The Breach News

CISA Alerts on Five Actively Exploited Security Vulnerabilities: Immediate Action Needed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.

  • CVE-2021-27876 (CVSS score: 8.1) – File Access Vulnerability
  • CVE-2021-27877 (CVSS score: 8.2) – Improper Authentication Vulnerability
  • CVE-2021-27878 (CVSS score: 8.8) – Command Execution Vulnerability

A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.

CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…

Read More

CISA Alerts on Five Actively Exploited Security Vulnerabilities: Immediate Action Needed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.

  • CVE-2021-27876 (CVSS score: 8.1) – File Access Vulnerability
  • CVE-2021-27877 (CVSS score: 8.2) – Improper Authentication Vulnerability
  • CVE-2021-27878 (CVSS score: 8.8) – Command Execution Vulnerability

A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.

Virtru Resolves Patent Dispute with Microsoft over Encryption Technology

Data Security, Encryption & Key Management, Litigation Settlement Reached in Virtru’s Patent Infringement Case Against Microsoft’s Message Encryption Tool Michael Novinson (MichaelNovinson) • August 27, 2025 In a significant development, Virtru has settled a lawsuit against Microsoft that contested the alleged infringement of its patents related to data protection in…

Read MoreVirtru Resolves Patent Dispute with Microsoft over Encryption Technology

New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks

Apr 16, 2025
Cyber Espionage / Network Security

Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…

New BPFDoor Controller Enhances Stealthy Lateral Movement in Linux Server Intrusions April 16, 2025 Recent findings by cybersecurity experts reveal the emergence of a new component linked to the BPFDoor backdoor, spotlighting a sophisticated wave of cyber attacks that targeted the telecommunications, finance, and retail sectors across multiple regions, including…

Read More

New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks

Apr 16, 2025
Cyber Espionage / Network Security

Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…

Major Breach Exposes Sensitive Medical Marijuana Patient Information – MJBizDaily

Sensitive Medical Marijuana Patient Data Compromised in Significant Breach In a concerning incident highlighting the vulnerabilities in healthcare data security, sensitive personal information of medical marijuana patients has been exposed due to a significant data breach. This breach raises alarms about the confidentiality of patient records, emphasizing the urgent need…

Read MoreMajor Breach Exposes Sensitive Medical Marijuana Patient Information – MJBizDaily

Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities

May 21, 2025
Cyber Espionage / Vulnerability

State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.

Russian Hackers Target Email and VPN Vulnerabilities to Monitor Ukraine Aid Operations May 21, 2025 Cyber Espionage / Vulnerability In a troubling development, Russian cyber threat actors have initiated a state-sponsored campaign aimed at infiltrating Western logistics and technology sectors, with particular focus since 2022. Authorities attribute this wave of…

Read More

Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities

May 21, 2025
Cyber Espionage / Vulnerability

State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Microsoft Releases Critical Patches for 97 Vulnerabilities, Addressing Active Ransomware Threat On April 12, 2023, Microsoft introduced a substantial set of security updates aimed at rectifying a total of 97 vulnerabilities across its software ecosystem. Among these, one particular flaw is currently being exploited actively in ransomware operations. This month’s…

Read More

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Citrix NetScaler Devices Targeted in New Wave of Attacks

Network Firewalls, Network Access Control, Security Operations Citrix Releases Patches Following Exploitation of Memory Overflow Vulnerability David Perera (@daveperera) • August 26, 2025 Image: Ken Wolter/Shutterstock Citrix’s NetScaler users are being urged to apply critical patches following the discovery of a zero-day vulnerability. This security flaw potentially allows attackers to…

Read MoreCitrix NetScaler Devices Targeted in New Wave of Attacks

Google Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach

A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…

Read MoreGoogle Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach