The Breach News

“Override Panda” Hacking Group Emerges Again with New Espionage Operations

In recent weeks, the Chinese state-sponsored hacking group known as Override Panda has made headlines again, launching a sophisticated phishing campaign aimed at acquiring sensitive information. This resurgence focuses on utilizing spear-phishing tactics to compromise targeted entities. According to a report by Cluster25, this threat actor leveraged a spear-phishing email…

Read More“Override Panda” Hacking Group Emerges Again with New Espionage Operations

Who’s Overseeing the Machines? The Unowned Identity Crisis

Identity & Access Management, Security Operations Machine Identities Surpass Human Ones, Yet Accountability Remains Inadequate Rashmi Ramesh (rashmiramesh_) • September 29, 2025 Image: Shutterstock The rapidly growing segment of users within enterprises often goes unnoticed in human resources systems. This group primarily operates through service accounts, API keys, bots, and…

Read MoreWho’s Overseeing the Machines? The Unowned Identity Crisis

Hacker Compromises FEMA Networks, Extracts Employee Data Over Multiple Months

A significant cybersecurity breach has been reported involving the Federal Emergency Management Agency (FEMA), where a hacker accessed its computer networks for several months earlier this year, subsequently stealing sensitive information pertaining to FEMA and U.S. Customs and Border Protection (CBP) employees. This incident highlights the vulnerabilities of critical government…

Read MoreHacker Compromises FEMA Networks, Extracts Employee Data Over Multiple Months

New Veeam Vulnerability Enables Arbitrary Code Execution Through Man-in-the-Middle Attack

Critical Security Flaw Discovered in Veeam Backup Software Veeam has issued essential patches to rectify a critical vulnerability in its Backup software, which poses significant risks by allowing malicious actors to execute arbitrary code on compromised systems. This vulnerability, identified as CVE-2025-23114, has been rated with a high CVSS score…

Read MoreNew Veeam Vulnerability Enables Arbitrary Code Execution Through Man-in-the-Middle Attack

Ukrainian CERT Alerts Citizens to New Wave of Jester Malware Attacks

Ukraine’s Computer Emergency Response Team (CERT-UA) has raised alarms regarding a wave of phishing attacks utilizing a potent information-stealing malware named Jester Stealer. This malware is deployed through a mass email campaign designed to compromise systems of unsuspecting users. The phishing emails, which carry the subject line “chemical attack,” contain…

Read MoreUkrainian CERT Alerts Citizens to New Wave of Jester Malware Attacks

OT Operators Advised to Map Networks to Avoid Significant Blind Spots

Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Global Cybersecurity Agencies Urge Comprehensive OT Inventories to Mitigate Threats Chris Riotta (@chrisriotta) • September 29, 2025 Image: Shutterstock In a proactive measure, global cybersecurity agencies are advising critical infrastructure operators to take stock of their operational technology environments. While…

Read MoreOT Operators Advised to Map Networks to Avoid Significant Blind Spots

Researchers Warn: Tech-Savvy Stalkers Can Exploit Tile Tracking Tags

Concerns Emerge Over Privacy Risks Linked to Tile Trackers Tile trackers, employed by over 88 million users globally to locate items such as keys and pets, are facing scrutiny following revelations by researchers from the Georgia Institute of Technology. According to a study, design vulnerabilities within Tile’s tracking technology may…

Read MoreResearchers Warn: Tech-Savvy Stalkers Can Exploit Tile Tracking Tags

SEC Takes Action Against Four Companies for Misleading Information on SolarWinds Cyber Attack

In a significant move, the U.S. Securities and Exchange Commission (SEC) has filed charges against four companies—Avaya, Check Point, Mimecast, and Unisys—for failing to provide accurate disclosures about a cyberattack that originated from the SolarWinds breach in 2020. This extensive cyber incident raised alarms across the technology sector and has…

Read MoreSEC Takes Action Against Four Companies for Misleading Information on SolarWinds Cyber Attack