APT28 Exploits Office Zero-Day in Hours; Critical N8N Flaw Exposes 100K Servers; ShinyHunters Breaches Harvard

Publication Date: February 5, 2026

Summary

In the period of February 4-5, 2026, the cybersecurity landscape was dominated by rapid state-sponsored exploitation and critical vulnerability disclosures. The Russian APT28 group weaponized a Microsoft Office zero-day (CVE-2026-21509) within 24 hours to target European governments. Concurrently, a CVSS 10.0 RCE flaw (CVE-2026-21858) in the N8N automation platform left over 100,000 servers vulnerable to takeover. Adding to the incidents, the ShinyHunters collective claimed a major data breach at Harvard University, exposing 115,000 donor records through a sophisticated vishing campaign. Other significant events include patches from Cisco and F5, and CISA adding a SolarWinds flaw to its KEV catalog.

Today New Articles

Cisco and F5 Release Urgent Patches for High-Severity DoS and RCE Vulnerabilities

Networking giants Cisco and F5 have released a wave of security updates to address multiple high-severity vulnerabilities across their product lines. Cisco patched five flaws, including a remote DoS bug in TelePresence/RoomOS (CVE-2026-20119) and a root-level...

Chinese APT 'Amaranth-Dragon' Hits Southeast Asian Governments with WinRAR Exploit

A newly identified China-linked APT group, dubbed 'Amaranth-Dragon,' is conducting targeted cyber espionage campaigns against government and law enforcement agencies in Southeast Asia. The group, believed to be affiliated with the broader APT41 ecosystem, is e...

Voicemail-Themed Phishing Campaign Deploys Legitimate RMM Tools for Backdoor Access

A widespread social engineering campaign is using convincing voicemail-themed lures to trick victims into installing legitimate remote monitoring and management (RMM) software. The attack begins with an email, often from a bank-themed subdomain, leading to a w...

Microsoft Mandates TLS 1.2 for Azure Blob Storage, Sunsetting Older Versions

Microsoft has officially deprecated support for Transport Layer Security (TLS) versions 1.0 and 1.1 for its Azure Blob Storage service, effective February 3, 2026. TLS 1.2 is now the minimum required version for all new and existing blob storage accounts acros...

'Shadow Campaign' Hacks Governments in 37 Countries, China-Linked Group Suspected

Security researchers have uncovered a massive, long-running cyber-espionage operation dubbed 'Shadow Campaign.' The campaign is attributed to a suspected Chinese nation-state group, TGR-STA-1030, and has successfully compromised at least 70 government and crit...

Futile Ransom: Nitrogen Ransomware Contains Fatal Coding Error, Decryption Impossible

In a case of profound operational failure, security researchers have discovered a fatal coding error in the Nitrogen ransomware group's malware that targets VMware ESXi systems. The flaw, found in the encryption routine, causes the malware to use the wrong pub...

Article Updates

UK Advances New Bill to Regulate Managed Service Providers (MSPs)

Update:The UK's Cyber Security and Resilience Bill has successfully passed its second reading in the House of Commons, marking a significant step towards becoming law. The Information Commissioner's Office (ICO) has expressed support for the bill's objectives but has...

SolarWinds Discloses Five Critical RCE & Auth Bypass Flaws in Web Help Desk

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability, CVE-2025-40551, in SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. This confirms active, in-th...