Intrusions exploiting the WinRAR path traversal flaw, tracked as CVE-2025-8088, have been launched by newly emergent threat operation Amaranth Dragon, which is associated with Chinese state-backed hacking group APT41, against Southeast Asian government and law enforcement agencies since August, BleepingComputer reports.
Moves by the Cybersecurity and Infrastructure Security Agency to update ransomware-related exploitation on dozens of software vulnerabilities last year without alerting defenders were noted by GreyNoise Senior Director of Security Research and Detection Engineering Glenn Thorpe to have potentially resulted in overlooked ransomware intrusions, reports The Register.
Cybernews reports that more than 8.7 billion Chinese records have been spilled by an unprotected Elasticsearch cluster in what is among the largest exposures in the open-source distributed search and analytics engine.
Multiple threat actors were observed by watchTowr Labs to have harnessed a pair of critical Ivanti Endpoint Manager Mobile code injection vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, in global attacks even as Ivanti dismissed an exploit chain involving both flaws, according to CyberScoop.
Intrusions leveraging the critical React Native Community CLI NPM package vulnerability, tracked as CVE-2025-11953, have been launched to compromise Windows and Linux systems with malware since late December, reports SecurityWeek.
The newly added vulnerabilities include a high-severity deserialization flaw in SolarWinds Web Help Desk (CVE-2025-40551), enabling remote code execution.
