The Breach News

Revisiting the Past: Iranian Hackers Take Advantage of Macros

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime MuddyWater Resumes Use of Bulletproof Hosting and Custom Malware Mathew J. Schwartz (euroinfosec) • September 17, 2025 Image: Iurii Stepanov/Shutterstock An Iranian state-sponsored hacking group, MuddyWater, is reportedly reviving its tactics by incorporating Microsoft Office documents with malicious macros into its attack…

Read MoreRevisiting the Past: Iranian Hackers Take Advantage of Macros

Hackers Exploit CAPTCHA Loophole in Webflow CDN PDFs to Evade Security Scanners

A recent phishing assault has emerged, allegedly utilizing counterfeit PDF documents hosted on the Webflow content delivery network (CDN) with the aim of capturing credit card data and executing financial fraud. This operation specifically targets individuals searching for academic materials or documents through search engines. According to Netskope Threat Labs…

Read MoreHackers Exploit CAPTCHA Loophole in Webflow CDN PDFs to Evade Security Scanners

Apache Tomcat Vulnerability Exploited Within 30 Hours of Public Release

A recently uncovered security vulnerability in Apache Tomcat has begun to see active exploitation shortly after its disclosure. The flaw, designated as CVE-2025-24813, was made publicly available along with a proof-of-concept (PoC) within just 30 hours of its initial announcement. This vulnerability impacts several versions of Apache Tomcat, including 11.0.0-M1…

Read MoreApache Tomcat Vulnerability Exploited Within 30 Hours of Public Release

Chinese Hackers Employ Stealthy Infection Chain to Deploy LODEINFO Malware

A recently reported cybersecurity incident has revealed a stealthy infection chain employed by the Chinese state-sponsored group known as Stone Panda. This threat actor has been targeting various entities in Japan, including media outlets, governmental and public sector organizations, as well as think tanks, raising alarms about the potential risk…

Read MoreChinese Hackers Employ Stealthy Infection Chain to Deploy LODEINFO Malware

Two Eye Care Practice Strategies Impact 260,000 Patients and Staff

Data Breach Notification, Data Security, Fraud Management & Cybercrime Recent Cyberattacks Target Ophthalmology Practices in South Dakota and Florida Marianne Kolbasuk McGee (HealthInfoSec) • September 16, 2025 Major hacking breaches have affected the Retina Group of Florida and Black Hills Regional Eye Institute this year. (Image: Retina Group of Florida,…

Read MoreTwo Eye Care Practice Strategies Impact 260,000 Patients and Staff

RansomHub Named 2024’s Leading Ransomware Group, Targeting Over 600 Organizations Worldwide

Rise of RansomHub: A Resurgent Threat in Cybercrime The RansomHub ransomware-as-a-service (RaaS) group has emerged as a significant player in the cybercrime landscape, capitalizing on previously patched vulnerabilities in Microsoft Active Directory and the Netlogon protocol to facilitate unauthorized access to victim networks. Recent analyses highlight the group’s ability to…

Read MoreRansomHub Named 2024’s Leading Ransomware Group, Targeting Over 600 Organizations Worldwide

Nearly 700,000 Customers Affected by Insider Attack at U.S. Fintech Company

A US-based fintech company, FinWise, has alerted its customers about a potential data breach stemming from an insider threat. The organization, which facilitates loans on behalf of various American financial institutions, disclosed that a former employee accessed sensitive customer information after their departure from the company. According to filings made…

Read MoreNearly 700,000 Customers Affected by Insider Attack at U.S. Fintech Company

New Critical AMI BMC Vulnerability Allows Remote Server Takeover and Bricking

Serious Security Flaw Discovered in AMI’s MegaRAC BMC Software A significant security vulnerability has been identified within AMI’s MegaRAC Baseboard Management Controller (BMC) software, which allows malicious actors to bypass authentication processes and execute unauthorized actions on affected systems. This vulnerability is classified as CVE-2024-54085, and it has been assigned…

Read MoreNew Critical AMI BMC Vulnerability Allows Remote Server Takeover and Bricking