Cyber Insights 2025: OT Security

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. “In vm2 for version 3.10.0, Promise.prototype.then…

Noteworthy stories that might have slipped under the radar: several multi-million dollar settlements, CrowdStrike-themed phishing emails, and MITRE launches D3FEND 1.0. The post In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0  appeared first on SecurityWeek.

Cisco has confirmed that 4 Gb of data leaked by a hacker is authentic and related to a recently disclosed security incident.  The post Cisco Confirms Authenticity of Data After Second Leak appeared first on SecurityWeek.

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to…

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites. “Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan

The Associated Press reports: Investigators concluded in a report released Wednesday that the leak of a Wisconsin Supreme Court abortion order last year was likely deliberate, but they were unable to determine who was responsible. The June leak of a draft order showed the court would take a case brought by Planned Parenthood, which is seeking to declare…