The Breach News

HybridPetya Ransomware Bypasses UEFI Secure Boot

Endpoint Security, Hardware / Chip-level Security Eset Uncovers New Malware Variant, HybridPetya Anviksha More (AnvikshaMore) • September 12, 2025 Image: Shutterstock Security researchers at Eset have recently identified a new variant of malware reminiscent of the notorious Petya/NotPetya, which they have named “HybridPetya.” This insight was shared on Friday, emphasizing…

Read MoreHybridPetya Ransomware Bypasses UEFI Secure Boot

Qrator Labs Successfully Mitigates L7 DDoS Attack from 5.76 Million-Device Botnet

In early September 2023, Qrator Labs identified and successfully mitigated one of the year’s most consequential Layer 7 DDoS attacks, executed by what is currently recognized as the largest botnet in existence. This attack targeted a government organization and exploited 5.76 million compromised Internet of Things (IoT) devices, among other…

Read MoreQrator Labs Successfully Mitigates L7 DDoS Attack from 5.76 Million-Device Botnet

Sussex Police Faces Over 400 Data Breaches Since 2022, Compensates Successful Claimants – SussexWorld

Sussex Police Reports Over 400 Data Breaches Since 2022, Compensation Claims Filed Sussex Police has revealed that they have experienced more than 400 data breaches since the beginning of 2022, resulting in financial compensation for several claims that were successfully filed by affected parties. This alarming trend raises critical questions…

Read MoreSussex Police Faces Over 400 Data Breaches Since 2022, Compensates Successful Claimants – SussexWorld

EncryptHub Exploits Windows Zero-Day Vulnerability to Deploy Rhadamanthys and StealC Malware

Recent revelations indicate that the threat actor identified as EncryptHub has effectively taken advantage of a recently patched security vulnerability in Microsoft Windows, designated as a zero-day flaw, to deploy a range of malicious software. This includes information-stealing tools like Rhadamanthys and StealC, alongside traditional backdoor implementations, raising significant alarm…

Read MoreEncryptHub Exploits Windows Zero-Day Vulnerability to Deploy Rhadamanthys and StealC Malware

Hackers Access Okta’s GitHub Repositories and Exfiltrate Source Code

Okta, a pivotal player in identity and access management, reported an unauthorized access event involving its source code repositories earlier this month. The incident, which was disclosed on Wednesday, raises substantial concerns about the security practices surrounding sensitive organizational code. According to an official statement, Okta reassured stakeholders that “there…

Read MoreHackers Access Okta’s GitHub Repositories and Exfiltrate Source Code

Bots Disrupt Identity: Trust in Crisis

Agentic AI, Artificial Intelligence & Machine Learning, Identity & Access Management Durand: Agentic Models Demand Enhanced Verification and Advanced Access Controls Michael Novinson (MichaelNovinson) • September 12, 2025 Andre Durand, founder and CEO of Ping Identity (Image: Ping Identity) The increasing weaponization of trust by malicious actors is compelling businesses…

Read MoreBots Disrupt Identity: Trust in Crisis

Over 12,000 API Keys and Passwords Discovered in Public Datasets for LLM Training

A recent investigation has uncovered alarming findings regarding a dataset utilized for training large language models (LLMs). This dataset reportedly contains close to 12,000 live secrets, including credentials capable of authenticating access to various services. This discovery raises significant concerns about the risks associated with hard-coded credentials. Organizations face heightened…

Read MoreOver 12,000 API Keys and Passwords Discovered in Public Datasets for LLM Training