Nike is currently looking into a potential data breach after the World Leaks ransomware group leaked 1.4 terabytes of files that they claim to have stolen from the company. This incident raises concerns about the security of sensitive information held by one of the largest sportswear brands in the world. The leaked files could potentially contain customer data, company secrets, or other critical information, which might lead to further extortion attempts or data misuse. Nike's investigation is crucial not only for the company's reputation but also for the safety of its customers and business partners. As the situation unfolds, it highlights the ongoing threat posed by ransomware gangs targeting major corporations.
Articles tagged "Critical"
Found 915 articles
A critical vulnerability has been identified in Grist-Core, a platform used for data management and collaboration. This security flaw allows attackers to escape the sandbox environment, leading to remote code execution through a malicious formula. Essentially, this means that someone could potentially run arbitrary code on the systems where Grist-Core is deployed, which poses a significant risk to users. Organizations using this software need to act quickly to protect their data and systems from exploitation. The details about the specific versions affected have not been disclosed, but the urgency of the situation suggests that immediate attention is required to prevent potential breaches.
Researchers have discovered a critical vulnerability in the vm2 library, a popular Node.js sandbox used to execute untrusted code. This security flaw, identified as CVE-2026-22709, enables attackers to escape the sandbox environment and execute arbitrary code on the host system. This poses a significant risk to applications that rely on this library for secure code execution. Developers using vm2 should take immediate action to protect their systems, as the implications could lead to unauthorized access and control over sensitive data. It's crucial for users to stay informed about this vulnerability and implement necessary safeguards to prevent exploitation.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Poland successfully thwarted a cyberattack involving Russian wiper malware aimed at its power and heating plants. This incident, which could have led to significant outages during the winter months, was detected and blocked by Polish officials before any damage occurred. The government has responded by tightening cybersecurity regulations to bolster defenses against potential future attacks. This incident underscores the ongoing tensions between Poland and Russia, particularly regarding cybersecurity threats to critical infrastructure. The prevention of this attack is crucial for maintaining energy stability during colder months, which could have severe implications for public safety and the economy.
The Hacker News
Cybersecurity researchers have identified a JavaScript-based command-and-control framework named PeckBirdy, which has been utilized by China-aligned hackers since 2023. This framework has primarily targeted the Chinese gambling industry, as well as various Asian government entities and private organizations. Trend Micro reports that the flexibility of PeckBirdy allows these attackers to adapt their methods for different environments. The use of such sophisticated tools raises concerns about the security of critical sectors, especially in regions where these attacks are focused. It's crucial for organizations in the affected areas to enhance their security measures to defend against these ongoing threats.
Researchers from SEC Consult have identified over 20 vulnerabilities in Dormakaba's physical access control systems, specifically those using the exos 9300 platform. These flaws could allow attackers to remotely unlock doors at major organizations, posing a significant security risk. The vulnerabilities are serious enough that they could be exploited to gain unauthorized access to sensitive areas within facilities. Organizations using Dormakaba systems should prioritize applying any patches or updates provided by the vendor to mitigate these risks. This discovery raises concerns about the security of physical access controls, which are essential for protecting sensitive locations.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide aimed at helping federal agencies transition to post-quantum encryption. The guide serves as a 'shopping list' for tech buyers looking to upgrade their systems to protect against potential threats posed by quantum computing. However, many security professionals are skeptical, noting that most existing products and internet protocols are still not ready for this transition. This raises concerns about the overall preparedness of agencies to defend against future quantum attacks. As quantum technology advances, the need for updated encryption methods becomes increasingly urgent, making this guide a critical resource for agencies planning their cybersecurity strategies.
SCM feed for Latest
A serious vulnerability has been discovered in Appsmith, an open-source low-code application platform, tracked as CVE-2026-22794. This flaw affects the authentication process, allowing attackers to hijack user accounts. Researchers have confirmed that this vulnerability is currently being exploited in the wild, raising significant concerns for organizations using the platform. Users of Appsmith should act quickly to secure their accounts and systems to prevent unauthorized access. As the exploitation of this vulnerability poses a real threat, it’s crucial for affected users to stay informed and take necessary precautions.
Researchers have linked a failed cyberattack on Poland's power grid to the Russian hacking group Sandworm, known for its disruptive wiper attacks on critical infrastructure. This incident marks a significant concern for national security, as it highlights the ongoing threat posed by state-sponsored actors targeting essential services. While the attack did not succeed, it raises alarms about the resilience of power systems and the potential for future incidents that could disrupt energy supplies. As countries like Poland continue to face increasing cyber threats, the need for robust cybersecurity measures becomes even more pressing to protect vital infrastructure from malicious actors.
SCM feed for Latest
On December 29, 2025, the Sandworm hacking group attempted a cyberattack on Poland's power infrastructure, deploying a new wiper malware called DynoWiper. This malware is designed to erase data and disrupt operations, posing a significant threat to critical systems. ESET, the cybersecurity firm that reported the incident, noted that the attack could have serious implications for power stability and national security in Poland. As the incident unfolds, it raises concerns about the vulnerabilities in power grids and the potential for similar attacks on other nations. The situation underscores the ongoing risks posed by state-sponsored cyber activities.
Poland recently thwarted a cyberattack aimed at its energy infrastructure, attributed to suspected Russian hackers. The attack occurred on December 29 and 30, 2025, targeting two combined heat and power plants and a system that manages electricity from renewable sources like wind and solar. Fortunately, the malware designed to wipe data failed to execute its intended damage. This incident emphasizes the ongoing risks that critical infrastructure faces from cyber threats, particularly from state-sponsored actors, and highlights the importance of robust cybersecurity measures in the energy sector to protect against such attacks in the future.
The Hacker News
This week, cybersecurity experts noted a series of vulnerabilities and security incidents that demonstrate how attackers are exploiting both old and new methods to breach systems. Flaws in firewalls and browser-based traps are particularly concerning, as they reveal weaknesses in tools that users often trust. These security lapses suggest that just because a software issue has been patched doesn't mean it is safe. The ongoing evolution of malware, including AI-generated variants, presents a significant challenge for companies trying to defend against increasingly sophisticated threats. Organizations need to stay vigilant and update their defenses regularly to protect against these emerging risks.
Poland's energy sector recently faced a severe cyber attack attributed to the Russian hacking group Sandworm. This incident involved a wiper malware that aimed to disrupt the functioning of the power grid, posing significant risks to the country's energy stability. Authorities have raised alarms about the potential for further attacks, as Sandworm is known for its destructive tactics and has previously targeted critical infrastructure. The implications of this attack extend beyond Poland, reflecting ongoing geopolitical tensions and the vulnerability of national infrastructures to cyber warfare. As the situation develops, experts urge energy companies to enhance their cybersecurity measures to prevent similar incidents in the future.
Russian hackers known as Sandworm have been accused of launching a cyberattack on Poland's power grid using data-wiping malware. This incident comes a decade after they disrupted the Ukrainian power grid, indicating a pattern of targeting critical infrastructure in Eastern Europe. The attack poses significant risks, not only to Poland's energy supply but also raises concerns about regional security and the potential for similar incidents in other countries. As tensions between Russia and NATO continue, this incident could escalate fears about cyber warfare and its impact on national security. Authorities are investigating the attack and assessing the full extent of its impact on the power grid operations.
Security Affairs
In December 2025, Poland experienced a significant cyber attack on its power grid, attributed to the Russia-linked hacking group Sandworm. Researchers from ESET analyzed the malware involved and determined that the attack was one of the largest targeting Poland's energy infrastructure. The involvement of Sandworm, known for its previous cyber operations, raises concerns about the security of critical national systems. This incident not only endangers the stability of Poland's energy supply but also highlights the ongoing risks posed by state-sponsored cyber threats in Europe. As nations increasingly rely on digital infrastructure, the implications for energy security and national defense become more pronounced.