Date of Incident: January 27, 2026 Overview: The NationStates data breach, reported on February 2, 2026, involved an unauthorized remote code execution on the company’s production server on January 27, 2026. Attackers accessed and copied user data, including email addresses, MD5 hashed passwords, IP addresses, UserAgent strings, and potential private messages. The website was taken… Read More »NationStates data breach
Three actively exploited zero-days, two CVSS 10.0 flaws, and critical supply chain compromises. Threat activity spans infrastructure (Cisco, Microsoft, Fortinet), AI/DevOps platforms (n8n, Chainlit, Zoom), and legacy systems. Dominant pattern: improper input validation enabling unauthenticated infrastructure takeover. Key Metrics: 3 zero-days exploited | 2 CVSS 10.0 flaws | 509 GB (ASRock Rack) + 861 GB… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 13 Jan- 19 Jan 2026
The first full operational week of 2026 (January 7-12) shattered expectations with a cascade of maximum-severity vulnerabilities and mass-scale data exposures. The week was dominated by Cyera’s disclosure of CVE-2026-21858 (Ni8mare)-a CVSS 10.0 unauthenticated RCE in n8n workflow automation affecting ~100,000 instances globally-and the re-emergence of 17.5 million Instagram user records on dark web forums,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 7 Jan – 12 Jan 2026
On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call
Date of Incident: 2025-11-21 Overview: The University of Phoenix experienced a data breach on November 21, 2025, which was reported on December 3, 2025. This breach affected the education sector, compromising sensitive personal and financial information of current and former students, employees, faculty, and suppliers. Attackers exploited vulnerabilities in the Oracle E-Business Suite, specifically through… Read More »University of Phoenix Oracle E-Business Suite Data Breach