The Breach News

Microsoft Windows Flaw Used to Launch PipeMagic RansomExx Malware

Cybersecurity researchers have revealed that threat actors are exploiting a now-patched vulnerability in Microsoft Windows to deploy the PipeMagic malware during RansomExx ransomware attacks. This exploitation hinges on CVE-2025-29824, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS), which Microsoft addressed in April 2025, according to a report from Kaspersky and BI.ZONE. First identified in 2022, PipeMagic has been utilized in RansomExx attacks targeting industrial sectors in Southeast Asia, functioning as a backdoor that allows remote access and execution of various commands on compromised systems. Past incidents have shown attackers exploiting CVE-2017-0144, a remote code execution vulnerability in Windows SMB, to breach victim networks. Notably, infection chains observed in October 2024 in Saudi Arabia were linked to a fraudulent OpenAI ChatGPT application.

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware On August 18, 2025, cybersecurity experts revealed that threat actors exploited a recently patched vulnerability in Microsoft Windows to distribute the PipeMagic malware within RansomExx ransomware operations. This malicious activity specifically took advantage of CVE-2025-29824, a privilege escalation flaw affecting the…

Read More

Microsoft Windows Flaw Used to Launch PipeMagic RansomExx Malware

Cybersecurity researchers have revealed that threat actors are exploiting a now-patched vulnerability in Microsoft Windows to deploy the PipeMagic malware during RansomExx ransomware attacks. This exploitation hinges on CVE-2025-29824, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS), which Microsoft addressed in April 2025, according to a report from Kaspersky and BI.ZONE. First identified in 2022, PipeMagic has been utilized in RansomExx attacks targeting industrial sectors in Southeast Asia, functioning as a backdoor that allows remote access and execution of various commands on compromised systems. Past incidents have shown attackers exploiting CVE-2017-0144, a remote code execution vulnerability in Windows SMB, to breach victim networks. Notably, infection chains observed in October 2024 in Saudi Arabia were linked to a fraudulent OpenAI ChatGPT application.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Discovered in Microsoft Exchange On March 3, 2021, Microsoft announced emergency patches to address four critical security vulnerabilities in its Exchange Server. These vulnerabilities, which were previously undisclosed, are reportedly being exploited by a state-sponsored threat actor from China, leading to significant concerns regarding…

Read More

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

CBI Website Breach: Pakistani Group Takes Credit

Dec 05, 2010

The Central Bureau of Investigation (CBI) has confirmed that its official website was hacked, leading to a case being filed under the Information Technology Act. An official spokesperson revealed that unauthorized access and defacement occurred during the night of December 3-4. Law enforcement is actively working with the National Informatics Centre and CBI cybersecurity experts to restore the site. Reports surfaced on Friday about the breach, which has rendered the CBI website inaccessible. Allegedly, the attack was carried out by a group identifying itself as the Pakistan Cyber Army, which claimed to have retaliated for the hacking of 40 Pakistani sites.

CBI Website Compromised: Responsibility Claimed by Pakistani Hacker Group On December 5, 2010, the Central Bureau of Investigation (CBI) confirmed that its official website had been compromised over the weekend. A spokesperson for the agency disclosed that unauthorized access and defacement occurred between the nights of December 3 and 4,…

Read More

CBI Website Breach: Pakistani Group Takes Credit

Dec 05, 2010

The Central Bureau of Investigation (CBI) has confirmed that its official website was hacked, leading to a case being filed under the Information Technology Act. An official spokesperson revealed that unauthorized access and defacement occurred during the night of December 3-4. Law enforcement is actively working with the National Informatics Centre and CBI cybersecurity experts to restore the site. Reports surfaced on Friday about the breach, which has rendered the CBI website inaccessible. Allegedly, the attack was carried out by a group identifying itself as the Pakistan Cyber Army, which claimed to have retaliated for the hacking of 40 Pakistani sites.

Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics

Aug 18, 2025
Malware / Enterprise Security

The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.

Noodlophile Malware Campaign Broadens Its Global Impact Through Copyright Phishing Tactics As of August 18, 2025, the Noodlophile malware campaign has intensified its operations, targeting businesses across the U.S., Europe, the Baltic nations, and the Asia-Pacific region. The cybercriminals orchestrating this campaign are employing sophisticated spear-phishing tactics, utilizing emails that…

Read More

Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics

Aug 18, 2025
Malware / Enterprise Security

The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.

Exploring the Threats Posed by Stuxnet to Industrial Control Systems

Dec 09, 2010

Stuxnet is a highly advanced virus tailored to penetrate supervisory control and data acquisition (SCADA) systems created by Siemens, a major industrial corporation in Germany. These systems play a critical role in managing essential services like water supply and power generation, making Stuxnet a significant threat to national security.

Who Developed This Malware?
Cybersecurity experts suggest that Stuxnet was likely developed by a government entity or a well-funded organization, as its complex design exceeds the capabilities of an individual hacker. With much of the damage traced back to Iran, many theorize that the malware was aimed at sabotaging the country’s nuclear infrastructure.

A New Era of Cyber Threats
Regardless of whether Stuxnet was directed at U.S. infrastructures, its emergence signals a troubling evolution in cyber warfare. This development opens the door to increasingly sophisticated threats targeting critical infrastructure like power plants, forcing us to confront a new level of cyber risk.

Examining the Threat of Stuxnet in Industrial Control Systems Published: December 9, 2010 Stuxnet has emerged as a highly sophisticated malware specifically engineered to infiltrate supervisory control and data acquisition (SCADA) systems manufactured by Siemens, a prominent player in the industrial sector. These systems are integral to the management of…

Read More

Exploring the Threats Posed by Stuxnet to Industrial Control Systems

Dec 09, 2010

Stuxnet is a highly advanced virus tailored to penetrate supervisory control and data acquisition (SCADA) systems created by Siemens, a major industrial corporation in Germany. These systems play a critical role in managing essential services like water supply and power generation, making Stuxnet a significant threat to national security.

Who Developed This Malware?
Cybersecurity experts suggest that Stuxnet was likely developed by a government entity or a well-funded organization, as its complex design exceeds the capabilities of an individual hacker. With much of the damage traced back to Iran, many theorize that the malware was aimed at sabotaging the country’s nuclear infrastructure.

A New Era of Cyber Threats
Regardless of whether Stuxnet was directed at U.S. infrastructures, its emergence signals a troubling evolution in cyber warfare. This development opens the door to increasingly sophisticated threats targeting critical infrastructure like power plants, forcing us to confront a new level of cyber risk.

The Importance of Security Culture in Reducing Cyber Risk

In an era where organizations have invested two decades in enhancing their security architectures, a stark reality has emerged: advanced tools and technologies alone cannot sufficiently mitigate cyber risks. As technology has evolved, so too have the tactics of cyber attackers, who are increasingly targeting human behavior rather than solely infrastructure vulnerabilities. Recent data shows that the initial breach vector is often not a technical exploit but rather the exploitation of human vulnerabilities.

According to Verizon’s Data Breach Investigations Report, human factors have been the leading cause of breaches for five consecutive years. The most recent report indicates that almost 60% of all breaches in 2024 involved a human element. However, it is essential to clarify a prevalent misconception: the notion that “people are the weakest link” wrongly places the blame solely on employees for breaches.

The Importance of Security Culture in Reducing Cyber Risk In recent years, organizations have honed their security architectures, yet a crucial reality persists: advanced tools and technologies alone cannot sufficiently mitigate cyber risk. As cybersecurity solutions evolve, malicious actors have adapted their strategies, increasingly targeting human weaknesses rather than simply…

Read More

The Importance of Security Culture in Reducing Cyber Risk

In an era where organizations have invested two decades in enhancing their security architectures, a stark reality has emerged: advanced tools and technologies alone cannot sufficiently mitigate cyber risks. As technology has evolved, so too have the tactics of cyber attackers, who are increasingly targeting human behavior rather than solely infrastructure vulnerabilities. Recent data shows that the initial breach vector is often not a technical exploit but rather the exploitation of human vulnerabilities.

According to Verizon’s Data Breach Investigations Report, human factors have been the leading cause of breaches for five consecutive years. The most recent report indicates that almost 60% of all breaches in 2024 involved a human element. However, it is essential to clarify a prevalent misconception: the notion that “people are the weakest link” wrongly places the blame solely on employees for breaches.

Urgent: Critical RCE Vulnerability Discovered in F5 Big-IP Platform—Immediate Patching Required!

On March 11, 2021, F5 Networks issued an advisory highlighting four severe vulnerabilities across various products that could lead to denial of service (DoS) attacks and unauthenticated remote code execution on affected networks. The advisory addresses a total of seven related flaws (CVE-2021-22986 through CVE-2021-22992), including two identified by Felix Wilhelm of Google Project Zero in December 2020. The four critical vulnerabilities impact BIG-IP versions 11.6, 12.x, and newer, with a notable pre-auth remote code execution issue (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 has stated that it is not currently aware of any public exploitation of these vulnerabilities. If successfully exploited, these flaws could lead to complete system compromise, enabling remote code execution and potential buffer overflow, resulting in DoS conditions. Customers are strongly urged to apply updates immediately.

Critical Vulnerability Discovered in F5 Big-IP Platform: Immediate Patching Recommended On March 11, 2021, F5 Networks, a prominent player in application security, issued an urgent advisory regarding four significant vulnerabilities affecting its Big-IP platform. These security flaws, which span several F5 products, pose severe risks, including the potential for denial-of-service…

Read More

Urgent: Critical RCE Vulnerability Discovered in F5 Big-IP Platform—Immediate Patching Required!

On March 11, 2021, F5 Networks issued an advisory highlighting four severe vulnerabilities across various products that could lead to denial of service (DoS) attacks and unauthenticated remote code execution on affected networks. The advisory addresses a total of seven related flaws (CVE-2021-22986 through CVE-2021-22992), including two identified by Felix Wilhelm of Google Project Zero in December 2020. The four critical vulnerabilities impact BIG-IP versions 11.6, 12.x, and newer, with a notable pre-auth remote code execution issue (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 has stated that it is not currently aware of any public exploitation of these vulnerabilities. If successfully exploited, these flaws could lead to complete system compromise, enabling remote code execution and potential buffer overflow, resulting in DoS conditions. Customers are strongly urged to apply updates immediately.

Future Group’s E-Commerce Site Hacked, Halting Online Sales

December 22, 2010

Future Group’s ambitions to enhance online sales have hit a significant setback. Its main e-commerce platform, FutureBazaar, has experienced a cyber attack and has been unavailable for the past two days. CEO Rajiv Prakash referred to the incident as a “denial of service attack,” stating, “The website has been down for the last couple of days and is currently inaccessible to consumers.” The company is actively addressing the situation internally and taking legal steps against the perpetrators. “We have filed a complaint with the Cyber Crime Branch in Mumbai. We are working diligently to restore the site, and it should be operational soon,” Prakash reassured. To mitigate financial losses, the company is maintaining its phone commerce service, enabling customers to make purchases through that channel. While Prakash did not disclose the estimated daily losses from the outage, the portal represents a key growth area for the group. Future Group aims to achieve at least 10% of…

Future Group’s E-Commerce Platform Compromised, Hindering Online Operations December 22, 2010 Future Group, an influential player in the retail sector, is facing a significant setback in its efforts to enhance online sales. The company’s flagship e-commerce portal, FutureBazaar, has reportedly been compromised by a cyber-attack, rendering it non-operational for the…

Read More

Future Group’s E-Commerce Site Hacked, Halting Online Sales

December 22, 2010

Future Group’s ambitions to enhance online sales have hit a significant setback. Its main e-commerce platform, FutureBazaar, has experienced a cyber attack and has been unavailable for the past two days. CEO Rajiv Prakash referred to the incident as a “denial of service attack,” stating, “The website has been down for the last couple of days and is currently inaccessible to consumers.” The company is actively addressing the situation internally and taking legal steps against the perpetrators. “We have filed a complaint with the Cyber Crime Branch in Mumbai. We are working diligently to restore the site, and it should be operational soon,” Prakash reassured. To mitigate financial losses, the company is maintaining its phone commerce service, enabling customers to make purchases through that channel. While Prakash did not disclose the estimated daily losses from the outage, the portal represents a key growth area for the group. Future Group aims to achieve at least 10% of…

Public Exploit Combines Two Critical SAP Vulnerabilities, Leaving Unpatched Systems Open to Remote Code Execution

Date: Aug 19, 2025
Category: Vulnerability / Cyber Espionage

A new exploit has emerged that leverages two critical, now-patched vulnerabilities in SAP NetWeaver, putting organizations at significant risk of system compromise and data theft. This exploit chains CVE-2025-31324 and CVE-2025-42999 to bypass authentication and enable remote code execution, according to SAP security firm Onapsis.

  • CVE-2025-31324 (CVSS score: 10.0) – Lacks authorization checks in SAP NetWeaver’s Visual Composer development server
  • CVE-2025-42999 (CVSS score: 9.1) – Vulnerability due to insecure deserialization in the same server

These vulnerabilities were patched by SAP in April and May 2025, but not before they were exploited as zero-days by threat actors as early as March. Multiple ransomware and data extortion groups, including Qilin, BianLian, and RansomExx, have been seen exploiting these flaws, along with several espionage groups linked to China targeting critical infrastructures.

Public Exploit for Chained SAP Vulnerabilities Poses Risk of Remote Code Execution August 19, 2025 A concerning new exploit has come to light that leverages two critical security vulnerabilities in SAP NetWeaver, introducing significant risks for organizations that have yet to apply patches. This exploit combines CVE-2025-31324 and CVE-2025-42999, enabling…

Read More

Public Exploit Combines Two Critical SAP Vulnerabilities, Leaving Unpatched Systems Open to Remote Code Execution

Date: Aug 19, 2025
Category: Vulnerability / Cyber Espionage

A new exploit has emerged that leverages two critical, now-patched vulnerabilities in SAP NetWeaver, putting organizations at significant risk of system compromise and data theft. This exploit chains CVE-2025-31324 and CVE-2025-42999 to bypass authentication and enable remote code execution, according to SAP security firm Onapsis.

  • CVE-2025-31324 (CVSS score: 10.0) – Lacks authorization checks in SAP NetWeaver’s Visual Composer development server
  • CVE-2025-42999 (CVSS score: 9.1) – Vulnerability due to insecure deserialization in the same server

These vulnerabilities were patched by SAP in April and May 2025, but not before they were exploited as zero-days by threat actors as early as March. Multiple ransomware and data extortion groups, including Qilin, BianLian, and RansomExx, have been seen exploiting these flaws, along with several espionage groups linked to China targeting critical infrastructures.