Category data-breaches

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

New Vulnerabilities Uncovered in Linux Core Dump Handlers Could Lead to Password Hash Theft May 31, 2025 Recent findings from the Qualys Threat Research Unit (TRU) have revealed two significant vulnerabilities within core dump handlers in popular Linux distributions, including Ubuntu, Red Hat Enterprise Linux, and Fedora. Identified as CVE-2025-5054…

Read More

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

How to Claim Your Portion of AT&T’s $177M Settlement for Data Breaches

AT&T Faces $177 Million Settlement Over Data Breaches In a significant development for customer data protection, AT&T has reached a tentative $177 million settlement connected to two data breaches disclosed in 2024. This settlement could see eligible customers receiving compensation of up to $7,500 as part of ongoing legal proceedings…

Read MoreHow to Claim Your Portion of AT&T’s $177M Settlement for Data Breaches

Hackers Compromise Canadian Government Using Microsoft Vulnerability

Government, Industry Specific Microsoft Issues Urgent Warning After SharePoint Vulnerability Breach Targeting State Actors Chris Riotta (@chrisriotta) • August 14, 2025 The Ottawa Parliament Building. (Image: Shutterstock) A significant security breach has occurred within Canada’s House of Commons, where hackers accessed a sensitive database containing confidential office locations and personal…

Read MoreHackers Compromise Canadian Government Using Microsoft Vulnerability

⚡ Weekly Update: APT Intrusions, AI-Powered Malware, Zero-Click Exploits, Browser Hijacks, and More

Jun 02, 2025
Cybersecurity / Hacking Insights

In a scenario that felt more like a high-stakes security drill gone awry, the reality was far grimmer. While everything appeared normal, the tools for attack were all too accessible, and detection was alarmingly late. This is the current state of cybersecurity—quiet, deceptive, and rapid. Defenders no longer merely chase hackers; they grapple with distrust of their own systems’ signals. The issue isn’t a lack of alerts; it’s an overwhelming number without context. The bottom line? If your defenses still rely on obvious indicators, you aren’t safeguarding your assets—you’re merely witnessing breaches unfold.

The following recap emphasizes key developments that demand your attention.

Threat of the Week
APT41 Exploits Google Calendar for Command-and-Control — The Chinese state-sponsored group, APT41, has employed a malware known as TOUGHPROGRESS that utilizes Google Calendar for its command-and-control (C2) activities. Google reported observing these spear-phishing incidents back in October 2024, with the malware hosted on…

Weekly Cybersecurity Recap: APT Intrusions, AI Malware, and Evolving Threat Landscapes Published: June 2, 2025 In a landscape defined by digital threats, the recent surge of cybersecurity incidents serves as a stark reminder of the complexities defenders face today. An alarming incident unfolded, demonstrating that what once seemed hypothetical has…

Read More

⚡ Weekly Update: APT Intrusions, AI-Powered Malware, Zero-Click Exploits, Browser Hijacks, and More

Jun 02, 2025
Cybersecurity / Hacking Insights

In a scenario that felt more like a high-stakes security drill gone awry, the reality was far grimmer. While everything appeared normal, the tools for attack were all too accessible, and detection was alarmingly late. This is the current state of cybersecurity—quiet, deceptive, and rapid. Defenders no longer merely chase hackers; they grapple with distrust of their own systems’ signals. The issue isn’t a lack of alerts; it’s an overwhelming number without context. The bottom line? If your defenses still rely on obvious indicators, you aren’t safeguarding your assets—you’re merely witnessing breaches unfold.

The following recap emphasizes key developments that demand your attention.

Threat of the Week
APT41 Exploits Google Calendar for Command-and-Control — The Chinese state-sponsored group, APT41, has employed a malware known as TOUGHPROGRESS that utilizes Google Calendar for its command-and-control (C2) activities. Google reported observing these spear-phishing incidents back in October 2024, with the malware hosted on…

Your SSN Exposed Online, AI Data Breaches, and Bus Hacking: This Week’s Cybersecurity Chaos – PCMag

Major Cybersecurity Concerns: Data Exposure and Vulnerabilities on the Rise In the latest developments in cybersecurity, various incidents have highlighted growing vulnerabilities in digital infrastructures. Notably, social security numbers (SSNs) are increasingly becoming compromised, with significant amounts of personal data leaking online. The rise of artificial intelligence is exacerbating this…

Read MoreYour SSN Exposed Online, AI Data Breaches, and Bus Hacking: This Week’s Cybersecurity Chaos – PCMag

Russian Hackers Target Norwegian Dam

Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Also: Spain Resists Pressure to Oust Huawei, North Korean Kimsuky Data Leaked Anviksha More (AnvikshaMore) • August 14, 2025 Image: Shutterstock/ISMG The Information Security Media Group (ISMG) regularly compiles significant cybersecurity incidents from around the globe. This week, a reported incident…

Read MoreRussian Hackers Target Norwegian Dam

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

Google Unveils Vishing Campaign Targeting Salesforce by Threat Group UNC6040 June 4, 2025 In a recent disclosure, Google has revealed insights into a financially motivated threat group known as UNC6040, which is reportedly executing sophisticated voice phishing, or vishing, operations aimed at infiltrating Salesforce instances. These attacks focus on large-scale…

Read More

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

U.S. Health Department Reports That UnitedHealth Cyberattack Affected 192.7 Million Individuals

Data Breach at UnitedHealth Group Affects 192.7 Million Individuals Recent reports from the U.S. Department of Health and Human Services reveal that the data breach involving UnitedHealth Group last year impacted the personal information of approximately 192.7 million individuals. This figure surpasses the initial estimate of 190 million disclosed by…

Read MoreU.S. Health Department Reports That UnitedHealth Cyberattack Affected 192.7 Million Individuals

US Imposes Sanctions on Crypto Exchange Linked to Russian Ransomware

Cryptocurrency Fraud, Finance & Banking, Fraud Management & Cybercrime US Treasury Sanctions Cryptocurrency Exchange for Laundering $100 Million Linked to Ransomware Chris Riotta (@chrisriotta) • August 14, 2025 (Image: Shutterstock) The U.S. Department of the Treasury has imposed sanctions against Garantex, a cryptocurrency exchange with Russian connections, as part of…

Read MoreUS Imposes Sanctions on Crypto Exchange Linked to Russian Ransomware