The Breach News

North Korean Hackers Shift Focus to Credential Harvesting in Recent Cyberattack Surge

A recent surge in malicious email campaigns has been traced back to a North Korean state-sponsored group known for its history of cryptocurrency heists. This latest wave of activity, identified as a significant shift in tactics, involves aggressive credential harvesting targeting multiple sectors including education, government, and healthcare, in addition…

Read MoreNorth Korean Hackers Shift Focus to Credential Harvesting in Recent Cyberattack Surge

Salesloft Drift Hack Targets Tenable and Qualys Users

Identity & Access Management, Security Operations Salesloft Reports GitHub Repository Compromised by Cyber Attackers Greg Sirico • September 8, 2025 Image: Shutterstock Salesloft has confirmed that hackers gained unauthorized access to its GitHub repository, leading to a significant breach affecting several companies, including cybersecurity firms Tenable and Qualys. This incident…

Read MoreSalesloft Drift Hack Targets Tenable and Qualys Users

Supply-Chain Attack Targets Software Packages Exceeding 2 Billion Weekly Downloads

Hackers have executed a significant supply-chain attack by embedding malicious code into a variety of open-source software packages, impacting more than 2 billion weekly updates. This incident, which has been characterized as possibly the largest of its kind to date, compromised nearly two dozen packages hosted on the npm repository,…

Read MoreSupply-Chain Attack Targets Software Packages Exceeding 2 Billion Weekly Downloads

Exploitation of PHP-CGI RCE Vulnerability Targets Japan’s Technology, Telecommunications, and E-Commerce Industries

In a disturbing development for cybersecurity, a campaign attributed to unidentified threat actors has emerged, focusing primarily on organizations in Japan since January 2025. This malicious initiative exploits a vulnerability known as CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation on Windows systems, as reported by Cisco…

Read MoreExploitation of PHP-CGI RCE Vulnerability Targets Japan’s Technology, Telecommunications, and E-Commerce Industries

Chinese Hackers Salt Typhoon and UNC4841 Collaborate to Target Critical Infrastructure

Cybersecurity experts from Silent Push have exposed a complex Chinese espionage initiative that intertwines two notable threat actors: Salt Typhoon and UNC4841. This investigation has unveiled a previously hidden network of malicious infrastructure aimed at infiltrating government and corporate networks across more than 80 countries. The analysis identified 45 malicious…

Read MoreChinese Hackers Salt Typhoon and UNC4841 Collaborate to Target Critical Infrastructure

Amazon EC2 SSM Agent Vulnerability Fixed After Path Traversal Leads to Privilege Escalation

Recent findings by cybersecurity experts have unveiled a significant vulnerability within the Amazon EC2 Simple Systems Manager (SSM) Agent, a flaw that has since been patched. Should it have been exploited by malicious actors, the vulnerability could have led to unauthorized privilege escalation and code execution on affected systems. The…

Read MoreAmazon EC2 SSM Agent Vulnerability Fixed After Path Traversal Leads to Privilege Escalation

Researchers Discover Link Between Moses’ Staff and the Emerging Abraham’s Ax Hacktivist Group

Recent findings have established a connection between the politically driven hacktivist group known as Moses Staff and a newly emerging threat actor referred to as Abraham’s Ax, which appeared on the cybersecurity radar in November 2022. This assessment is grounded in shared elements in iconography, video content, and leak sites…

Read MoreResearchers Discover Link Between Moses’ Staff and the Emerging Abraham’s Ax Hacktivist Group

18 Widely Used Code Packages Compromised to Steal Cryptocurrency – Krebs on Security

A significant cybersecurity incident surfaced today involving the brief compromise of at least 18 popular JavaScript code packages, which collectively receive over two billion downloads weekly. The breach occurred after a developer, engaged in maintaining these projects, fell victim to a phishing attack. While the immediate threat was contained—focused on…

Read More18 Widely Used Code Packages Compromised to Steal Cryptocurrency – Krebs on Security

Huge Leak Reveals How a Chinese Firm Is Spreading the Great Firewall Globally

A recent leak comprising over 100,000 documents reveals that a relatively obscure Chinese firm, Geedge Networks, has been surreptitiously marketing censorship systems similar to the Great Firewall to governments globally. Founded in 2018 and backed by key figures involved in China’s censorship framework, Geedge promotes itself as a network-monitoring service…

Read MoreHuge Leak Reveals How a Chinese Firm Is Spreading the Great Firewall Globally