The Breach News

SysAid Addresses 4 Critical Vulnerabilities Allowing Pre-Authenticated RCE in On-Premises Version

SysAid IT Support Software Vulnerabilities Expose Businesses to Remote Code Execution Risks Cybersecurity experts have revealed critical security vulnerabilities in the on-premise version of SysAid IT support software, presenting significant risks for organizations using this platform. These vulnerabilities, identified as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, enable attackers to execute remote commands…

Read MoreSysAid Addresses 4 Critical Vulnerabilities Allowing Pre-Authenticated RCE in On-Premises Version

Live Webinar | Safeguarding Identity in the Manufacturing Revolution: Machines, Mergers, and Missteps.

Chris Fields: Leading Cybersecurity Insights at Simeio Senior Vice President, Simeio Chris Fields serves as Senior Vice President at Simeio, bringing over 30 years of expertise in IT and Identity and Access Management (IAM). His career is marked by leadership roles in strategy, delivery, and innovative solutions in the cybersecurity…

Read MoreLive Webinar | Safeguarding Identity in the Manufacturing Revolution: Machines, Mergers, and Missteps.

UAC-0226 Distributes GIFTEDCROOK Stealer through Malicious Excel Files Aimed at Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a series of cyber attacks targeting Ukrainian institutions through information-stealing malware. These coordinated assaults specifically aim at military units, law enforcement agencies, and local government bodies, particularly those positioned near Ukraine’s eastern border. The attack methodology involves the distribution of…

Read MoreUAC-0226 Distributes GIFTEDCROOK Stealer through Malicious Excel Files Aimed at Ukraine

OttoKit WordPress Plugin with Over 100K Installs Faces Exploits Targeting Multiple Vulnerabilities

New Vulnerability in OttoKit WordPress Plugin Under Active Exploitation A serious security vulnerability affecting the OttoKit WordPress plugin (formerly known as SureTriggers) has triggered active exploitation in the wild. Tracked as CVE-2025-27007, this critical privilege escalation flaw holds a CVSS score of 9.8 and affects all versions of the plugin…

Read MoreOttoKit WordPress Plugin with Over 100K Installs Faces Exploits Targeting Multiple Vulnerabilities

Hacker Groups Target 3-Year-Old Vulnerability to Compromise U.S. Federal Agency

Recent disclosures reveal that a critical vulnerability in Progress Telerik has been exploited by multiple attackers, including state-sponsored groups, to infiltrate an undisclosed federal agency in the United States. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and…

Read MoreHacker Groups Target 3-Year-Old Vulnerability to Compromise U.S. Federal Agency

Live Webinar | Discover the Latest in Google SecOps: How AI Agents are Transforming the Modern SOC

Webinar Announcement: Innovations in Google SecOps and the Impact of AI on Today’s Security Operations Center In an upcoming live webinar, industry leaders will delve into the groundbreaking developments within Google SecOps, particularly focusing on how artificial intelligence is reshaping the operational landscape of modern Security Operations Centers (SOCs). This…

Read MoreLive Webinar | Discover the Latest in Google SecOps: How AI Agents are Transforming the Modern SOC

Cryptocurrency Mining and Clipper Malware Distributed Through Cracked Software on SourceForge

Recent investigations have uncovered an alarming trend in which cybercriminals are distributing malicious software masquerading as legitimate cracked applications, specifically targeting users through the popular software hosting platform, SourceForge. Among the most concerning payloads identified are cryptocurrency miners and clipper malware disguised as Microsoft Office add-ons. A report from Kaspersky…

Read MoreCryptocurrency Mining and Clipper Malware Distributed Through Cracked Software on SourceForge