VulnHub

A recent cyberattack linked to Russian hackers, specifically the Sandworm/Electrum group, has targeted the Polish power grid, affecting communication and control systems at 30 different sites. As a result of this intrusion, several Industrial Control Systems (ICS) devices have been rendered inoperable, or 'bricked.' This incident raises concerns not only about the immediate impact on Poland's energy infrastructure but also about the broader implications for critical infrastructure security across Europe. The attack reflects ongoing tensions in the region and highlights vulnerabilities in essential services that could have far-reaching consequences if exploited further.

Ivanti has released patches for two critical vulnerabilities in its EPMM (Enterprise Mobile Management) software that could let attackers execute arbitrary code remotely without authentication. These vulnerabilities are serious because they can be exploited by anyone with internet access to take control of affected systems. Organizations using the EPMM platform should prioritize applying these updates to prevent potential breaches. The vulnerabilities were discovered to be actively exploited in the wild, which means companies are at risk if they do not take immediate action. This incident underscores the need for regular software updates and vigilance in cybersecurity practices.

Ivanti has revealed two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities are currently being exploited in zero-day attacks, meaning attackers have already taken advantage of them before any fix was made available. Organizations using EPMM are at risk, as these flaws could allow unauthorized access to sensitive mobile device management functions. The situation is urgent, as the vulnerabilities are actively being exploited in the wild, which could lead to data breaches or unauthorized control over managed devices. Users and companies are advised to monitor for updates and take immediate action to secure their systems.

In late December, Poland's energy grid experienced a coordinated cyberattack that affected around 30 facilities nationwide. The attackers targeted various distributed energy resources, including combined heat and power plants, as well as wind and solar energy systems. This incident raises concerns about the security of critical infrastructure, as energy systems are essential for everyday life and economic stability. The attack not only disrupted operations but also highlighted vulnerabilities in the energy sector that could be exploited in the future. Authorities are likely to investigate the incident further to bolster defenses against potential future threats.

Fortinet has confirmed a new zero-day vulnerability that is allowing attackers to exploit single sign-on (SSO) authentication for malicious logins. In response to the ongoing attacks, the company has temporarily disabled FortiCloud SSO authentication across all devices to mitigate the risk. This means that users relying on this feature for secure access may face disruptions while Fortinet works on a solution. The situation is particularly concerning as it puts sensitive information at risk and could lead to unauthorized access to critical systems. Companies using Fortinet products should monitor the situation closely and be prepared to implement any updates once they are released.

Fortinet has issued patches for a serious vulnerability in its FortiOS software, identified as CVE-2026-24858, which has been actively exploited by attackers. This flaw allows unauthorized users to bypass Single Sign-On (SSO) authentication, posing a significant risk to organizations using affected systems. The vulnerability has a high CVSS score of 9.4, indicating its severity. It impacts several products, including FortiOS, FortiManager, and FortiAnalyzer. Companies utilizing these systems should prioritize applying the available patches to protect against potential breaches.

Recent analysis by Zscaler has revealed alarming security vulnerabilities in enterprise AI systems, with every system examined showing at least one critical flaw. The findings indicate that 90% of these systems can be compromised in less than 90 minutes. This is particularly concerning as businesses increasingly rely on AI tools for various operations. The implications are serious, as these vulnerabilities could lead to data breaches and unauthorized access to sensitive information. Companies utilizing AI technology must prioritize security measures to protect their systems and data from potential attacks.

Cybersecurity researchers have identified that a group known as Mustang Panda, believed to be linked to the Chinese government, is using an updated backdoor called COOLCLIENT in cyber espionage campaigns. These attacks, which have been ongoing in 2025, primarily target government entities, allowing the attackers to steal sensitive data from compromised systems. This new version of COOLCLIENT enhances the group's capabilities, raising concerns about the potential for significant data breaches in critical government sectors. The implications of these attacks could lead to compromised national security and the exposure of sensitive governmental information. Organizations, especially those in the public sector, need to bolster their security measures to protect against such sophisticated threats.