The Breach News

Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities

May 21, 2025
Cyber Espionage / Vulnerability

State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.

Russian Hackers Target Email and VPN Vulnerabilities to Monitor Ukraine Aid Operations May 21, 2025 Cyber Espionage / Vulnerability In a troubling development, Russian cyber threat actors have initiated a state-sponsored campaign aimed at infiltrating Western logistics and technology sectors, with particular focus since 2022. Authorities attribute this wave of…

Read More

Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities

May 21, 2025
Cyber Espionage / Vulnerability

State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Microsoft Releases Critical Patches for 97 Vulnerabilities, Addressing Active Ransomware Threat On April 12, 2023, Microsoft introduced a substantial set of security updates aimed at rectifying a total of 97 vulnerabilities across its software ecosystem. Among these, one particular flaw is currently being exploited actively in ransomware operations. This month’s…

Read More

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Citrix NetScaler Devices Targeted in New Wave of Attacks

Network Firewalls, Network Access Control, Security Operations Citrix Releases Patches Following Exploitation of Memory Overflow Vulnerability David Perera (@daveperera) • August 26, 2025 Image: Ken Wolter/Shutterstock Citrix’s NetScaler users are being urged to apply critical patches following the discovery of a zero-day vulnerability. This security flaw potentially allows attackers to…

Read MoreCitrix NetScaler Devices Targeted in New Wave of Attacks

Google Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach

A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…

Read MoreGoogle Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach

Navigating New Cyber Threats: The Shift from Third-Party Vendors to U.S. Tariffs in Supply Chain Security

Apr 16, 2025
Artificial Intelligence / Software Security

Introduction
Cyber threats aimed at supply chains are becoming increasingly concerning for businesses across various sectors. As companies deepen their reliance on third-party vendors, cloud services, and global logistics, cybercriminals are seizing opportunities to exploit vulnerabilities in these interconnected systems. By first targeting a third-party vendor with unnoticed security flaws, attackers can establish a foothold, using these weaknesses to penetrate the networks of primary business partners. This allows them to move laterally through vital systems, ultimately accessing sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile incidents, such as the 2024 ransomware attack on Change Healthcare—one of the largest health payment processing firms—illustrate how attackers can disrupt supply chain operations and compromise millions of patients’ protected health information (PHI), stealing up to 6TB of data.

New Cyber Threats Emerging in Supply Chains: From Third-Party Vendors to U.S. Tariffs April 16, 2025 Artificial Intelligence / Software Security As businesses increasingly rely on third-party vendors and cloud services, cyber threats targeting supply chains have surged to the forefront of corporate concerns. Cybercriminals are keenly aware of the…

Read More

Navigating New Cyber Threats: The Shift from Third-Party Vendors to U.S. Tariffs in Supply Chain Security

Apr 16, 2025
Artificial Intelligence / Software Security

Introduction
Cyber threats aimed at supply chains are becoming increasingly concerning for businesses across various sectors. As companies deepen their reliance on third-party vendors, cloud services, and global logistics, cybercriminals are seizing opportunities to exploit vulnerabilities in these interconnected systems. By first targeting a third-party vendor with unnoticed security flaws, attackers can establish a foothold, using these weaknesses to penetrate the networks of primary business partners. This allows them to move laterally through vital systems, ultimately accessing sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile incidents, such as the 2024 ransomware attack on Change Healthcare—one of the largest health payment processing firms—illustrate how attackers can disrupt supply chain operations and compromise millions of patients’ protected health information (PHI), stealing up to 6TB of data.

Sytech Alerts to Rising Threat of Local Data Breaches – NationalWorld

Sytech Issues Warning on Rising Data Breach Threats Sytech has recently issued a significant alert regarding the increasing frequency and severity of data breaches that could soon impact organizations domestically. This warning underscores the shifting landscape of cybersecurity risks where even small and medium-sized enterprises may find themselves vulnerable to…

Read MoreSytech Alerts to Rising Threat of Local Data Breaches – NationalWorld

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Critical Security Vulnerabilities in Versa Concerto Expose Hosts to Exploitation May 22, 2025 Vulnerability / Software Security Recent investigations by cybersecurity experts have illuminated serious security weaknesses within the Versa Concerto network security and SD-WAN orchestration platform. These critical vulnerabilities could potentially allow malicious actors to gain control over affected…

Read More

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign known as DeathNote. Traditionally focused on the cryptocurrency sector, this…

Read More

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Okta Acquires Axiom Security to Enhance Privileged Access Solutions

Governance & Risk Management, Identity & Access Management, Multi-factor & Risk-based Authentication Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A Michael Novinson (MichaelNovinson) • August 26, 2025 Arnab Bose, Chief Product Officer, Okta (Image: Okta) Okta has announced its intention to acquire Axiom Security, a startup specializing in privileged…

Read MoreOkta Acquires Axiom Security to Enhance Privileged Access Solutions