Global Espionage 'Shadow Campaign' Breaches 37 Nations; CISA Warns of Actively Exploited Flaws in SmarterMail and VMware

Publication Date: February 6, 2026

Summary

This week in cybersecurity, a massive state-aligned espionage operation dubbed the 'Shadow Campaign' was uncovered, having compromised government and critical infrastructure entities in 37 countries. Meanwhile, CISA issued urgent warnings about actively exploited vulnerabilities in SmarterMail and VMware ESXi, both being used in ransomware attacks. Major data breaches also came to light, with an unsecured server exposing 8.7 billion records on Chinese citizens and social engineering attacks hitting investment platform Betterment and newsletter service Substack, affecting millions of users. In policy news, CISA mandated the removal of all unsupported edge devices from federal networks to combat nation-state threats.

Today New Articles

CISA: Critical SmarterMail RCE Flaw Actively Exploited in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in SmarterTools' SmarterMail, CVE-2026-24423, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score...

CISA Issues Directive Forcing Removal of Unsupported Edge Devices from Federal Networks

In response to increasing exploitation by nation-state actors, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 26-02. The directive mandates that all Federal Civilian Executive Branch (FCEB) agenc...

Betterment Data Breach Exposes 1.4M Customers After Social Engineering Attack

Automated investment platform Betterment has disclosed a data breach affecting 1.4 million customers, originating from a sophisticated social engineering attack. Threat actors, claiming to be the 'ShinyHunters' group, used voice phishing (vishing) to manipulat...

Financial Sector Cyberattacks Doubled in 2025, Fueled by Geopolitical Hacktivism

A new report from Check Point Software reveals a dramatic escalation in cyber threats targeting the global financial sector, with incidents more than doubling in 2025. The primary driver was a 105% increase in Distributed Denial-of-Service (DDoS) attacks, whic...

Critical RCE Flaw in n8n Automation Platform Allows Full Server Takeover

A critical sandbox escape vulnerability, CVE-2026-25049, has been discovered in the popular n8n workflow automation platform. The flaw, rated 9.4 on the CVSS scale, allows an authenticated user with permission to edit workflows to bypass security controls and...

New 'Milkyway' Ransomware Strain Surfaces with Aggressive Extortion Tactics

A new Windows-based ransomware strain named 'Milkyway' has been identified by researchers at CYFIRMA. Currently in a developing state, the malware encrypts files and appends a '.milkyway' extension. It employs aggressive extortion tactics via a full-screen ran...

Everest Ransomware Group Claims Attack on Japanese Manufacturer Hosokawa Micron

The Everest ransomware group has claimed responsibility for a cyberattack against Hosokawa Micron Corporation, a leading Japanese manufacturer of industrial processing technology. The group announced the breach on an underground forum, threatening to publish a...

Substack Discloses Data Breach Exposing User Contact Information

The newsletter platform Substack has announced it suffered a data breach after discovering on February 3, 2026, that an unauthorized party had gained access to a database containing user information. The exposed data includes names, email addresses, phone numb...