Delta, a prominent Russian provider of alarm and security systems, has experienced a significant cyberattack, leading to widespread service disruptions. The attack, described as large-scale and coordinated, has affected the company's operations.

CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.

A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.

A critical vulnerability, CVE-2026-22709, has been identified in the vm2 Node.js sandbox library, which allows attackers to escape the sandbox and execute arbitrary code on the host system.

Nike is investigating a potential cybersecurity incident after World Leaks claimed to have stolen and leaked 1.4TB of corporate data, including nearly 190,000 files related to business operations.

Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.

A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.

A recent phishing scam has been identified, exploiting a legitimate Microsoft email address to deliver scam emails. This advisory provides details on the scam's operation and its implications.

Microsoft has released an emergency update to address a critical 0-day bugaffecting Microsoft Office 2016–2024 and Microsoft 365 Apps. This bug is actively exploited in the wild and allows attackers to bypass security features.

A significant data breach at Cytek Biosciences, a medical manufacturer based in Fremont, California, has been attributed to the ransomware group Rhysida. This breach has compromised sensitive personal and financial information of 331 individuals.