The Breach News

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Target Users with PDF-Based Callback Phishing Impersonating Microsoft and DocuSign July 2, 2025 Recent findings from cybersecurity experts highlight an alarming trend in phishing attacks that exploit the trust associated with reputable brands such as Microsoft and DocuSign. These campaigns leverage PDF attachments to manipulate unsuspecting victims into calling…

Read More

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Crypt Ghouls Target Russian Businesses with LockBit 3.0 and Babuk Ransomware Attacks

October 19, 2024
Network Security / Data Breach

A newly emerging threat group known as Crypt Ghouls has been identified in a series of cyberattacks aimed at Russian firms and government agencies. Their operations feature ransomware as a primary tool, focusing on disrupting business activities while reaping financial benefits. According to Kaspersky, “The group utilizes an arsenal of tools including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, among others.” The primary ransomware employed in these attacks includes the notorious LockBit 3.0 and Babuk variants. Victims encompass various sectors, including government, mining, energy, finance, and retail throughout Russia. Kaspersky noted that they were able to identify the initial breach method in only two cases, where the attackers exploited a contractor’s VPN credentials to gain access to internal systems. These VPN connections reportedly came from IP addresses linked to a Russian hosting provider.

Crypt Ghouls Launch Ransomware Attacks Targeting Russian Enterprises On October 19, 2024, emerging cyber threat group Crypt Ghouls has been identified as a key player in a series of ransomware attacks aimed at Russian organizations. This group has strategically targeted businesses and government entities with the dual objective of disrupting…

Read More

Crypt Ghouls Target Russian Businesses with LockBit 3.0 and Babuk Ransomware Attacks

October 19, 2024
Network Security / Data Breach

A newly emerging threat group known as Crypt Ghouls has been identified in a series of cyberattacks aimed at Russian firms and government agencies. Their operations feature ransomware as a primary tool, focusing on disrupting business activities while reaping financial benefits. According to Kaspersky, “The group utilizes an arsenal of tools including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, among others.” The primary ransomware employed in these attacks includes the notorious LockBit 3.0 and Babuk variants. Victims encompass various sectors, including government, mining, energy, finance, and retail throughout Russia. Kaspersky noted that they were able to identify the initial breach method in only two cases, where the attackers exploited a contractor’s VPN credentials to gain access to internal systems. These VPN connections reportedly came from IP addresses linked to a Russian hosting provider.

Russia Charged with Breaching Confidential US Court Filing System

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime US Government Attributes Significant Court Management System Breach to Russian Actors Chris Riotta (@chrisriotta) • August 12, 2025 Image: Ryan DeBerardinis/Shutterstock/ISMG The U.S. government has made allegations against Russia concerning a significant breach of a federal court filing system, resulting in the…

Read MoreRussia Charged with Breaching Confidential US Court Filing System

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

📅 Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

Weekly Cybersecurity Recap: Airline Breaches, Citrix Vulnerabilities, and Malware Threats June 30, 2025 Cybersecurity | BreachSpot In the ever-evolving landscape of cybersecurity threats, recent events serve as a stark reminder that vulnerabilities often lie in systemic operations rather than overt faults. This week, we explore incidents that challenge our assumptions…

Read More

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

📅 Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

Data Breach Warning: Edelson Lechtzin LLP Investigates Claims for Customers of The Manpower of Lansing, MI Inc. Affected by Potential Data Compromise

Data Breach Investigation: Edelson Lechtzin LLP Looks Into Compromise of Manpower of Lansing, MI Inc. Customer Information LANSING, Mich., Aug. 12, 2025 — Edelson Lechtzin LLP, based in suburban Philadelphia, has initiated an investigation into a data privacy incident involving Manpower of Lansing, MI Inc. This breach was identified around…

Read More

Data Breach Warning: Edelson Lechtzin LLP Investigates Claims for Customers of The Manpower of Lansing, MI Inc. Affected by Potential Data Compromise

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

Critical Cisco Flaw in Unified Communications Manager Enables Root Access via Static Credentials On July 3, 2025, Cisco issued critical security updates aimed at addressing a significant vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, designated CVE-2025-20309, boasts a…

Read More

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

THN Cybersecurity Recap: Overview of Threats, Tools, and Developments (Oct 14 – Oct 20) Published on October 21, 2024 In recent developments in cybersecurity, the landscape continues to evolve as hackers deploy increasingly sophisticated methods to infiltrate systems previously considered secure. Security professionals have revealed that known vulnerabilities are being…

Read More

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

Connex Credit Union Data Breach Impacts 172,000 Members

Connex Credit Union has experienced a significant data breach, impacting the personal information of 172,000 members. A legal investigation is underway, with experts advising victims to closely monitor accounts for potential fraud and identity theft. In a recent security incident, Connex Credit Union, one of Connecticut’s largest financial institutions, revealed…

Read MoreConnex Credit Union Data Breach Impacts 172,000 Members