The Breach News

Major Vulnerability in Microchip ASF Puts IoT Devices at Risk of Remote Code Execution

A significant security vulnerability has been identified in the Microchip Advanced Software Framework (ASF), which, if leveraged, could enable remote code execution. This issue, designated as CVE-2024-7490, has received a CVSS score of 9.5 out of a possible 10. The vulnerability constitutes a stack overflow fault within ASF’s implementation of…

Read MoreMajor Vulnerability in Microchip ASF Puts IoT Devices at Risk of Remote Code Execution

U.S. Issues Emergency Declaration Across 17 States Following Fuel Pipeline Cyber Attack

In a significant cybersecurity incident, the Colonial Pipeline, a crucial fuel pipeline operator in the United States, fell victim to a ransomware attack that has led to a regional emergency declaration from the U.S. Federal Motor Carrier Safety Administration (FMCSA). This declaration affects 17 states and the District of Columbia,…

Read MoreU.S. Issues Emergency Declaration Across 17 States Following Fuel Pipeline Cyber Attack

Microsoft Exchange Flaw Exposes Approximately 100,000 Windows Domain Credentials

A significant security vulnerability in Microsoft Exchange’s Autodiscover protocol has led to the exposure of nearly 100,000 credentials for Windows domains globally. This flaw poses a critical risk, as attackers who manage to gain control over these domains could intercept and capture sensitive credentials transmitted in plaintext during authentication processes,…

Read MoreMicrosoft Exchange Flaw Exposes Approximately 100,000 Windows Domain Credentials

US Congress Takes Steps to Reinstate CISA 2015 Following Shutdown

Government, Industry Specific, Next-Generation Technologies & Secure Development Lawmakers Propose Renewing Cyberthreat Sharing Law Amid Government Shutdown Issues Chris Riotta (@chrisriotta) • November 11, 2025 Image: Shutterstock Recent legislative developments may restore a critical framework for sharing cybersecurity information as the U.S. government prepares to reopen following a six-week shutdown.…

Read MoreUS Congress Takes Steps to Reinstate CISA 2015 Following Shutdown

Genea Patients Demand Accountability from IVF Giant as Cybersecurity Expert Expresses Ongoing Concerns

Data Breach at Genea Fertility Exposes Sensitive Patient Information A significant data breach at Genea Fertility, one of Australia’s leading IVF providers, has compromised the sensitive medical information of numerous patients, raising serious cybersecurity concerns. Following a cyber attack earlier this year, sensitive data—including medical histories and personal identification details—has…

Read MoreGenea Patients Demand Accountability from IVF Giant as Cybersecurity Expert Expresses Ongoing Concerns

CISA Alerts on Critical Ivanti vTM Vulnerability Due to Ongoing Exploitation Risks

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious security vulnerability affecting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, following indications of active exploitation in the wild. The vulnerability, identified as CVE-2024-7593, has a CVSS score of 9.8 and allows a remote,…

Read MoreCISA Alerts on Critical Ivanti vTM Vulnerability Due to Ongoing Exploitation Risks

Rapid7 Source Code Compromised in Codecov Supply Chain Incident

Rapid7 Source Code Repositories Compromised Following Codecov Incident Cybersecurity firm Rapid7 has disclosed that an unauthorized entity gained access to a limited subset of its source code repositories. This revelation follows a recent security breach linked to software auditing tool Codecov, which was compromised earlier this year due to a…

Read MoreRapid7 Source Code Compromised in Codecov Supply Chain Incident

ClickFix: The Unseen Security Risk Your Family Needs to Know About

Phishing Campaigns Targeting Booking.com Users Raise Security Concerns Recent reports highlight a sophisticated phishing campaign aimed primarily at Windows users, as detailed by cybersecurity experts. The attackers exploit compromised accounts from hotels listed on Booking.com or similar online travel services. By leveraging the sensitive information available in these accounts, they…

Read MoreClickFix: The Unseen Security Risk Your Family Needs to Know About