The Breach News

Major Security Flaws in CyberArk and HashiCorp Enable Remote Vault Access Without Credentials

Date: Aug 09, 2025
Category: Vulnerability / Enterprise Security

Cybersecurity researchers have uncovered a series of serious vulnerabilities in the secure vault systems of CyberArk and HashiCorp. These flaws can potentially allow remote attackers to infiltrate corporate identity systems, extracting sensitive information and tokens. Identified collectively as “Vault Fault,” the 14 vulnerabilities impact CyberArk’s Secrets Manager, Self-Hosted, and Conjur Open Source, as well as HashiCorp Vault, as detailed in a report from identity security firm Cyata.

Following responsible disclosure in May 2025, the vulnerabilities have been addressed in the following updates:

  • CyberArk Secrets Manager and Self-Hosted: Versions 13.5.1 and 13.6.1
  • CyberArk Conjur Open Source: Version 1.22.1
  • HashiCorp Vault (Community and Enterprise Editions): Versions 1.20.2, 1.19.8, 1.18.13, and 1.16.24

The vulnerabilities include serious issues such as authentication bypasses, impersonation, privilege escalation, code execution pathways, and root token theft. The most critical flaw allows for remote code execution, posing a significant threat to security.

CyberArk and HashiCorp Vulnerabilities Expose Corporate Vaults to Remote Takeover August 9, 2025—In a significant cybersecurity alert, researchers have identified a series of vulnerabilities in the enterprise secure vaults offered by CyberArk and HashiCorp. These vulnerabilities, totaling 14 and collectively dubbed “Vault Fault,” enable remote attackers to infiltrate corporate identity…

Read More

Major Security Flaws in CyberArk and HashiCorp Enable Remote Vault Access Without Credentials

Date: Aug 09, 2025
Category: Vulnerability / Enterprise Security

Cybersecurity researchers have uncovered a series of serious vulnerabilities in the secure vault systems of CyberArk and HashiCorp. These flaws can potentially allow remote attackers to infiltrate corporate identity systems, extracting sensitive information and tokens. Identified collectively as “Vault Fault,” the 14 vulnerabilities impact CyberArk’s Secrets Manager, Self-Hosted, and Conjur Open Source, as well as HashiCorp Vault, as detailed in a report from identity security firm Cyata.

Following responsible disclosure in May 2025, the vulnerabilities have been addressed in the following updates:

  • CyberArk Secrets Manager and Self-Hosted: Versions 13.5.1 and 13.6.1
  • CyberArk Conjur Open Source: Version 1.22.1
  • HashiCorp Vault (Community and Enterprise Editions): Versions 1.20.2, 1.19.8, 1.18.13, and 1.16.24

The vulnerabilities include serious issues such as authentication bypasses, impersonation, privilege escalation, code execution pathways, and root token theft. The most critical flaw allows for remote code execution, posing a significant threat to security.

Google Confirms Security Breach: What User Data Has Been Compromised?

Google has confirmed a significant hacking incident. SOPA Images/LightRocket via Getty Images Update, August 9, 2025: This report has been updated to reflect new insights from cybersecurity experts on the confirmed breach involving Google, elaborating on the compromised user data and the subsequent actions organizations should consider. The Google Threat…

Read MoreGoogle Confirms Security Breach: What User Data Has Been Compromised?

eSIM Vulnerability in eUICC Cards Poses Serious Threat to Billions of IoT Devices

Cybersecurity researchers have uncovered a new hacking technique that exploits vulnerabilities in eSIM technology, putting users at significant risk. This issue particularly affects the Kigen eUICC card, with over two billion IoT device SIMs activated as of December 2020, according to the Irish company’s website. The findings come from Security Explorations, a research lab affiliated with AG Security Research, which was awarded a $30,000 bounty by Kigen for their report. An eSIM, or embedded SIM, is a digital SIM card integrated into a device via software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable users to activate cellular plans without needing a physical SIM card, while eUICC software facilitates the installation of operator profiles, remote provisioning, and SIM profile management.

eSIM Vulnerability in eUICC Cards Threatens Billions of IoT Devices to Cyber Attacks In a significant cybersecurity breakthrough, researchers have unveiled a vulnerability within the eSIM technology that could expose billions of Internet of Things (IoT) devices to malicious attacks. This issue specifically involves the Kigen eUICC card, which has…

Read More

eSIM Vulnerability in eUICC Cards Poses Serious Threat to Billions of IoT Devices

Cybersecurity researchers have uncovered a new hacking technique that exploits vulnerabilities in eSIM technology, putting users at significant risk. This issue particularly affects the Kigen eUICC card, with over two billion IoT device SIMs activated as of December 2020, according to the Irish company’s website. The findings come from Security Explorations, a research lab affiliated with AG Security Research, which was awarded a $30,000 bounty by Kigen for their report. An eSIM, or embedded SIM, is a digital SIM card integrated into a device via software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable users to activate cellular plans without needing a physical SIM card, while eUICC software facilitates the installation of operator profiles, remote provisioning, and SIM profile management.

THN Weekly Roundup: Key Cybersecurity Threats, Tools, and Practices (Nov 4 – Nov 10)

📅 Published: November 11, 2024
Category: Cybersecurity / Hacking News

⚠️ Picture this: the tools you rely on for online security—two-factor authentication, your car’s tech, and even your security software—have become covert accomplices for hackers. Sounds like a suspenseful plot, right? Yet, in 2024, this is the startling reality of cyber threats. Today’s adversaries are leveraging our trusted resources as hidden gateways, evading defenses without leaving a trace. For financial institutions, this development is particularly concerning. Modern malware doesn’t just compromise codes; it undermines the very trust that underpins digital banking. These advanced threats often stay one step ahead of our protective measures.

Moreover, critical infrastructure in our cities is under siege. Cybercriminals are infiltrating the very tools that operate these essential services, making detection and prevention increasingly challenging. It’s a tense game of cat and mouse, where every action heightens the stakes. As these threats escalate, let’s explore …

THN Recap: Key Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10) Published: Nov 11, 2024 Category: Cybersecurity / Hacking News This week, the landscape of cybersecurity has taken a concerning turn as trusted protection tools are being exploited by sophisticated hackers. In an era where two-factor authentication, automotive…

Read More

THN Weekly Roundup: Key Cybersecurity Threats, Tools, and Practices (Nov 4 – Nov 10)

📅 Published: November 11, 2024
Category: Cybersecurity / Hacking News

⚠️ Picture this: the tools you rely on for online security—two-factor authentication, your car’s tech, and even your security software—have become covert accomplices for hackers. Sounds like a suspenseful plot, right? Yet, in 2024, this is the startling reality of cyber threats. Today’s adversaries are leveraging our trusted resources as hidden gateways, evading defenses without leaving a trace. For financial institutions, this development is particularly concerning. Modern malware doesn’t just compromise codes; it undermines the very trust that underpins digital banking. These advanced threats often stay one step ahead of our protective measures.

Moreover, critical infrastructure in our cities is under siege. Cybercriminals are infiltrating the very tools that operate these essential services, making detection and prevention increasingly challenging. It’s a tense game of cat and mouse, where every action heightens the stakes. As these threats escalate, let’s explore …

⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

This week in cybersecurity has shed light on critical vulnerabilities and significant criminal activity affecting major organizations. Precision is paramount in this field; minor oversights can cascade into enormous security breaches. In this context, notable incidents underline systemic issues, such as reliance on outdated tools, sluggish risk responses, and a…

Read More⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.

New Ymir Ransomware Unveiled: A Stealthy Threat to Corporate Networks November 12, 2024 Cyber Attack / Cybercrime Cybersecurity experts have identified a newly emerged ransomware variant dubbed Ymir, which has been linked to a recent cyberattack. This attack occurred just two days after an initial compromise via a stealer malware…

Read More

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.