Latest Internet & Cybersecurity News
Massive Instagram Data Breach Exposes 17.5 Million Users Globally
Security researchers reported that a **data leak affecting about 17.5 million Instagram accounts** is circulating on dark‑web forums, with records allegedly harvested via an “API leak” in late 2024. The dataset includes full names, usernames, verified email addresses, phone numbers, user IDs and location data, and has triggered waves of unsolicited password‑reset emails, raising risks of SIM‑swapping, phishing, and account takeover attacks.
FBI Warns of North Korea‑Linked Kimsuky ‘Quishing’ Campaigns
The FBI issued an alert that **North Korea–linked APT group Kimsuky** is targeting governments, think tanks, and academic institutions using “quishing” attacks that abuse QR codes in phishing. Victims are lured to credential‑harvesting pages or malware via QR codes embedded in emails and documents, underlining the expanding use of QR‑based social‑engineering techniques.
China‑Linked Cyberattacks on Taiwan’s Critical Infrastructure Surge Tenfold
Taiwan’s National Security Bureau reported that **China‑linked groups ramped up cyberattacks on its energy sector and other critical infrastructure**, with attacks on the energy sector alone increasing tenfold in 2025. Overall incidents against nine key sectors rose 6%, reinforcing concerns that cyber operations are being used to pressure Taiwan’s economy and government.
Critical ‘Ni8mare’ Vulnerability in n8n Automation Platform Allows Full Takeover
Researchers disclosed **CVE‑2026‑21858, dubbed “Ni8mare,” a CVSS 10.0 flaw in n8n** that lets unauthenticated attackers gain complete control of vulnerable workflow‑automation instances. Exploitation could expose API keys, credentials, and integrated services, with experts urging immediate patching and network restriction of exposed n8n deployments.
Legacy D‑Link DSL Routers Under Active Exploit for Remote Code Execution
Threat actors are actively exploiting a **critical remote code‑execution flaw (CVE‑2026‑0625)** in older D‑Link DSL routers, allowing attackers to execute commands remotely without authentication. Since many of these devices are end‑of‑life and unpatched, they risk being hijacked into botnets or used as footholds into home and small‑office networks.
Trend Micro Apex Central Remote Code Execution Bugs Draw Exploit Interest
Trend Micro issued advisories for **critical vulnerabilities in Apex Central on‑premise** that could enable unauthenticated remote code execution and denial‑of‑service attacks on management servers. Security outlets note that proof‑of‑concept exploit code is available for at least one RCE (tracked separately as CVE‑2025‑69258), increasing the urgency for enterprises to apply patches and restrict external exposure.
Critical Undertow HTTP Server Flaw Threatens Java Applications
Researchers disclosed a **serious vulnerability in the Undertow HTTP server core** used by Java platforms such as WildFly and JBoss EAP, which can allow attackers to hijack sessions in affected applications. Because Undertow underpins many Java‑based web services, unpatched deployments could face session fixation or takeover attacks impacting confidentiality and integrity of user data.
SmarterMail Pre‑Auth RCE Rated 10.0 CVSS, PoC Released
A **critical pre‑authentication remote code‑execution vulnerability in SmarterTools SmarterMail** has been revealed, scoring 10.0 on the CVSS severity scale. Public proof‑of‑concept exploit code is available, meaning exposed mail servers could be quickly compromised to steal email, pivot into corporate networks, or distribute malware.
Europol Arrests 34 Black Axe Members Over Large‑Scale Online Fraud
Europol announced the **arrest of 34 suspected Black Axe members in Spain** over alleged involvement in €5.9 million of online fraud and organized cybercrime. The group is accused of running business email compromise, romance scams and other Internet‑enabled schemes, illustrating ongoing law‑enforcement pressure on transnational cyber‑fraud networks.
CISA Retires Ten Cyber Emergency Directives After Security Milestone
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated it has **retired ten Emergency Directives issued between 2019 and 2024**, marking a significant security‑program milestone. The move indicates that federal agencies have implemented long‑term fixes for previously urgent vulnerabilities, shifting focus toward sustained resilience rather than constant crisis response.
OWASP Core Rule Set Bug Lets Attackers Bypass WAF Charset Validation
A newly disclosed **vulnerability in the OWASP Core Rule Set (CRS)** allows attackers to bypass charset validation in multipart form data, weakening protections in many web‑application firewalls. Since OWASP CRS is widely deployed, maintainers urge prompt updates to prevent attackers from slipping malicious payloads past default WAF rules.
Hospitals and Health Platforms Report New Data Breaches
Vida Y Salud Health Systems in Texas confirmed that **34,504 state residents’ medical and financial data** may have been accessed during an intrusion in October 2025, with law firms now mobilizing around the case. Separately, New Zealand’s Manage My Health platform began notifying practices about a **cyber incident affecting roughly 125,000 of its 1.8 million users**, highlighting continuing pressure on healthcare data privacy worldwide.
Eurail Reports Customer Data Security Incident in Europe
Rail pass provider **Eurail B.V. disclosed a security breach** involving unauthorized access to customer data in its systems, revealed in a notice from its headquarters in Utrecht. The company is investigating the scope and nature of the data accessed and has begun implementing additional safeguards and notifications in line with EU data‑protection obligations.