The Breach News

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control

June 11, 2025
IoT Security / Vulnerability

Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.

The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:

  • CVE-2025-5484 (CVSS score: 8.3) – Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier.

SinoTrack GPS Devices Expose Vulnerabilities for Remote Vehicle Control On June 11, 2025, significant security vulnerabilities were identified in SinoTrack GPS devices, which could be leveraged by attackers to manipulate certain remote functions of connected vehicles and monitor their locations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an…

Read More

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control

June 11, 2025
IoT Security / Vulnerability

Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.

The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:

  • CVE-2025-5484 (CVSS score: 8.3) – Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier.

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

Experts Uncover Extended Cyber Attack Targeting East Asian IT Firm with Custom Malware RDStealer June 20, 2023 In a significant security breach, cybersecurity experts have revealed a prolonged and sophisticated cyber attack on an information technology firm located in East Asia, spearheaded by a custom malware strain known as RDStealer.…

Read More

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of digital assets. This week includes a New York Ponzi scammer…

Read MoreNY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.

Breaking: Criminal Proxy Botnet Utilizing IoT and End-of-Life Devices Dismantled in Collaborative U.S.-Dutch Operation On May 9, 2025, a significant joint operation by Dutch and U.S. law enforcement successfully dismantled a sophisticated criminal proxy network that exploited thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This extensive…

Read More

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.

Thrive Introduces Network Detection and Response Solutions

BOSTON, Aug. 21, 2025 (GLOBE NEWSWIRE) — Thrive, a prominent global provider of technology outsourcing specializing in cybersecurity, cloud services, and traditional managed services, has unveiled a new Network Detection and Response (NDR) service aimed at bolstering cybersecurity for businesses. This service will continuously monitor networks for potential security incidents,…

Read MoreThrive Introduces Network Detection and Response Solutions

295 Malicious IPs Coordinate Brute-Force Assaults on Apache Tomcat Manager Interfaces

Date: June 11, 2025
Category: Network Security / Threat Intelligence

Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.

295 Malicious IPs Initiate Coordinated Brute-Force Attacks on Apache Tomcat Manager June 11, 2025 Network Security / Threat Intelligence GreyNoise, a prominent threat intelligence organization, has issued an alert regarding significant coordinated brute-force attacks aimed at Apache Tomcat Manager interfaces. On June 5, 2025, the firm detected a sharp increase…

Read More

295 Malicious IPs Coordinate Brute-Force Assaults on Apache Tomcat Manager Interfaces

Date: June 11, 2025
Category: Network Security / Threat Intelligence

Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed as actively exploited in specific targeted attacks, raising concerns among…

Read More

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

IT and Data of Drug R&D Company Compromised in Alleged Qilin Attack

Data Privacy, Data Security, Fraud Management & Cybercrime Inotiv Inc. Reports Disruptions Due to Cyberattack Marianne Kolbasuk McGee (HealthInfoSec) • August 20, 2025 Inotiv has informed the SEC that a cyberattack on August 8 has compromised its IT systems. (Image: Inotiv) Inotiv, a contract research organization based in Indiana, disclosed…

Read MoreIT and Data of Drug R&D Company Compromised in Alleged Qilin Attack

The Enduring Issue: Why Exposed Credentials Go Unaddressed—and Solutions for Change

May 12, 2025
Secrets Management / DevSecOps

Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”

Understanding Why Exposed Secrets Persist

This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…

The Persistence Problem: The Ongoing Risk of Exposed Credentials and Strategies for Mitigation May 12, 2025 In the realm of cybersecurity, identifying leaked credentials marks only the initial phase of a much larger challenge. The critical follow-up—how organizations manage and remediate these vulnerabilities—often remains neglected. Recent findings published in GitGuardian’s…

Read More

The Enduring Issue: Why Exposed Credentials Go Unaddressed—and Solutions for Change

May 12, 2025
Secrets Management / DevSecOps

Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”

Understanding Why Exposed Secrets Persist

This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…