Taking the shine off BreachForums

Mezha reports: As reported in the court’s verdict: In Khmelnytskyi, a court sentenced a 16-year-old girl for transmitting data about military facilities to a Russian intelligence officer who paid 3,802 hryvnias for it. She admitted her guilt, and the court’s verdict confirmed the facts of cooperation with a foreign agent. The decision is described in the……

Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. “In vm2 for version 3.10.0, Promise.prototype.then…

Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP. The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek.

Gabriela Kennedy, Joanna K.C. Wong, and Roslie Liu of Mayer|Brown write: On 1 January 2026, the Office of the Commissioner of Critical Infrastructure (Computer-system Security) issued a Code of Practice (the “CoP”) under the Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) (the “Ordinance”), which came into force on the same day (see our……

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links…