Russian-linked threat actors actively exploit newly patched Microsoft office zero day in targeted attacks
Ukraine’s CERT-UA reported that Russian-linked hackers are exploiting a recently patched Office zero day (CVE-2026-21509) via malicious documents in targeted campaigns.
The zero day was patched late January, but exploit activity persisted, showing how attackers rapidly weaponize fresh disclosures before widespread patching.
Malicious Office content delivered through phishing continues to be a primary initial access vector for strategic intrusion activity.
High‑severity n8n vulnerabilities leave automation servers exposed to immediate RCE attacks
Security researchers disclosed multiple high-severity vulnerabilities in n8n that include sandbox escape and remote code execution, with public exploit code available.
These flaws impact automation servers that often manage tokens and credentials for downstream services, increasing blast radius if exploited.
Exposed or poorly segmented n8n instances are at risk of compromise, leading to full host access via automated workflows.
Fintech giant Betterment reports major data exposure affecting 1.4 million users
Betterment confirmed that a breach of its internal systems resulted in unauthorized access and the exposure of 1.4 million customer accounts, including email and other personal data.
The incident underscores how credential theft and unauthorized access remain major operational vectors, especially when multifactor gaps or session reuse are involved.
Exposure of this scale increases phishing, identity theft, and fraud risks against downstream services relying on Betterment credentials.
Global “Shadow Campaigns” operation Hits 155 countries in state‑backed espionage effort
Researchers reported a state-linked threat group (tracked as TGR-STA-1030/UNC6619) has conducted global-scale operations dubbed “Shadow Campaigns,” with reconnaissance and compromise activity spanning networks in 155 countries.
The campaigns focused on a wide range of critical entities — including government ministries, border control, finance, trade, energy and diplomatic agencies — with at least 70 confirmed network compromises.
This level of targeting illustrates persistent, high-sophistication behavior beyond commodity malware, combining reconnaissance, credential theft and lateral trust exploitation.
Ransomware incident at BridgePay triggers major disruption to U.S. payment processing
A major U.S. payment gateway provider, BridgePay Network Solutions, confirmed that a ransomware attack caused a nationwide service outage, knocking key systems offline and disrupting merchant payments and API services.
The incident led to merchants reporting cash-only operations amid the outage and prompted federal law enforcement and forensic engagement.
Although early analysis indicates no evidence of stolen payment card data, the disruption of core transaction infrastructure highlights how ransomware impacts real-world commerce continuity.