Latest Internet & Cybersecurity News
Massive Instagram Data Breach Exposes 17 Million User Records
Security researchers found a dataset on BreachForums advertising **17 million Instagram user records** from a 2024 API leak, disclosed publicly by a threat actor named “Solonik.” The data reportedly includes usernames, emails, phone numbers, location data, and other identifiers, significantly increasing risks of phishing, account takeover, and identity fraud for affected users.
Cyberattacks on Taiwan’s Critical Infrastructure Surge Tenfold
Taiwan’s National Security Bureau reported that **China-linked cyber intrusions against critical infrastructure averaged 2.63 million attempts per day last year**, with attacks on the energy sector jumping **1,000%** from 2024. Intrusions on emergency services and hospitals also rose 54%, underscoring escalating state-aligned cyber pressure on essential services.
Ransomware Breach Hits Texas Gas Station Operator, Exposing 377,000 Customers
Gulshan Management Services, a Texas-based gas station firm, disclosed a breach where hackers accessed systems containing data on **377,082 customers**, including 54 residents of Maine. The intrusion, occurring between September 17–27, 2025, compromised names and other personal identifiers that could be weaponized for fraud and identity theft.
European Space Agency, Ledger, and Brightspeed Suffer Major Data Breaches
Recent reporting highlights a wave of major breaches: the **European Space Agency lost over 200 GB of data**, including API tokens and source code, in an attack on engineering servers. A vendor breach at **Ledger** exposed contact data of 292,000 customers, while **Brightspeed Telecom** was hit by Crimson Collective ransomware, compromising over one million customer records with personal details.
Critical Vulnerabilities Disclosed in Trend Micro Apex Central
Trend Micro issued a security advisory for **three severe vulnerabilities** in on‑premise Apex Central that allow remote code execution and denial‑of‑service attacks if exploited. Because Apex Central is widely used for centralized security management, unpatched systems could give attackers elevated control across an organization’s endpoints.
OWASP Core Rule Set Flaw Enables Web Application Firewall Bypass
Researchers disclosed a critical bug in the **OWASP Core Rule Set (CRS)** that lets attackers bypass charset validation in multipart form data, undermining some Web Application Firewall protections. Exploitation could allow malicious payloads to slip past defenses into web applications that rely on CRS for input filtering.
Undertow HTTP Server Bug Threatens Millions of Java Applications
A serious vulnerability in the **Undertow HTTP server core** affects Java applications built on WildFly, JBoss EAP, and similar platforms, enabling attackers to hijack user sessions. Because Undertow underpins many enterprise Java deployments, the flaw could expose large numbers of apps to session takeover and data theft if not patched.
Pre‑Auth Remote Code Execution Flaw in SmarterMail with Public Exploit
Security researchers revealed a **CVSS 10.0 pre‑authentication remote code execution** vulnerability in SmarterTools SmarterMail, with a proof‑of‑concept exploit already released. The bug allows attackers to fully compromise vulnerable mail servers over the internet, making rapid patching and exposure reduction critical for operators.
AI Infrastructure Under Active Attack, with 91,000+ Malicious Sessions Logged
New research documents a surge of attacks on **AI deployments**, with more than **91,000 malicious sessions** targeting AI infrastructure between October 2025 and early 2026. Adversaries are probing AI APIs, model endpoints, and associated cloud resources, signaling that machine‑learning stacks are becoming a prime target alongside traditional web and email systems.
Kaspersky and ENISA Warn of Intensifying Financial-Sector Cyber Threats
A 2025–2026 threat report cited by RadioCSIRT notes that **12.8% of B2B financial organizations** faced ransomware over twelve months, with 1.33 million banking Trojan attacks blocked. ENISA identifies North Korea’s **Lazarus Group** as a primary state-aligned threat to EU financial institutions, linked to the Bangladesh Bank SWIFT heist and over $1 billion in cryptocurrency thefts since 2018.
MuddyWater Deploys New RustyWater Remote Access Trojan via Spear‑Phishing
The Iranian-linked APT group **MuddyWater** has launched a new Rust-based RAT dubbed **RustyWater**, delivered through spear‑phishing emails using malicious Word macros against organizations in the Middle East. The malware provides persistent remote access and is part of a broader trend of state-backed actors adopting modern languages like Rust to evade detection and complicate analysis.
Global Regulators Tighten Cybersecurity and Incident Reporting Requirements
Analysts highlight that 2026 is bringing **stricter cyber regulations**, including deeper reporting and breach disclosure rules from U.S. agencies such as the SEC and FTC. In parallel, the EU’s **NIS2 Directive** and **DORA** are hitting key operational deadlines, raising security and resilience expectations for critical and financial entities across Europe.