Data Breach at Orange Belgium Exposes 850,000 Customer Records In a significant cyber incident, Orange Belgium has acknowledged a data breach that has impacted approximately 850,000 customers. The breach occurred following a targeted cyberattack on one of the company’s internal IT systems, which was identified in late July. Information compromised…
China-Linked Cyber Espionage Group Targets Over 70 Organizations Across Diverse Sectors
June 9, 2025
Government Security / Cyber Espionage
Recent reconnaissance efforts against American cybersecurity firm SentinelOne are part of a larger wave of intrusions affecting various targets between July 2024 and March 2025. “The victims include a South Asian government agency, a European media outlet, and over 70 organizations spanning numerous sectors,” noted SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel in a recent report. Affected sectors include manufacturing, government, finance, telecommunications, and research. Notably, an IT services and logistics firm was compromised while managing equipment logistics for SentinelOne staff during the breach in early 2025. This malicious activity has been confidently linked to threat actors associated with China, with some attacks attributed to a cluster known as PurpleHaze, which overlaps with recognized Chinese cyber espionage groups labeled APT15.
Over 70 Organizations Affected by Cyber Espionage Linked to China June 9, 2025 Government Security / Cyber Espionage A recent report has unveiled significant cyber espionage activities against a diverse range of organizations, orchestrated by a group with ties to China. This campaign, which targeted over 70 entities across various…
China-Linked Cyber Espionage Group Targets Over 70 Organizations Across Diverse Sectors
June 9, 2025
Government Security / Cyber Espionage
Recent reconnaissance efforts against American cybersecurity firm SentinelOne are part of a larger wave of intrusions affecting various targets between July 2024 and March 2025. “The victims include a South Asian government agency, a European media outlet, and over 70 organizations spanning numerous sectors,” noted SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel in a recent report. Affected sectors include manufacturing, government, finance, telecommunications, and research. Notably, an IT services and logistics firm was compromised while managing equipment logistics for SentinelOne staff during the breach in early 2025. This malicious activity has been confidently linked to threat actors associated with China, with some attacks attributed to a cluster known as PurpleHaze, which overlaps with recognized Chinese cyber espionage groups labeled APT15.
May 16, 2023
Network Security / Threat Intelligence
The Chinese state-sponsored group known as Mustang Panda has been connected to a series of sophisticated, targeted attacks aimed at European foreign affairs entities since January 2023. According to researchers Itay Cohen and Radoslaw Madej from Check Point, these intrusions involve a custom firmware implant specifically designed for TP-Link routers. This implant includes several malicious components, featuring a custom backdoor dubbed “Horse Shell” that allows attackers to maintain persistent access, establish anonymous infrastructure, and facilitate lateral movement within compromised networks. Furthermore, the implant’s firmware-agnostic design enables its components to be integrated into various firmware from different vendors. The Israeli cybersecurity firm is monitoring this threat group, also known as Camaro Dragon, along with other aliases such as BASIN, Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.
Mustang Panda Hackers Target European Foreign Affairs with TP-Link Router Exploit On May 16, 2023, it was reported that the Chinese state-sponsored hacking group, known as Mustang Panda, has orchestrated a series of sophisticated and targeted attacks against European foreign affairs organizations since January 2023. This alarming development highlights the…
May 16, 2023
Network Security / Threat Intelligence
The Chinese state-sponsored group known as Mustang Panda has been connected to a series of sophisticated, targeted attacks aimed at European foreign affairs entities since January 2023. According to researchers Itay Cohen and Radoslaw Madej from Check Point, these intrusions involve a custom firmware implant specifically designed for TP-Link routers. This implant includes several malicious components, featuring a custom backdoor dubbed “Horse Shell” that allows attackers to maintain persistent access, establish anonymous infrastructure, and facilitate lateral movement within compromised networks. Furthermore, the implant’s firmware-agnostic design enables its components to be integrated into various firmware from different vendors. The Israeli cybersecurity firm is monitoring this threat group, also known as Camaro Dragon, along with other aliases such as BASIN, Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.
Data Breach Notification, Data Security, Fraud Management & Cybercrime Threat Actors Breached a Rural Michigan Health System for Approximately Two Months; BianLian Claims Responsibility Marianne Kolbasuk McGee (HealthInfoSec) • August 22, 2025 Image: Aspire Rural Health System A rural health system in Michigan has reported a significant data breach affecting…
Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident
May 01, 2025
Zero-Day / Threat Intelligence
Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…
Commvault Confirms Breach Linked to CVE-2025-3928 Exploitation in Azure Environment May 1, 2025 Threat Intelligence Commvault, a leader in enterprise data backup solutions, has disclosed that its Microsoft Azure environment was compromised by an unidentified nation-state threat actor exploiting the recently identified vulnerability, CVE-2025-3928. In a statement, the company assured…
Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident
May 01, 2025
Zero-Day / Threat Intelligence
Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…
The Computer Merchant Data Breach: Lawsuit Investigation Attorneys associated with ClassAction.org are currently investigating the possibility of initiating a class action lawsuit in response to The Computer Merchant data breach. In the context of this investigation, they seek to connect with individuals who received notifications indicating that their information was…
CISA Includes Erlang SSH and Roundcube Vulnerabilities in Known Exploited Threats Catalog
On June 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The identified vulnerabilities are:
CVE-2025-32433 (CVSS score: 10.0): A critical missing authentication flaw in the Erlang/OTP SSH server that could enable an attacker to execute arbitrary commands without proper credentials, potentially leading to unauthenticated remote code execution. (Patched in April 2025 in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20)
CVE-2024-42009 (CVSS score: 9.3): A cross-site scripting (XSS) vulnerability in RoundCube Webmail that may allow a remote attacker to compromise a victim’s email account by exploiting a desanitization flaw in program/actions/mail/show.php. (Fixed in August 2024 in versions 1.6…)
CISA Updates KEV Catalog with Critical Vulnerabilities in Erlang SSH and Roundcube On June 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, both of which are currently being actively exploited. These vulnerabilities pertain to…
CISA Includes Erlang SSH and Roundcube Vulnerabilities in Known Exploited Threats Catalog
On June 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The identified vulnerabilities are:
CVE-2025-32433 (CVSS score: 10.0): A critical missing authentication flaw in the Erlang/OTP SSH server that could enable an attacker to execute arbitrary commands without proper credentials, potentially leading to unauthenticated remote code execution. (Patched in April 2025 in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20)
CVE-2024-42009 (CVSS score: 9.3): A cross-site scripting (XSS) vulnerability in RoundCube Webmail that may allow a remote attacker to compromise a victim’s email account by exploiting a desanitization flaw in program/actions/mail/show.php. (Fixed in August 2024 in versions 1.6…)
May 18, 2023
Cyber Warfare / Threat Intelligence
Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.
Rising China-Taiwan Tensions Ignite Surge in Cyber Attacks May 18, 2023 Recent months have witnessed a significant escalation in tensions between China and Taiwan, resulting in a marked increase in cyber attacks aimed at the East Asian island nation. According to a new report from the Trellix Advanced Research Center,…
May 18, 2023
Cyber Warfare / Threat Intelligence
Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.
Software Bill of Materials (SBOM), Standards, Regulations & Compliance US Cyber Defense Agency Advocates for Automation and Machine-Readable SBOMs Chris Riotta (@chrisriotta) • August 22, 2025 Image: CISA The Cybersecurity and Infrastructure Security Agency (CISA) is intensifying efforts to develop Software Bills of Materials (SBOMs) as part of its new…
