The Breach News

US Agencies and FireEye Compromised via SolarWinds Software Vulnerability

In a significant cybersecurity breach, state-sponsored actors allegedly associated with Russia have targeted prominent U.S. agencies, including the Treasury and the Department of Commerce’s National Telecommunications and Information Administration (NTIA). This sophisticated cyber espionage campaign has involved the monitoring of internal email communications, exposing vulnerabilities in national cybersecurity. Reports from…

Read MoreUS Agencies and FireEye Compromised via SolarWinds Software Vulnerability

Why the Most Effective Cyber Resilience Plans Incorporate Failure: A Webinar

Cloud Data Security & Resilience, Security Operations Presented by Rubrik 60 Minutes The reality of cyberattacks can severely disrupt business operations, harm organizational reputations, and result in significant financial losses. Therefore, implementing a robust recovery plan post-attack is not just advisable but essential. Companies that proactively prepare for potential breaches…

Read MoreWhy the Most Effective Cyber Resilience Plans Incorporate Failure: A Webinar

Taiwan Raises Concerns Over Bias and Data Breaches in Deepseek and Other Chinese AI Technologies

Taiwanese Security Bureau Issues Warning on Chinese AI Apps Due to Data Breach Concerns On November 16, the National Security Bureau (NSB) of Taiwan issued a cautionary statement advising citizens to exercise vigilance when using generative artificial intelligence (AI) models developed in China. This warning follows comprehensive assessments of five…

Read MoreTaiwan Raises Concerns Over Bias and Data Breaches in Deepseek and Other Chinese AI Technologies

Pentera’s 2024 Report Uncovers Hundreds of Weekly Security Events, Emphasizing the Importance of Continuous Validation

markdown Cybersecurity Breaches Continue to Rise Despite Increased Protections In an alarming trend, recent findings indicate that over 51% of organizations have fallen victim to cyberattacks in the past two years. Despite deploying an average of 53 distinct security solutions, the effectiveness of these measures remains questionable. These insights are…

Read MorePentera’s 2024 Report Uncovers Hundreds of Weekly Security Events, Emphasizing the Importance of Continuous Validation

Three Zero-Day Vulnerabilities Affect SonicWall Enterprise Email Security Appliances

SonicWall Tackles Critical Security Vulnerabilities Targeting Email Security Solutions SonicWall has recently patched three severe security vulnerabilities in its email security products that have been exploited in the wild. These vulnerabilities, identified as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, were disclosed following an investigation by FireEye’s Mandiant subsidiary. The flaws were reported…

Read MoreThree Zero-Day Vulnerabilities Affect SonicWall Enterprise Email Security Appliances

Microsoft Confirms Its Systems Were Compromised in Major SolarWinds Hack

A comprehensive state-sponsored espionage operation targeting the software company SolarWinds has also extended to Microsoft, according to recent developments in an ongoing investigation. Initial reports suggest that the attack might be more extensive and sophisticated than earlier assessments indicated. Reuters first disclosed Microsoft’s involvement, noting that malicious actors utilized the…

Read MoreMicrosoft Confirms Its Systems Were Compromised in Major SolarWinds Hack

Revealing the Hidden Flaw that Uncovered a Tech Giant’s Data Breach

In a notable incident within the cybersecurity realm, Logitech International S.A., a prominent player in the tech industry, reported a cybersecurity breach on November 14, 2025. The incident stemmed from a zero-day vulnerability in a third-party software platform that facilitated the exfiltration of internal data. Although the breach did not…

Read MoreRevealing the Hidden Flaw that Uncovered a Tech Giant’s Data Breach

Russia’s APT28 Utilizes Windows Print Spooler Vulnerability to Deploy ‘GooseEgg’ Malware

A recent cyber threat has emerged, linked to the nation-state group known as APT28, which has exploited a vulnerability in the Microsoft Windows Print Spooler service to distribute a custom malware variant named GooseEgg. This security flaw, tracked as CVE-2022-38028, received a high CVSS score of 7.8 and has been…

Read MoreRussia’s APT28 Utilizes Windows Print Spooler Vulnerability to Deploy ‘GooseEgg’ Malware