The Breach News

CISA Alerts on Ongoing Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant vulnerability affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog, citing ongoing indications of active exploitation. This flaw, identified as CVE-2022-36537, carries a CVSS score of 7.5 and impacts several versions of the framework, specifically…

Read MoreCISA Alerts on Ongoing Exploitation of ZK Java Web Framework Vulnerability

Austrian Interior Ministry Reports Breach of 100 Email Accounts

Cyberwarfare / Nation-State Attacks, Email Security & Protection, Fraud Management & Cybercrime No Law Enforcement Information or Personal Data Compromised, Says Austrian Government Akshaya Asokan (asokan_akshaya) • September 1, 2025 The headquarters of Austria’s Ministry of the Interior in Palais Modena, Vienna. (Image: Wikimedia Commons) The Austrian government has confirmed…

Read MoreAustrian Interior Ministry Reports Breach of 100 Email Accounts

China Poised to Unveil Advanced High-Tech Weapons on the Global Stage

China is poised for a significant military showcase, marking the 80th anniversary of its victory over Japan in World War II. The event, scheduled for September 3 in Tiananmen Square, will feature a grand military parade that combines historical commemoration with a strategic assertion aimed at the international community, signaling…

Read MoreChina Poised to Unveil Advanced High-Tech Weapons on the Global Stage

CERT-UA Reports Cyberattacks on Ukrainian State Systems Utilizing WRECKSTEEL Malware

In a concerning revelation, the Computer Emergency Response Team of Ukraine (CERT-UA) has reported three cyberattacks targeting state administration and critical infrastructure. The objective of these attacks appears to be data theft from sensitive governmental entities. According to CERT-UA, the coordinated campaign utilized compromised email accounts to dispatch phishing emails.…

Read MoreCERT-UA Reports Cyberattacks on Ukrainian State Systems Utilizing WRECKSTEEL Malware

Morocco Issues Alert for Gmail Users Following Significant Data Breach

Phishing Attempts Surge Following Major Data Breach Impacting Gmail Users Rabat, Morocco – In a worrying development, Morocco’s Center for Monitoring, Detection, and Response to Computer Attacks (maCERT) has issued a cautionary alert regarding a rise in phishing attempts specifically targeting Gmail users. This escalation follows the recent breach of…

Read MoreMorocco Issues Alert for Gmail Users Following Significant Data Breach

Vulnerabilities in AirPlay Allow Zero-Click Remote Code Execution on Apple Devices Through Public Wi-Fi

Recent disclosures from cybersecurity researchers have highlighted a series of vulnerabilities within Apple’s AirPlay protocol, which, if exploited, could allow attackers to gain control over various devices utilizing this wireless technology. These vulnerabilities, collectively referred to as “AirBorne” by the Israeli cyber firm, Oligo, open avenues for potential exploitation that…

Read MoreVulnerabilities in AirPlay Allow Zero-Click Remote Code Execution on Apple Devices Through Public Wi-Fi

Introducing the EX-22 Tool: Empowering Hackers for Covert Ransomware Attacks on Enterprises

A new and sophisticated post-exploitation framework known as EXFILTRATOR-22, or EX-22, has surfaced, designed to facilitate ransomware deployment within enterprise networks while maintaining stealth. This tool presents a range of features that streamline the post-exploitation process, making it increasingly accessible for cybercriminals, as outlined in a recent report by cybersecurity…

Read MoreIntroducing the EX-22 Tool: Empowering Hackers for Covert Ransomware Attacks on Enterprises

Law Enforcement Operation Cracks Down on Counterfeit ID Platform VerifTools

Cybercrime as-a-service, Fraud Management & Cybercrime, Governance & Risk Management FBI Takes Down Domains; Dutch Authorities Analyze Data to Identify Administrators and Users Mathew J. Schwartz (euroinfosec) • September 1, 2025 Law enforcement officials indicated that VerifTools offered fake passports and U.S. driver’s license images for as low as $9.…

Read MoreLaw Enforcement Operation Cracks Down on Counterfeit ID Platform VerifTools

Amazon Disrupts Russian APT29 Watering Hole Attack Targeting Microsoft Authentication

Amazon has effectively thwarted a watering hole campaign orchestrated by the Russian APT29, known as Midnight Blizzard, which exploited compromised websites to undermine Microsoft authentication through malicious redirects. The incident came to light when Amazon’s security team discerned new activities from APT29, a threat group correlated with Russia’s Foreign Intelligence…

Read MoreAmazon Disrupts Russian APT29 Watering Hole Attack Targeting Microsoft Authentication