Massive 149M Credential Leak, Sandworm's 'DynoWiper' Targets Poland, and FortiGate Firewalls Breached Despite Patches

Unprotected Database Exposes 149 Million Unique Login Credentials from Infostealer Malware Logs

A publicly accessible, unencrypted 96 GB database containing 149.4 million unique login credentials has been discovered by a security researcher. The data, believed to be compiled from various infostealer malware logs and past breaches, impacts an estimated 48 million Gmail accounts, alongside users of Facebook, financial services, government portals, and numerous other online platforms. The leak includes usernames, passwords, and the direct login URLs, posing a significant risk of account takeover and fraud for millions of individuals globally.

credential leakinfostealerdata exposurepassword securityaccount takeover

Massive 149 Million Credential Leak Exposes Gmail, Facebook, and Financial Service Users

Malware

Threat Intelligence

Nike Probes Data Breach Claim by 'WorldLeaks' Extortion Group

Extortion Group 'WorldLeaks' Targets Nike, Threatens to Leak Stolen Corporate Data

Global apparel giant Nike has launched an investigation into a potential data breach after being listed as a victim by the 'WorldLeaks' data extortion group. The group, which emerged in 2025 and focuses on data theft without deploying ransomware, threatened to publish stolen Nike data on January 24. Nike has confirmed it is assessing the situation. The type and volume of the allegedly stolen data have not been disclosed by the attackers.

WorldLeaksextortiondata theftcybercrimeretail

4 min read

Cyberattack

Sandworm Deploys New 'DynoWiper' Malware in Failed Attack on Polish Power Grid

CRITICAL

Russian State-Sponsored Group Sandworm Linked to 'DynoWiper' Attack on Poland's Energy Infrastructure

The Russian state-sponsored hacking group Sandworm has been attributed with a major, albeit unsuccessful, cyberattack against Poland's power system in late December 2025. Poland's energy minister described it as the 'largest cyber attack' on their energy infrastructure in years. Cybersecurity firm ESET linked the attack to Sandworm and discovered the use of a previously undocumented destructive malware, which has been named 'DynoWiper'. This incident underscores Sandworm's continued focus on targeting critical infrastructure with new cyber weapons.

SandwormDynoWiperwiper malwarecritical infrastructurePoland +4 more

6 min read

Sandworm Deploys New 'DynoWiper' Malware in Failed Attack on Polish Power Grid

Cyberattack

Malware

Phishing Campaign Hits Russia with Amnesia RAT, Uses GitHub and Dropbox for Payload Delivery

Multi-Stage Phishing Attack on Russian Users Deploys Amnesia RAT and Ransomware, Disables Microsoft Defender

A sophisticated, multi-stage phishing campaign is targeting users in Russia, delivering a combination of the Amnesia remote access trojan (RAT) and ransomware. The attack, analyzed by Fortinet FortiGuard Labs, is notable for its use of public cloud services like GitHub and Dropbox to host payloads and its use of a tool called 'defendnot' to disable Microsoft Defender antivirus. The campaign relies on social engineering and abuse of native Windows features rather than software exploits to achieve system compromise.

phishingAmnesia RATransomwareMicrosoft DefenderGitHub +2 more

Phishing

Malware

Ransomware

ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks

Extortion Group ShinyHunters Alleges Compromise of Crunchbase and Betterment Using Okta Voice Phishing

The notorious cyber extortion syndicate ShinyHunters has claimed responsibility for breaching business intelligence firm Crunchbase and financial advisory company Betterment. According to the threat actor, the initial access was gained by using sophisticated voice phishing (vishing) attacks to socially engineer employees and compromise their Okta single sign-on (SSO) credentials. This method allows attackers to bypass weaker forms of multi-factor authentication. Neither of the targeted companies has publicly confirmed the breach.

ShinyHuntersvishingsocial engineeringOktaMFA bypass +2 more

ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks

Phishing

Everest Ransomware Group Leaks 343GB of Under Armour Customer Data

Russia-Linked Everest Group Leaks 343 GB of Data Allegedly Stolen from Under Armour

The Russia-linked Everest ransomware group has leaked 343 GB of data allegedly stolen from global sportswear brand Under Armour. The massive data dump, which occurred on January 24, 2026, followed a failed extortion attempt. The leaked data is reported to contain the personally identifiable information (PII) of millions of customers, highlighting the 'double extortion' tactic where data publication is the primary threat. Under Armour has not yet commented on the incident.

Everestransomwaredata leakUnder ArmourPII +1 more

Ransomware

Warning: Fully Patched FortiGate Firewalls Are Being Compromised via New SSO Bypass

CRITICAL

New Attack Path Allows Compromise of Fully Patched FortiGate Firewalls with SAML SSO Enabled

Security analysts are warning of a new wave of attacks compromising even fully patched Fortinet FortiGate firewalls. The activity, observed since January 15, 2026, allows attackers to bypass SAML-based single sign-on (SSO) authentication to gain administrative access. The attacks result in unauthorized configuration changes, creation of persistent user accounts, and exfiltration of device configurations. Fortinet has reportedly identified a new, distinct attack path related to previously disclosed vulnerabilities (CVE-2025-59718, CVE-2025-59719), suggesting existing patches may not be fully effective.

FortiGateFortinetSSOSAMLauthentication bypass +2 more

6 min read

Warning: Fully Patched FortiGate Firewalls Are Being Compromised via New SSO Bypass

Vulnerability

Cyberattack

Patch Management

Trend Micro Details New RCE Flaw in MetaGPT (CVE-2026-0761)

New High-Severity RCE Vulnerability (CVE-2026-0761) in Foundation Agents MetaGPT Detailed by Trend Micro

Trend Micro has published details and a detection rule for a new high-severity remote code execution (RCE) vulnerability in Foundation Agents MetaGPT, tracked as CVE-2026-0761. The exploit, which occurs over HTTP, can be leveraged by an attacker for initial access into a network or for lateral movement. Trend Micro has released DDI RULE 5627 to detect exploitation attempts and advises organizations to update security products and scan for signs of compromise.