The Breach News

CISA Issues Warning on Sitecore RCE Vulnerabilities; Active Exploits Target Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially incorporated two significant six-year-old vulnerabilities affecting the Sitecore Content Management System and Experience Platform into its Known Exploited Vulnerabilities (KEV) catalog. This addition follows credible evidence indicating that these flaws are being actively targeted by malicious actors. The first vulnerability,…

Read MoreCISA Issues Warning on Sitecore RCE Vulnerabilities; Active Exploits Target Next.js and DrayTek Devices

Zerobot Botnet Surges as a Rising Threat with Enhanced Exploits and Features

The Zerobot DDoS botnet has undergone significant updates, enhancing its capacity to target a broader range of internet-connected devices and expand its network. Microsoft Threat Intelligence Center (MSTIC) is closely monitoring this evolving threat, referring to it as DEV-1061, which encompasses unidentified, emerging, or developing activity clusters. First reported by…

Read MoreZerobot Botnet Surges as a Rising Threat with Enhanced Exploits and Features

LAPSUS$ Hunters Announce Shutdown

Cybercrime, Fraud Management & Cybercrime, Social Engineering Skepticism Surrounds Announcement from Cybercriminal Group Akshaya Asokan • September 12, 2025 Image: Shutterstock A group of teenage hackers, known for targeting airlines, insurance firms, and casinos in both the United Kingdom and United States, has announced the cessation of their activities. Their…

Read MoreLAPSUS$ Hunters Announce Shutdown

⚡ THN Weekly Recap: Updates on Zero-Day Exploits, AI Security Breaches, and Cryptocurrency Theft

This week brought a significant cybersecurity incident involving a 23-year-old Serbian activist whose Android device fell prey to a sophisticated zero-day exploit. Developed by Cellebrite, this exploit chain compromised the user’s phone, likely enabling the deployment of a spyware solution known as NoviSpy. The vulnerabilities, which exploit weaknesses in the…

Read More⚡ THN Weekly Recap: Updates on Zero-Day Exploits, AI Security Breaches, and Cryptocurrency Theft

Uncovering the Causes of the UK’s Data Breach Epidemic

Cybersecurity Alert: UK Schools Face Data Breaches Driven by Student Intrusions Recent findings from the Information Commissioner’s Office (ICO) in the UK reveal troubling trends among students exploiting their schools’ computer systems. Data indicates that students are responsible for approximately 57% of reported personal data breaches within educational institutions, highlighting…

Read MoreUncovering the Causes of the UK’s Data Breach Epidemic

Stay Vigilant: The Top 3 MS Office Exploits Hackers Will Use in 2025

Cybercriminals continue to exploit Microsoft Word and Excel documents as conduits for malware delivery as we advance through 2025. These methods remain effective, leveraging phishing tactics and zero-click exploits to infiltrate targets with relative ease, particularly in corporate settings where Office documents are routinely shared. This year, there are three…

Read MoreStay Vigilant: The Top 3 MS Office Exploits Hackers Will Use in 2025

Debunking the Myth: Why SMBs Are Not “Too Small to Be a Target” for Cyber Attacks

The topics include Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime, and Governance & Risk Management. Also: AI Pilot Project Purgatory, Agentic AI Commerce Fraud Concerns Anna Delaney (annamadeline) • September 12, 2025 Clockwise, from top left: Anna Delaney, Tom Field, Rashmi Ramesh, and Suparna Goswami In the latest…

Read MoreDebunking the Myth: Why SMBs Are Not “Too Small to Be a Target” for Cyber Attacks