Massive 149M Credential Leak, Sandworm's 'DynoWiper' Targets Poland, and FortiGate Firewalls Breached Despite Patches
Summary
This cybersecurity brief for January 25, 2026, covers a series of critical incidents. A massive 149 million credential leak has exposed users of Gmail, Facebook, and financial services. The Russian state-sponsored group Sandworm deployed a new 'DynoWiper' malware in an attack on Poland's power grid. Fully patched FortiGate firewalls are being compromised via a new SSO bypass. Other major events include data breach claims against Nike and Under Armour, a critical 11-year-old Telnet vulnerability, and multiple patch-related issues from Microsoft causing boot failures and application freezes.
Today New Articles
Massive 149 Million Credential Leak Exposes Gmail, Facebook, and Financial Service Users
A publicly accessible, unencrypted 96 GB database containing 149.4 million unique login credentials has been discovered by a security researcher. The data, believed to be compiled from various infostealer malware logs and past breaches, impacts an estimated 48...
Nike Probes Data Breach Claim by 'WorldLeaks' Extortion Group
Global apparel giant Nike has launched an investigation into a potential data breach after being listed as a victim by the 'WorldLeaks' data extortion group. The group, which emerged in 2025 and focuses on data theft without deploying ransomware, threatened to...
Sandworm Deploys New 'DynoWiper' Malware in Failed Attack on Polish Power Grid
The Russian state-sponsored hacking group Sandworm has been attributed with a major, albeit unsuccessful, cyberattack against Poland's power system in late December 2025. Poland's energy minister described it as the 'largest cyber attack' on their energy infra...
Phishing Campaign Hits Russia with Amnesia RAT, Uses GitHub and Dropbox for Payload Delivery
A sophisticated, multi-stage phishing campaign is targeting users in Russia, delivering a combination of the Amnesia remote access trojan (RAT) and ransomware. The attack, analyzed by Fortinet FortiGuard Labs, is notable for its use of public cloud services li...
ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks
The notorious cyber extortion syndicate ShinyHunters has claimed responsibility for breaching business intelligence firm Crunchbase and financial advisory company Betterment. According to the threat actor, the initial access was gained by using sophisticated v...
Everest Ransomware Group Leaks 343GB of Under Armour Customer Data
The Russia-linked Everest ransomware group has leaked 343 GB of data allegedly stolen from global sportswear brand Under Armour. The massive data dump, which occurred on January 24, 2026, followed a failed extortion attempt. The leaked data is reported to cont...
Warning: Fully Patched FortiGate Firewalls Are Being Compromised via New SSO Bypass
Security analysts are warning of a new wave of attacks compromising even fully patched Fortinet FortiGate firewalls. The activity, observed since January 15, 2026, allows attackers to bypass SAML-based single sign-on (SSO) authentication to gain administrative...
Trend Micro Details New RCE Flaw in MetaGPT (CVE-2026-0761)
Trend Micro has published details and a detection rule for a new high-severity remote code execution (RCE) vulnerability in Foundation Agents MetaGPT, tracked as CVE-2026-0761. The exploit, which occurs over HTTP, can be leveraged by an attacker for initial ac...
Article Updates
Microsoft Issues Emergency Out-of-Band Patches for Flawed January Updates
Update:Microsoft is investigating widespread reports of Windows 11 devices failing to boot with 'UNMOUNTABLE_BOOT_VOLUME' errors after installing the January 2026 security updates, specifically KB5074109. This critical issue primarily impacts physical Windows 11 25H2...