The Breach News

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Critical Security Vulnerabilities in Versa Concerto Expose Hosts to Exploitation May 22, 2025 Vulnerability / Software Security Recent investigations by cybersecurity experts have illuminated serious security weaknesses within the Versa Concerto network security and SD-WAN orchestration platform. These critical vulnerabilities could potentially allow malicious actors to gain control over affected…

Read More

Critical Flaws in Versa Concerto Allow Attackers to Escape Docker and Compromise Hosts

May 22, 2025
Vulnerability / Software Security

Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:

  • CVE-2025-34025 (CVSS score: 8.6): A privilege escalation and Docker container escape vulnerability resulting from unsafe default mounting of host binary paths, potentially allowing code execution on the host system.

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign known as DeathNote. Traditionally focused on the cryptocurrency sector, this…

Read More

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Okta Acquires Axiom Security to Enhance Privileged Access Solutions

Governance & Risk Management, Identity & Access Management, Multi-factor & Risk-based Authentication Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A Michael Novinson (MichaelNovinson) • August 26, 2025 Arnab Bose, Chief Product Officer, Okta (Image: Okta) Okta has announced its intention to acquire Axiom Security, a startup specializing in privileged…

Read MoreOkta Acquires Axiom Security to Enhance Privileged Access Solutions

CISA Warns of Actively Exploited Vulnerability in SonicWall SMA Devices

Date: April 17, 2025
Category: Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized a significant security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways as a Known Exploited Vulnerability (KEV) due to ongoing active exploitation. This high-severity vulnerability, identified as CVE-2021-20035 (CVSS score: 7.2), involves an operating system command injection that may allow for unauthorized code execution.

According to SonicWall’s advisory from September 2021, “improper neutralization of special elements in the SMA100 management interface permits a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, potentially leading to code execution.”

The vulnerability impacts the following models: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions—10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and higher), and 9.0…

CISA Identifies Actively Exploited Vulnerability in SonicWall SMA Devices On April 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took significant action by adding a critical security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) list. This classification stems from…

Read More

CISA Warns of Actively Exploited Vulnerability in SonicWall SMA Devices

Date: April 17, 2025
Category: Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized a significant security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways as a Known Exploited Vulnerability (KEV) due to ongoing active exploitation. This high-severity vulnerability, identified as CVE-2021-20035 (CVSS score: 7.2), involves an operating system command injection that may allow for unauthorized code execution.

According to SonicWall’s advisory from September 2021, “improper neutralization of special elements in the SMA100 management interface permits a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, potentially leading to code execution.”

The vulnerability impacts the following models: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions—10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and higher), and 9.0…

Salesloft and Drift Breached: OAuth Tokens Stolen and Salesforce Corporate Data Exfiltrated

A significant data breach involving corporate Salesforce instances has emerged, with hackers exploiting compromised OAuth tokens associated with the Salesloft Drift application. This sophisticated exfiltration campaign has led to the exposure of sensitive data from numerous organizations. The threat group, identified as UNC6395, executed their operations between August 8 and…

Read MoreSalesloft and Drift Breached: OAuth Tokens Stolen and Salesforce Corporate Data Exfiltrated

Urgent Vulnerability in Windows Server 2025 dMSA Poses Risk of Active Directory Breach

May 22, 2025
Cybersecurity / Vulnerability

A critical privilege escalation flaw has been identified in Windows Server 2025, allowing attackers to compromise any user within Active Directory (AD). According to Akamai security researcher Yuval Gordon, the vulnerability exploits the Delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025. This attack can be executed easily with the default configuration, posing a significant threat to organizations relying on AD. “In 91% of the environments we examined, users outside of the domain admin group possessed the necessary permissions to carry out this attack,” Gordon noted in a report shared with The Hacker News. The vulnerability takes advantage of the dMSA feature designed to facilitate migration from legacy service accounts and intended to mitigate Kerberoasting attacks. The attack technique has been dubbed “BadSuccessor” by the researchers.

Critical Vulnerability in Windows Server 2025 Poses Risk to Active Directory Security May 22, 2025 In a significant cybersecurity development, researchers have identified a privilege escalation vulnerability in Windows Server 2025 that threatens the integrity of Active Directory (AD). This flaw allows attackers to potentially compromise any user account within…

Read More

Urgent Vulnerability in Windows Server 2025 dMSA Poses Risk of Active Directory Breach

May 22, 2025
Cybersecurity / Vulnerability

A critical privilege escalation flaw has been identified in Windows Server 2025, allowing attackers to compromise any user within Active Directory (AD). According to Akamai security researcher Yuval Gordon, the vulnerability exploits the Delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025. This attack can be executed easily with the default configuration, posing a significant threat to organizations relying on AD. “In 91% of the environments we examined, users outside of the domain admin group possessed the necessary permissions to carry out this attack,” Gordon noted in a report shared with The Hacker News. The vulnerability takes advantage of the dMSA feature designed to facilitate migration from legacy service accounts and intended to mitigate Kerberoasting attacks. The attack technique has been dubbed “BadSuccessor” by the researchers.

RTM Locker: A Rising Cybercrime Collective Targeting Enterprises with Ransomware

April 13, 2023
Ransomware / Cyber Attack

Cybersecurity experts have revealed insights into the tactics of a burgeoning cybercriminal organization known as “Read The Manual” (RTM) Locker. This group operates as a private ransomware-as-a-service (RaaS) provider, executing opportunistic attacks to illicitly generate profits. According to a report from cybersecurity firm Trellix shared with The Hacker News, “The RTM Locker gang employs affiliates to extort victims, all of whom must adhere to the gang’s stringent rules.” The structured nature of the group, where affiliates are expected to remain active or inform the gang of their departure, highlights its organizational maturity, akin to that seen in other sophisticated groups like Conti. Originally documented by ESET in February 2017, RTM began in 2015 as a banking malware targeting businesses in Russia through methods such as drive-by downloads, spam, and phishing emails. The group’s attack strategies have since evolved to include ransomware deployment.

RTM Locker: A Rising Cybercriminal Threat Targeting Businesses with Ransomware April 13, 2023 Recent insights from cybersecurity researchers have illuminated the operations of an emerging cybercrime group known as “Read The Manual” (RTM) Locker. This gang functions as a ransomware-as-a-service (RaaS) provider, engaging in opportunistic attacks aimed at businesses to…

Read More

RTM Locker: A Rising Cybercrime Collective Targeting Enterprises with Ransomware

April 13, 2023
Ransomware / Cyber Attack

Cybersecurity experts have revealed insights into the tactics of a burgeoning cybercriminal organization known as “Read The Manual” (RTM) Locker. This group operates as a private ransomware-as-a-service (RaaS) provider, executing opportunistic attacks to illicitly generate profits. According to a report from cybersecurity firm Trellix shared with The Hacker News, “The RTM Locker gang employs affiliates to extort victims, all of whom must adhere to the gang’s stringent rules.” The structured nature of the group, where affiliates are expected to remain active or inform the gang of their departure, highlights its organizational maturity, akin to that seen in other sophisticated groups like Conti. Originally documented by ESET in February 2017, RTM began in 2015 as a banking malware targeting businesses in Russia through methods such as drive-by downloads, spam, and phishing emails. The group’s attack strategies have since evolved to include ransomware deployment.

DOGE Creates Live Replica of Social Security Data

Government, Industry Specific Department of Government Efficiency Staffers Established Unauthorized ‘Live Replica’ of SSA Data Chris Riotta • August 26, 2025 Image: Matt Gush/Shutterstock A report published Tuesday by a whistleblower reveals that staffers from the Trump administration’s Department of Government Efficiency (DOGE) created an unauthorized live replica of Social…

Read MoreDOGE Creates Live Replica of Social Security Data

Blockchain Enhances Security—But Remember the Importance of Strong Passwords

April 17, 2025 | Password Security / Blockchain

Blockchain technology, widely recognized for its role in cryptocurrencies like Bitcoin, is increasingly being leveraged for online authentication. As various industries adopt blockchain-based security solutions, could this technology eventually render passwords obsolete?

Understanding Blockchain

At its core, blockchain is a secure method for maintaining, encrypting, and exchanging digital transaction records. Its security advantages lie in its decentralized structure: the distributed ledger can be accessed by participants across multiple nodes, and it remains immutable. Control is collective, meaning no single entity can alter the ledger’s contents.

Potential Security Benefits

One notable benefit is the creation of a ‘self-sovereign identity’ that revolutionizes online identification. This approach allows users to manage their identity independently of centralized institutions, enabling them to log in to websites or services using a personal, private ID they fully control…

Blockchain Provides Enhanced Security: Don’t Overlook Password Protection April 17, 2025 As the digital landscape evolves, blockchain technology is garnering attention beyond its cryptocurrency roots, particularly for its potential applications in online security and authentication. With businesses across multiple sectors exploring blockchain-based security measures, the question arises: will blockchain technology…

Read More

Blockchain Enhances Security—But Remember the Importance of Strong Passwords

April 17, 2025 | Password Security / Blockchain

Blockchain technology, widely recognized for its role in cryptocurrencies like Bitcoin, is increasingly being leveraged for online authentication. As various industries adopt blockchain-based security solutions, could this technology eventually render passwords obsolete?

Understanding Blockchain

At its core, blockchain is a secure method for maintaining, encrypting, and exchanging digital transaction records. Its security advantages lie in its decentralized structure: the distributed ledger can be accessed by participants across multiple nodes, and it remains immutable. Control is collective, meaning no single entity can alter the ledger’s contents.

Potential Security Benefits

One notable benefit is the creation of a ‘self-sovereign identity’ that revolutionizes online identification. This approach allows users to manage their identity independently of centralized institutions, enabling them to log in to websites or services using a personal, private ID they fully control…