The Breach News

Researchers Uncover Serious “Super FabriXss” Vulnerability in Microsoft Azure Service Fabric Explorer

March 30, 2023
Cloud Security / Vulnerability

A recently revealed vulnerability in Azure Service Fabric Explorer (SFX) poses a significant risk of unauthenticated remote code execution. Identified as CVE-2023-23383 (CVSS score: 8.2) and coined “Super FabriXss” by Orca Security, this issue draws its name from a prior vulnerability, FabriXss (CVE-2022-35829, CVSS score: 6.2), which Microsoft addressed in October 2022. Security researcher Lidor Ben Shitrit reported that the Super FabriXss vulnerability allows remote attackers to exploit an XSS flaw to execute code on containers running on Service Fabric nodes without requiring authentication. XSS, or cross-site scripting, is a type of client-side injection attack that enables malicious scripts to be uploaded to trusted websites, executing whenever a user visits the compromised site and resulting in harmful outcomes.

Researchers Uncover Critical “Super FabriXss” Vulnerability in Microsoft Azure SFX On March 30, 2023, detailed findings were released concerning a critical vulnerability within Azure Service Fabric Explorer (SFX), which has since been patched. This vulnerability, designated as CVE-2023-23383 and assigned a CVSS score of 8.2, has been dubbed “Super FabriXss”…

Read More

Researchers Uncover Serious “Super FabriXss” Vulnerability in Microsoft Azure Service Fabric Explorer

March 30, 2023
Cloud Security / Vulnerability

A recently revealed vulnerability in Azure Service Fabric Explorer (SFX) poses a significant risk of unauthenticated remote code execution. Identified as CVE-2023-23383 (CVSS score: 8.2) and coined “Super FabriXss” by Orca Security, this issue draws its name from a prior vulnerability, FabriXss (CVE-2022-35829, CVSS score: 6.2), which Microsoft addressed in October 2022. Security researcher Lidor Ben Shitrit reported that the Super FabriXss vulnerability allows remote attackers to exploit an XSS flaw to execute code on containers running on Service Fabric nodes without requiring authentication. XSS, or cross-site scripting, is a type of client-side injection attack that enables malicious scripts to be uploaded to trusted websites, executing whenever a user visits the compromised site and resulting in harmful outcomes.

Gartner Magic Quadrant for Firewall Solutions: Palo Alto, Fortinet, and Check Point

AI-Powered Cloud Next-Generation Firewalls, Network Firewalls, Network Access Control, Security Operations Cisco Gains Recognition While HPE Juniper Emerges as a Challenger in New Hybrid Mesh Firewall Rankings Michael Novinson (MichaelNovinson) • August 29, 2025 The initial Magic Quadrant for hybrid mesh firewalls from Gartner has identified industry leaders, with Palo…

Read MoreGartner Magic Quadrant for Firewall Solutions: Palo Alto, Fortinet, and Check Point

TransUnion Data Breach: Personal Information of 4.4 Million Americans Compromised

A recent data breach at TransUnion has compromised the Social Security numbers of 4.4 million consumers in the United States, following a cyber attack on a Salesforce-integrated application. The breach is associated with the hacking group identified as UNC6395. In an incident that began on July 28, 2025, credit reporting…

Read MoreTransUnion Data Breach: Personal Information of 4.4 Million Americans Compromised

New TCESB Malware Discovered in Active Attacks Targeting ESET Security Scanner

Published: April 9, 2025
Category: Windows Security / Vulnerability

A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…

Newly Discovered TCESB Malware Targets ESET Security Software April 09, 2025 Recent cybersecurity developments have illuminated a new malware strain known as TCESB, which is being actively deployed in ongoing attacks. This malware, linked to a Chinese-affiliated threat actor, exploits vulnerabilities in ESET security software. Analysts at Kaspersky have highlighted…

Read More

New TCESB Malware Discovered in Active Attacks Targeting ESET Security Scanner

Published: April 9, 2025
Category: Windows Security / Vulnerability

A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…

Ivanti Addresses EPMM Vulnerabilities Leading to Remote Code Execution in Select Attacks

May 14, 2025
Vulnerability / Endpoint Security

Ivanti has issued security updates to remedy two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which have been exploited in limited attacks for remote code execution. The vulnerabilities include:

  • CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass that enables attackers to access protected resources without valid credentials.
  • CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability allowing arbitrary code execution on affected systems.

Exploiting these vulnerabilities could allow an attacker to chain them together to execute arbitrary code on a compromised device without authentication. The affected versions of the product are:

  • 11.12.0.4 and earlier (fixed in 11.12.0.5)
  • 12.3.0.1 and earlier (fixed in 12.3.0.2)
  • 12.4.0.1 and earlier (fixed in 12.4.0.2)
  • 12.5.0.0 and earlier (fixed in 12.5.0.1)

Ivanti has credited CERT-EU for reporting these vulnerabilities.

Ivanti Issues Patches for Vulnerabilities in EPMM Software Exploited in Limited Attacks On May 14, 2025, Ivanti announced critical security updates addressing two vulnerabilities in its Endpoint Manager Mobile (EPMM) software. These flaws have been utilized in limited attacks to facilitate remote code execution, raising significant concerns for businesses relying…

Read More

Ivanti Addresses EPMM Vulnerabilities Leading to Remote Code Execution in Select Attacks

May 14, 2025
Vulnerability / Endpoint Security

Ivanti has issued security updates to remedy two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which have been exploited in limited attacks for remote code execution. The vulnerabilities include:

  • CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass that enables attackers to access protected resources without valid credentials.
  • CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability allowing arbitrary code execution on affected systems.

Exploiting these vulnerabilities could allow an attacker to chain them together to execute arbitrary code on a compromised device without authentication. The affected versions of the product are:

  • 11.12.0.4 and earlier (fixed in 11.12.0.5)
  • 12.3.0.1 and earlier (fixed in 12.3.0.2)
  • 12.4.0.1 and earlier (fixed in 12.4.0.2)
  • 12.5.0.0 and earlier (fixed in 12.5.0.1)

Ivanti has credited CERT-EU for reporting these vulnerabilities.

Финал “Воскрешения” утек в сеть с русским дубляжем

Unauthorized Release of Dexter: Resurrection Episodes Sparks Concerns Over Distribution Security In a startling revelation for fans, the highly anticipated finale of Dexter: Resurrection has leaked online, with episodes 9 and 10 emerging in a Russian-dubbed format nearly a week prior to their scheduled release. This incident echoes similar events…

Read MoreФинал “Воскрешения” утек в сеть с русским дубляжем

Google Alerts: Mass Data Theft Targeting Salesloft’s AI Agent Expands Significantly

Google Issues Security Alerts Following Breach of Salesloft Drift AI Chat Agent In a critical advisory, Google has alerted users of the Salesloft Drift AI chat platform to regard all security tokens associated with the service as compromised. This warning follows the detection of unauthorized access to Google Workspace accounts,…

Read MoreGoogle Alerts: Mass Data Theft Targeting Salesloft’s AI Agent Expands Significantly

New Malware Threat: SpyNote, BadBazaar, and MOONSHINE Target Android and iOS Users Through Fake Apps

April 11, 2025
Spyware / Mobile Security

Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.

SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…

SpyNote, BadBazaar, and MOONSHINE Malware Exploit Fake Apps to Target Android and iOS Users April 11, 2025 Focus on Spyware / Mobile Security Recent investigations by cybersecurity experts have unveiled a concerning trend: threat actors are leveraging newly registered domains to create deceptive websites that distribute a dangerous Android malware…

Read More

New Malware Threat: SpyNote, BadBazaar, and MOONSHINE Target Android and iOS Users Through Fake Apps

April 11, 2025
Spyware / Mobile Security

Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.

SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…