The Breach News

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

Severe Vulnerability in ThroughTek SDK Exposes Millions of IoT Devices to Potential Attacks On August 18, 2021, a significant security flaw was identified within multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK). This vulnerability, designated as CVE-2021-28372 with a CVSS score of 9.6, poses a serious risk…

Read More

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

Chinese Hackers Exposed by U.S. Water Control System Decoy

August 5, 2013

A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.

Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.

These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.

Chinese Hackers Compromised by Deceptive U.S. Water Control System Honeypots August 5, 2013 In a recent revelation, a prominent hacker group from China, identified as APT1 or the Comment Crew, has been implicated in an attempted breach of a simulated United States water control system that was, in fact, a…

Read More

Chinese Hackers Exposed by U.S. Water Control System Decoy

August 5, 2013

A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.

Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.

These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.

Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign

Sep 03, 2025
Data Breach / Cyber Espionage

A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.

Iranian Hackers Target Diplomatic Communications of Embassies Worldwide In a sophisticated and coordinated cyberattack, a group associated with Iran has breached over 100 email accounts belonging to embassies and consulates globally, according to a report from Israeli cybersecurity firm Dream. The campaign, described as “multi-wave” and “spear-phishing,” specifically targets diplomatic…

Read More

Iranian Hackers Compromise Over 100 Embassy Email Accounts in Global Diplomat Phishing Campaign

Sep 03, 2025
Data Breach / Cyber Espionage

A group linked to Iran has been identified as the perpetrator of a “coordinated” and “multi-wave” spear-phishing campaign targeting embassies and consulates across Europe and beyond. Israeli cybersecurity firm Dream has attributed this activity to Iranian-aligned operators associated with a broader offensive cyber initiative known as Homeland Justice. “Phishing emails were sent to numerous government officials worldwide, masquerading as legitimate diplomatic correspondence,” the firm reported. “The evidence suggests a larger regional espionage strategy aimed at diplomatic and government institutions amid rising geopolitical tensions.” The attack tactics involve spear-phishing emails that reference geopolitical disputes between Iran and Israel, containing malicious Microsoft Word attachments that prompt recipients to “Enable Content” to execute embedded Visual Basic for Applications code.

Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

Kaseya Releases Patches for Critical Zero-Day Vulnerabilities in Unitrends Servers On August 27, 2021, Kaseya, a prominent U.S. technology firm specializing in IT infrastructure management, announced the release of security updates aimed at rectifying two critical zero-day vulnerabilities within its Unitrends enterprise backup and continuity solution. These vulnerabilities pose significant…

Read More

Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

Pakistani Hackers Target Thousands of Israeli Websites in Support of Palestine

August 14, 2013

A widespread cyber attack is currently underway, with thousands of Israeli websites being compromised by Pakistani hackers in solidarity with the Palestinian people. Reports indicate that around 650 Israeli websites have already been infiltrated, with the hackers posting their messages on these sites. One hacker, known by the alias “H4x0r HuSsY,” communicated with The Hacker News to announce upcoming releases of additional hacked websites. The attacker’s message included slogans such as “LONG LIVE PALESTINE – PAKISTAN ZINDABAD HAPPY INDEPENDENCE DAY TO & FROM TEAM MADLEETS.”

The affected sites include semi-government, personal, and corporate Israeli domains. At the time of this report, many of these websites continue to display defaced pages. This cyber offensive follows a recent declaration of a “cyber war” on Israel by global hacker collectives, including the Anonymous group, after the Israeli Defense Forces threatened to cut off internet access in Gaza.

Cyber Attack on Israeli Websites Orchestrated by Pakistani Hackers in Support of Palestine August 14, 2013 A significant cyber offensive has unfolded as Pakistani hackers target thousands of Israeli websites in a demonstration of solidarity with the Palestinian people. According to reports, the attackers have already compromised approximately 650 Israeli…

Read More

Pakistani Hackers Target Thousands of Israeli Websites in Support of Palestine

August 14, 2013

A widespread cyber attack is currently underway, with thousands of Israeli websites being compromised by Pakistani hackers in solidarity with the Palestinian people. Reports indicate that around 650 Israeli websites have already been infiltrated, with the hackers posting their messages on these sites. One hacker, known by the alias “H4x0r HuSsY,” communicated with The Hacker News to announce upcoming releases of additional hacked websites. The attacker’s message included slogans such as “LONG LIVE PALESTINE – PAKISTAN ZINDABAD HAPPY INDEPENDENCE DAY TO & FROM TEAM MADLEETS.”

The affected sites include semi-government, personal, and corporate Israeli domains. At the time of this report, many of these websites continue to display defaced pages. This cyber offensive follows a recent declaration of a “cyber war” on Israel by global hacker collectives, including the Anonymous group, after the Israeli Defense Forces threatened to cut off internet access in Gaza.

Android Security Update: Google Addresses 120 Vulnerabilities, Including Two Actively Exploited Zero-Days

Sep 03, 2025
Mobile Security / Vulnerability

Google has released security updates for September 2025, patching 120 vulnerabilities in its Android operating system. Among these are two critical issues that have been confirmed as actively exploited in targeted attacks. The key vulnerabilities are:

  • CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component.
  • CVE-2025-48543 (CVSS score: 7.4): A privilege escalation flaw in the Android Runtime component.

Both vulnerabilities allow for local privilege escalation without requiring additional execution privileges or user interaction. While Google has not detailed how these vulnerabilities are being exploited in the wild or if they are being leveraged together, they acknowledge signs of “limited, targeted exploitation.” Benoît Sevens from Google’s Threat Analysis Group (TAG) is credited with discovering and reporting these critical flaws.

Android Security Alert: Google Addresses 120 Security Vulnerabilities, Including Two Active Zero-Days In a significant update as part of its September 2025 security patch cycle, Google has addressed a total of 120 security vulnerabilities affecting its Android operating system. Among these, two particular flaws have raised alarm due to their…

Read More

Android Security Update: Google Addresses 120 Vulnerabilities, Including Two Actively Exploited Zero-Days

Sep 03, 2025
Mobile Security / Vulnerability

Google has released security updates for September 2025, patching 120 vulnerabilities in its Android operating system. Among these are two critical issues that have been confirmed as actively exploited in targeted attacks. The key vulnerabilities are:

  • CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component.
  • CVE-2025-48543 (CVSS score: 7.4): A privilege escalation flaw in the Android Runtime component.

Both vulnerabilities allow for local privilege escalation without requiring additional execution privileges or user interaction. While Google has not detailed how these vulnerabilities are being exploited in the wild or if they are being leveraged together, they acknowledge signs of “limited, targeted exploitation.” Benoît Sevens from Google’s Threat Analysis Group (TAG) is credited with discovering and reporting these critical flaws.

New Microsoft Exchange ‘ProxyToken’ Vulnerability Allows Attackers to Alter Mailbox Configurations

Details have surfaced regarding a recently patched security flaw in Microsoft Exchange Server that could be exploited by unauthenticated attackers to change server settings, potentially exposing Personally Identifiable Information (PII). The vulnerability, identified as CVE-2021-33766 (CVSS score: 7.3) and referred to as “ProxyToken,” was found by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. According to the ZDI, “With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.” For instance, the attacker could redirect all emails sent to a targeted account to a mailbox they control. Microsoft addressed this issue in its Patch Tuesday updates for July 2021.

New Vulnerability in Microsoft Exchange Server Exposes Mailbox Configurations August 31, 2021 A critical security flaw, now patched, has been identified in Microsoft Exchange Server, raising significant concerns for businesses relying on this platform for email communication. This vulnerability allows unauthenticated attackers to alter server configurations, potentially leading to the…

Read More

New Microsoft Exchange ‘ProxyToken’ Vulnerability Allows Attackers to Alter Mailbox Configurations

Details have surfaced regarding a recently patched security flaw in Microsoft Exchange Server that could be exploited by unauthenticated attackers to change server settings, potentially exposing Personally Identifiable Information (PII). The vulnerability, identified as CVE-2021-33766 (CVSS score: 7.3) and referred to as “ProxyToken,” was found by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. According to the ZDI, “With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.” For instance, the attacker could redirect all emails sent to a targeted account to a mailbox they control. Microsoft addressed this issue in its Patch Tuesday updates for July 2021.

FBI Collaborated with Anonymous and LulzSec Hackers to Target Foreign Governments

August 28, 2013

Sentencing for former LulzSec leader Hector Xavier Monsegur, also known as “Sabu,” has been postponed again. Monsegur, who pleaded guilty to multiple criminal charges two years ago, faces a maximum sentence exceeding 124 years. Additionally, fellow LulzSec hacker Jeremy Hammond has alleged that the FBI utilized Sabu to orchestrate attacks against foreign governments, leveraging the efforts of Anonymous and other hackers.

The ongoing delays suggest that the FBI may not be fully extracting information from Monsegur, hinting at the possibility that he is assisting with other covert operations as claimed by Hammond. In a recent statement, Hammond accused the U.S. government of directing Monsegur to motivate fellow hacktivists to breach foreign government entities. “What many don’t realize is that Sabu was also used by his handlers to orchestrate hacking activities targeting government-selected entities, including multiple foreign government websites,” Hammond stated.

FBI Collaborated with Anonymous and LulzSec Hackers for Foreign Government Cyber Operations On August 28, 2013, developments emerged regarding Hector Xavier Monsegur, infamously known as “Sabu,” the former leader of the hacking group LulzSec. His sentencing, initially slated for last year after he pleaded guilty to multiple criminal charges, has…

Read More

FBI Collaborated with Anonymous and LulzSec Hackers to Target Foreign Governments

August 28, 2013

Sentencing for former LulzSec leader Hector Xavier Monsegur, also known as “Sabu,” has been postponed again. Monsegur, who pleaded guilty to multiple criminal charges two years ago, faces a maximum sentence exceeding 124 years. Additionally, fellow LulzSec hacker Jeremy Hammond has alleged that the FBI utilized Sabu to orchestrate attacks against foreign governments, leveraging the efforts of Anonymous and other hackers.

The ongoing delays suggest that the FBI may not be fully extracting information from Monsegur, hinting at the possibility that he is assisting with other covert operations as claimed by Hammond. In a recent statement, Hammond accused the U.S. government of directing Monsegur to motivate fellow hacktivists to breach foreign government entities. “What many don’t realize is that Sabu was also used by his handlers to orchestrate hacking activities targeting government-selected entities, including multiple foreign government websites,” Hammond stated.

Meta Warned That Facial Recognition Glasses Could Empower Sexual Predators

A coalition of over 70 civil liberties organizations, including notable groups such as the ACLU and the Electronic Privacy Information Center, has called on Meta to abandon plans to implement facial recognition technology in its smart glasses produced in partnership with Ray-Ban and Oakley. The functionality, internally referred to as…

Read MoreMeta Warned That Facial Recognition Glasses Could Empower Sexual Predators