The Breach News

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

Critical Cisco Flaw in Unified Communications Manager Enables Root Access via Static Credentials On July 3, 2025, Cisco issued critical security updates aimed at addressing a significant vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, designated CVE-2025-20309, boasts a…

Read More

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

THN Cybersecurity Recap: Overview of Threats, Tools, and Developments (Oct 14 – Oct 20) Published on October 21, 2024 In recent developments in cybersecurity, the landscape continues to evolve as hackers deploy increasingly sophisticated methods to infiltrate systems previously considered secure. Security professionals have revealed that known vulnerabilities are being…

Read More

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

Connex Credit Union Data Breach Impacts 172,000 Members

Connex Credit Union has experienced a significant data breach, impacting the personal information of 172,000 members. A legal investigation is underway, with experts advising victims to closely monitor accounts for potential fraud and identity theft. In a recent security incident, Connex Credit Union, one of Connecticut’s largest financial institutions, revealed…

Read MoreConnex Credit Union Data Breach Impacts 172,000 Members

AI Companies Compete to Provide Affordable Contracts to Federal Agencies

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development OpenAI and Anthropic Unveil $1 Annual Offers Amidst Vendor Lock-in Concerns Chris Riotta ( @chrisriotta) • August 12, 2025 Image: Shutterstock In a significant move, artificial intelligence firms are aggressively targeting federal contracts by offering access to premium AI models…

Read MoreAI Companies Compete to Provide Affordable Contracts to Federal Agencies

Hackers Expose Allianz Life Data Stolen in Salesforce Breach

In a significant cybersecurity breach, Allianz Life, a major US insurance firm, has had 2.8 million sensitive records exposed following a data leak linked to ongoing Salesforce attacks. These stolen records contain critical information pertaining to both business partners and customers, highlighting a troubling trend in the escalating sophistication of…

Read MoreHackers Expose Allianz Life Data Stolen in Salesforce Breach

Chinese Hackers Exploit Ivanti CSA Zero-Days to Target French Government and Telecoms

On July 3, 2025, France’s cybersecurity agency disclosed that multiple sectors—including government, telecommunications, media, finance, and transport—were affected by a cyber campaign led by a Chinese hacking group. This group exploited several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, identified in early September 2024, has been linked to an intrusion set known as Houken, which reportedly shares characteristics with the threat cluster tracked by Google Mandiant as UNC5174 (also referred to as Uteus or Uetus). According to the French National Agency for the Security of Information Systems (ANSSI), “Houken’s operators use both zero-day vulnerabilities and sophisticated rootkits, alongside a variety of open-source tools primarily developed by Chinese-speaking programmers.” The attack infrastructure utilized by Houken features a mix of components, including commercial VPNs and other tools.

Chinese Hackers Target French Government and Telecoms Using Ivanti CSA Zero-Days On July 3, 2025, the French cybersecurity agency disclosed a significant cyberattack that has affected various sectors, including government, telecommunications, media, finance, and transport. The assault has been attributed to a Chinese hacking collective that exploited multiple zero-day vulnerabilities…

Read More

Chinese Hackers Exploit Ivanti CSA Zero-Days to Target French Government and Telecoms

On July 3, 2025, France’s cybersecurity agency disclosed that multiple sectors—including government, telecommunications, media, finance, and transport—were affected by a cyber campaign led by a Chinese hacking group. This group exploited several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, identified in early September 2024, has been linked to an intrusion set known as Houken, which reportedly shares characteristics with the threat cluster tracked by Google Mandiant as UNC5174 (also referred to as Uteus or Uetus). According to the French National Agency for the Security of Information Systems (ANSSI), “Houken’s operators use both zero-day vulnerabilities and sophisticated rootkits, alongside a variety of open-source tools primarily developed by Chinese-speaking programmers.” The attack infrastructure utilized by Houken features a mix of components, including commercial VPNs and other tools.

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.

Lazarus Group Exploits Google Chrome Vulnerability to Compromise Targeted Devices On October 24, 2024, cybersecurity experts revealed that the Lazarus Group, a notorious North Korean cyber threat actor, has exploited a recently patched zero-day vulnerability in Google Chrome to gain control over infected devices. The findings were reported by Kaspersky,…

Read More

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.

Data Breach at Dutch Cancer Screening Lab Impacts 485,000 Individuals

Cybercrime, Data Breach Notification, Data Security Hacking Incident at Clinical Diagnostics Lab Represents Shifting Landscape of Cyber Threats in the Netherlands Marianne Kolbasuk McGee (HealthInfoSec) • August 12, 2025 Image: Getty Images A significant data breach has occurred at a Dutch clinical diagnostics laboratory, impacting 485,000 participants in a cervical…

Read MoreData Breach at Dutch Cancer Screening Lab Impacts 485,000 Individuals