The Breach News

Critical Ivanti Vulnerability Actively Exploited for TRAILBLAZE and BRUSHFIRE Malware Deployment

Ivanti Reveals Critical Security Vulnerability in Connect Secure, Active Exploitation Detected Ivanti has recently announced a critical security vulnerability in its Connect Secure product, which has been the target of active exploitation in real-world scenarios. Labeled CVE-2025-22457, this vulnerability, with a CVSS score of 9.0, involves a stack-based buffer overflow…

Read MoreCritical Ivanti Vulnerability Actively Exploited for TRAILBLAZE and BRUSHFIRE Malware Deployment

Critical Langflow Vulnerability Added to CISA KEV List Amid Ongoing Exploitation Evidence

A significant security vulnerability has emerged within the open-source Langflow platform, prompting its inclusion in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog. This critical flaw, identified as CVE-2025-3248, has been actively exploited in various cyberattacks, as noted by reliable sources. The identified vulnerability has been…

Read MoreCritical Langflow Vulnerability Added to CISA KEV List Amid Ongoing Exploitation Evidence

Cybercriminals Attack Law Firms Using GootLoader and FakeUpdates Malware

In recent months, six law firms fell victim to distinct cybersecurity threats targeting them with GootLoader and FakeUpdates (also known as SocGholish) malware during January and February 2023. These campaigns highlight an alarming trend in the increasing sophistication of cyber attacks aimed at the legal sector. GootLoader, a downloader first…

Read MoreCybercriminals Attack Law Firms Using GootLoader and FakeUpdates Malware

Steering Through AI, Cybersecurity, and Transformation

Artificial Intelligence & Machine Learning, Data Privacy, Data Security Concerns Regarding Enterprise AI are Creating New Opportunities for Professionals Brandy Harris • August 27, 2025 (Image: Shutterstock) The contemporary landscape of careers mirrors the dynamic nature of a river delta, where the convergence of artificial intelligence and cybersecurity is transforming…

Read MoreSteering Through AI, Cybersecurity, and Transformation

PoisonSeed Targets CRM Accounts to Initiate Cryptocurrency Seed Phrase Poisoning Attacks

A new threat campaign named PoisonSeed is exploiting compromised login credentials from customer relationship management (CRM) platforms and mass email services to distribute spam messages featuring cryptocurrency seed phrases. This scheme aims to siphon funds from the digital wallets of unsuspecting victims. According to an analysis by Silent Push, the…

Read MorePoisonSeed Targets CRM Accounts to Initiate Cryptocurrency Seed Phrase Poisoning Attacks

Urgent Update: Google Addresses Exploited Android Vulnerability (CVE-2025-27363)

On May 1, 2025, Google released its latest monthly security updates for Android, addressing 46 security vulnerabilities, including a high-severity flaw that has been confirmed as exploited in the wild. This specific vulnerability, registered as CVE-2025-27363, boasts a CVSS score of 8.1, indicating significant potential risks due to its ability…

Read MoreUrgent Update: Google Addresses Exploited Android Vulnerability (CVE-2025-27363)

Chinese Hackers Launch New MQsTTang Backdoor to Target European Organizations

A recent analysis has unveiled a new custom backdoor, dubbed MQsTTang, employed by the China-aligned hacking group Mustang Panda in a social engineering campaign that began in January 2023. This malware marks a departure from the group’s previously observed tactics, as it appears not to have roots in existing malware…

Read MoreChinese Hackers Launch New MQsTTang Backdoor to Target European Organizations