The Breach News

Russia’s GRU Linked to Breaches of Critical Infrastructure Cloud Systems

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Network Firewalls, Network Access Control Researchers Sound Alarm Over Misconfigured Customer Network Edge Devices Mathew J. Schwartz (euroinfosec) • December 16, 2025 Image: xfilephotos/Shuttertstock Cybersecurity experts have issued a warning regarding the vulnerabilities posed by misconfigured network edge devices, emphasizing that these…

Read MoreRussia’s GRU Linked to Breaches of Critical Infrastructure Cloud Systems

Russia’s GRU Linked to Breaches in Critical Infrastructure Cloud Systems

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Network Firewalls, Network Access Control Misconfigured Customer Network Edge Devices Under Attack, Researchers Warn Mathew J. Schwartz (euroinfosec) • December 16, 2025 Image: xfilephotos/Shutterstock Cybersecurity experts are sounding the alarm as Russian hackers exploit misconfigured network-edge devices to facilitate unauthorized access into…

Read MoreRussia’s GRU Linked to Breaches in Critical Infrastructure Cloud Systems

Cisco Addresses Critical Vulnerability Affecting Unity Connection Software

Cisco Addresses Critical Vulnerability in Unity Connection Software Cisco has announced the availability of software updates in response to a significant security vulnerability affecting its Unity Connection platform. This vulnerability, identified as CVE-2024-20272, has been assigned a CVSS score of 7.3, indicating a critical level of risk. The issue stems…

Read MoreCisco Addresses Critical Vulnerability Affecting Unity Connection Software

New PIN Verification Bypass Vulnerability Impacts Visa Contactless Payments

In a troubling development for the cybersecurity landscape, Visa has alerted the public to a JavaScript web skimmer called Baka. Concurrently, a group of researchers from ETH Zurich has identified a critical authentication vulnerability in Visa’s EMV-enabled payment cards, which could be exploited by cybercriminals to unlawfully extract funds from…

Read MoreNew PIN Verification Bypass Vulnerability Impacts Visa Contactless Payments

Reddit Breach: User Emails, Passwords, and Private Messages Compromised

In a significant cybersecurity incident, Reddit recently confirmed a data breach occurring in June that compromised user information, including current email addresses and data from a 2007 backup that contains usernames and hashed passwords. This breach appears to be a reaction from an aggrieved party dissatisfied with Reddit’s account ban…

Read MoreReddit Breach: User Emails, Passwords, and Private Messages Compromised

Nation-State Cybercrime Exploits Linked to React2Shell

Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Vercel Issues Warning: Two Additional Vulnerabilities in React Server Components Urgently Require Patching Mathew J. Schwartz (@euroinfosec) • December 15, 2025 Image: Shutterstock/React/ISMG Experts warn that the React2Shell vulnerability is being exploited en masse by state-sponsored attackers connected to China, North…

Read MoreNation-State Cybercrime Exploits Linked to React2Shell

Deadline Approaching for AT&T Customers to Claim Their Compensation – PhoneArena

Deadline Approaching for AT&T Customers to Claim Compensation AT&T customers are nearing the end of their opportunity to receive compensation related to a significant data breach that has impacted numerous individuals. This incident has raised substantial concerns regarding the security measures in place and the responsibility of companies to protect…

Read MoreDeadline Approaching for AT&T Customers to Claim Their Compensation – PhoneArena

New Proof of Concept Exploit for Apache OfBiz Vulnerability Threatens ERP Systems

Recent developments in cybersecurity reveal a critical vulnerability affecting the Apache OfBiz open-source Enterprise Resource Planning (ERP) system. Researchers at VulnCheck have successfully created proof-of-concept (PoC) code exploiting the flaw, identified as CVE-2023-51467. This vulnerability, which carries a CVSS score of 9.8, allows attackers to execute a memory-resident payload, potentially…

Read MoreNew Proof of Concept Exploit for Apache OfBiz Vulnerability Threatens ERP Systems

New Raccoon Vulnerability May Enable Attackers to Compromise SSL/TLS Encryption

New Timing Vulnerability Discovered in TLS: Raccoon Attack A recent study has revealed a significant timing vulnerability affecting the Transport Layer Security (TLS) protocol, potentially allowing attackers to compromise encryption and access sensitive communications under specific scenarios. Researchers have labeled this exploit the “Raccoon Attack,” targeting server-side operations in TLS…

Read MoreNew Raccoon Vulnerability May Enable Attackers to Compromise SSL/TLS Encryption