VulnHub

Poland's energy sector recently faced a severe cyber attack attributed to the Russian hacking group Sandworm. This incident involved a wiper malware that aimed to disrupt the functioning of the power grid, posing significant risks to the country's energy stability. Authorities have raised alarms about the potential for further attacks, as Sandworm is known for its destructive tactics and has previously targeted critical infrastructure. The implications of this attack extend beyond Poland, reflecting ongoing geopolitical tensions and the vulnerability of national infrastructures to cyber warfare. As the situation develops, experts urge energy companies to enhance their cybersecurity measures to prevent similar incidents in the future.

Russian hackers known as Sandworm have been accused of launching a cyberattack on Poland's power grid using data-wiping malware. This incident comes a decade after they disrupted the Ukrainian power grid, indicating a pattern of targeting critical infrastructure in Eastern Europe. The attack poses significant risks, not only to Poland's energy supply but also raises concerns about regional security and the potential for similar incidents in other countries. As tensions between Russia and NATO continue, this incident could escalate fears about cyber warfare and its impact on national security. Authorities are investigating the attack and assessing the full extent of its impact on the power grid operations.

In December 2025, Poland experienced a significant cyber attack on its power grid, attributed to the Russia-linked hacking group Sandworm. Researchers from ESET analyzed the malware involved and determined that the attack was one of the largest targeting Poland's energy infrastructure. The involvement of Sandworm, known for its previous cyber operations, raises concerns about the security of critical national systems. This incident not only endangers the stability of Poland's energy supply but also highlights the ongoing risks posed by state-sponsored cyber threats in Europe. As nations increasingly rely on digital infrastructure, the implications for energy security and national defense become more pronounced.

A newly discovered vulnerability in VMware products allows attackers to execute remote code by sending specially crafted network packets. This critical-severity flaw poses a serious risk for organizations using affected VMware systems, as it could lead to unauthorized access and control over their networks. VMware has not specified which products are impacted, but the nature of the vulnerability suggests that any systems relying on VMware technologies could be at risk. Companies should prioritize patching their systems as soon as updates are available to prevent potential exploitation. The urgency is heightened as this vulnerability is now a target for attackers.

Researchers have discovered a critical vulnerability in the GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, which has remained unnoticed for nearly 11 years. This flaw affects all versions from 1.9.3 to 2.7 and has a high severity score of 9.8, indicating a significant risk. If exploited, attackers could gain root access to affected systems, posing a serious threat to security. This vulnerability impacts a variety of systems that rely on GNU InetUtils, making it imperative for users and organizations to address this issue promptly. As this flaw has been present for so long, it raises concerns about the security practices in place for maintaining software.

Cyber Centaurs, a digital forensics firm, discovered critical attacker infrastructure while investigating a ransomware incident involving a U.S. client. This operational security lapse allowed the firm to recover data that the attackers had encrypted. The incident serves as a reminder of the vulnerabilities that organizations face when dealing with ransomware, particularly if they fail to maintain strict security protocols. Companies should take this case as a warning to enhance their cybersecurity measures, as ransomware attacks can have devastating consequences for both data integrity and business operations. The recovery of the data also raises questions about the methods used by attackers and the potential for further exploitation of the exposed infrastructure.

In 2025, various hacktivist groups such as Z-Pentest, Dark Engine, and Sector 16 ramped up their attacks on critical infrastructure, specifically targeting industrial control systems (ICS), operational technology (OT), and Human Machine Interface (HMI) environments. These attacks pose significant risks as they can disrupt essential services that rely on these systems, including utilities and manufacturing processes. By focusing on ICS and OT, these groups are not just seeking to cause chaos but are also likely aiming to draw attention to specific political or social issues. This increase in activity highlights the vulnerabilities in these crucial sectors and raises concerns about the potential for more severe consequences if these systems are compromised. Companies and organizations that manage such infrastructure need to bolster their cybersecurity defenses to prevent potential disruptions.

Hackers are actively exploiting a serious vulnerability in the GNU InetUtils telnetd server that has been around for 11 years. This flaw allows attackers to bypass authentication and gain root access, which poses a significant risk to systems still using this service. Organizations that rely on telnetd are at risk of unauthorized access, potentially leading to data breaches or system compromise. Security experts are urging affected users to address this vulnerability immediately to prevent exploitation. Given the age of the flaw, many systems might still be running unpatched versions, making them easy targets for attackers.