Data Breach Notification, Data Security, Fraud Management & Cybercrime Threat Actors Breached a Rural Michigan Health System for Approximately Two Months; BianLian Claims Responsibility Marianne Kolbasuk McGee (HealthInfoSec) • August 22, 2025 Image: Aspire Rural Health System A rural health…
Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident
May 01, 2025
Zero-Day / Threat Intelligence
Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…
Commvault Confirms Breach Linked to CVE-2025-3928 Exploitation in Azure Environment May 1, 2025 Threat Intelligence Commvault, a leader in enterprise data backup solutions, has disclosed that its Microsoft Azure environment was compromised by an unidentified nation-state threat actor exploiting the…
The Computer Merchant Data Breach: Lawsuit Investigation Attorneys associated with ClassAction.org are currently investigating the possibility of initiating a class action lawsuit in response to The Computer Merchant data breach. In the context of this investigation, they seek to connect…
CISA Includes Erlang SSH and Roundcube Vulnerabilities in Known Exploited Threats Catalog
On June 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The identified vulnerabilities are:
CVE-2025-32433 (CVSS score: 10.0): A critical missing authentication flaw in the Erlang/OTP SSH server that could enable an attacker to execute arbitrary commands without proper credentials, potentially leading to unauthenticated remote code execution. (Patched in April 2025 in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20)
CVE-2024-42009 (CVSS score: 9.3): A cross-site scripting (XSS) vulnerability in RoundCube Webmail that may allow a remote attacker to compromise a victim’s email account by exploiting a desanitization flaw in program/actions/mail/show.php. (Fixed in August 2024 in versions 1.6…)
CISA Updates KEV Catalog with Critical Vulnerabilities in Erlang SSH and Roundcube On June 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, both of…
May 18, 2023
Cyber Warfare / Threat Intelligence
Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.
Rising China-Taiwan Tensions Ignite Surge in Cyber Attacks May 18, 2023 Recent months have witnessed a significant escalation in tensions between China and Taiwan, resulting in a marked increase in cyber attacks aimed at the East Asian island nation. According…
Software Bill of Materials (SBOM), Standards, Regulations & Compliance US Cyber Defense Agency Advocates for Automation and Machine-Readable SBOMs Chris Riotta (@chrisriotta) • August 22, 2025 Image: CISA The Cybersecurity and Infrastructure Security Agency (CISA) is intensifying efforts to develop…
U.S. Charges Yemeni Hacker in Black Kingdom Ransomware Attack Affecting 1,500 Systems
May 03, 2025
Cybercrime / Malware
The U.S. Department of Justice (DoJ) announced charges against Rami Khaled Ahmed, a 36-year-old Yemeni national, for allegedly deploying the Black Kingdom ransomware against numerous global targets, including businesses, schools, and hospitals in the United States. Ahmed, currently believed to be residing in Sana’a, Yemen, faces charges of conspiracy, intentional damage to a protected computer, and threatening damage to a protected computer.
According to the DoJ, from March 2021 to June 2023, Ahmed and accomplices compromised the computer networks of several U.S.-based victims, including a medical billing service in Encino, a ski resort in Oregon, a school district in Pennsylvania, and a health clinic in Wisconsin. Ahmed is accused of creating and launching the ransomware by exploiting a known vulnerability in Microsoft Exchange Server referred to as ProxyLogon. The ransomware operation involved encrypting data from targeted systems…
U.S. Charges Yemeni Hacker Linked to Black Kingdom Ransomware Affecting 1,500 Systems On May 3, 2025, the U.S. Department of Justice (DoJ) revealed charges against Rami Khaled Ahmed, a 36-year-old national from Yemen, for allegedly deploying the notorious Black Kingdom…
LANSING, Mich., Aug. 22, 2025 /PRNewswire/ — The Philadelphia-based law firm Edelson Lechtzin LLP has initiated an investigation into data privacy violations stemming from a significant data breach at Aspire Rural Health System (“Aspire”). This breach, which reportedly began on…
Jun 10, 2025
Vulnerability / API Security
Google has acted to resolve a security flaw that could allow malicious actors to brute-force recovery phone numbers associated with Google accounts, potentially compromising user privacy and security. Singaporean security researcher “brutecat” identified that the vulnerability exploited a weakness in the company’s account recovery feature. The issue involved a now-obsolete version of the Google username recovery form (“accounts.google[.]com/signin/usernamerecovery”) that lacked sufficient anti-abuse measures to limit excessive requests. This page allows users to check if a recovery email or phone number is linked to a specific display name (e.g., “John Smith”). By bypassing the CAPTCHA rate limits, attackers could rapidly test various permutations of a Google account’s phone number, leading to possible exploitation.
Security Flaw Discovered in Google Account Recovery Process Exposes User Privacy On June 10, 2025, a significant security vulnerability was identified in Google’s account recovery system, raising concerns about potential risks to user privacy and security. The flaw, discovered by…
May 29, 2023
Cyber Threat / Online Security
A new phishing technique dubbed “file archiver in the browser” is being used to imitate file archiver software, such as WinRAR, within web browsers when victims visit a .ZIP domain. Security researcher mr.d0x revealed that this phishing attack involves creating a realistic landing page using HTML and CSS to mimic genuine file archive software, hosted on a .ZIP domain to enhance its legitimacy.
In a typical attack, cybercriminals can redirect users to a credential theft page when they click on a file that appears to be included within the fake ZIP archive. Another alarming tactic involves listing a harmless non-executable file, only for the actual download to be an executable file instead, as noted by mr.d0x…
Beware of ZIP Files: New Phishing Technique Exploited via .ZIP Domains In recent developments, a concerning phishing tactic has emerged, leveraging a method referred to as “file archiver in the browser.” This approach mimics the functionality of legitimate file archiving…
