust cybersecurity measures in protecting essential services. As cyber threats continue to evolve, organizations must remain vigilant to safeguard against potential disruptions.

A recent data leak has exposed millions of account credentials from various platforms, including Gmail, Facebook, and numerous financial services. This dataset contains sensitive information, potentially affecting countless users who have accounts on these platforms. The breach raises serious concerns about identity theft and fraud, as attackers may exploit this data for malicious activities. Users are urged to change their passwords immediately and enable two-factor authentication where available. This incident highlights the ongoing challenges of online security, reminding everyone of the importance of safeguarding personal information.

A serious vulnerability has been discovered in all versions of GNU InetUtils telnetd, specifically those ranging from 1.9.3 to 2.7. This flaw, which allows remote attackers to bypass authentication, has gone unnoticed for nearly 11 years. Given the age of this issue, many systems may still be running vulnerable versions, putting users at risk. The discovery emphasizes the need for organizations to audit their systems and ensure they are not using outdated software. Users and administrators should take immediate action to update or patch their systems to mitigate potential exploitation.

Recent research has revealed that attackers can now conduct more efficient intrusions targeting page caches in Linux systems. The study highlights vulnerabilities in how Linux manages memory, particularly in the page cache, which can be manipulated to access sensitive information. This development poses a risk to a wide range of Linux distributions, potentially affecting servers and workstations that rely on this operating system. As the efficiency of these attacks increases, companies and users need to be aware of the potential for data breaches and take preventive measures. It’s crucial for system administrators to stay informed and implement appropriate security protocols to mitigate these risks.