The Breach News

Top 5 Bug Bounty Platforms to Watch in 2021

February 8, 2021

While Gartner has yet to establish a dedicated Magic Quadrant for Bug Bounty or Crowd Security Testing, its Peer Insights platform currently lists 24 vendors in the “Application Crowdtesting Services” category. We’ve identified the top 5 most promising bug bounty platforms for those looking to enhance their software testing strategies with insights and expertise from global security researchers:

  1. HackerOne
    As a leading name in the bug bounty space, backed by notable venture capitalists, HackerOne is widely recognized worldwide. According to their latest annual report, over 1,700 companies rely on HackerOne to strengthen their in-house application security testing. The report highlights that their security researchers earned around $40 million in bounties in 2019 alone, contributing to a cumulative total of $82 million. HackerOne is also known for coordinating bug bounty programs for the US government, among others.

Emerging Bug Bounty Platforms to Spotlight in 2021 As of February 8, 2021, while there is currently no dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing from Gartner, Gartner Peer Insights recognizes 24 vendors in the category of “Application Crowdtesting Services.” This evolving landscape warrants attention from business…

Read More

Top 5 Bug Bounty Platforms to Watch in 2021

February 8, 2021

While Gartner has yet to establish a dedicated Magic Quadrant for Bug Bounty or Crowd Security Testing, its Peer Insights platform currently lists 24 vendors in the “Application Crowdtesting Services” category. We’ve identified the top 5 most promising bug bounty platforms for those looking to enhance their software testing strategies with insights and expertise from global security researchers:

  1. HackerOne
    As a leading name in the bug bounty space, backed by notable venture capitalists, HackerOne is widely recognized worldwide. According to their latest annual report, over 1,700 companies rely on HackerOne to strengthen their in-house application security testing. The report highlights that their security researchers earned around $40 million in bounties in 2019 alone, contributing to a cumulative total of $82 million. HackerOne is also known for coordinating bug bounty programs for the US government, among others.

From HealthKick to GOVERSHELL: Tracing the Development of UTA0388’s Espionage Malware

Oct 09, 2025
Cyber Espionage / Artificial Intelligence

A China-aligned threat group referred to as UTA0388 has been linked to a series of spear-phishing campaigns targeting North America, Asia, and Europe, with the intent of deploying a Go-based implant known as GOVERSHELL. According to a report from Volexity, “The initial campaigns were meticulously crafted for specific targets, using messages that appeared to come from senior researchers and analysts at convincingly fake organizations.” The aim of these spear-phishing efforts was to manipulate targets into clicking links leading to a remotely hosted archive containing a malicious payload. Over time, the threat actor has employed various lures and invented identities, utilizing multiple languages, including English, Chinese, Japanese, French, and German. Early versions of these campaigns often included links to phishing content hosted on either cloud services or their own infrastructure.

From HealthKick to GOVERSHELL: The Rise of UTA0388’s Espionage Malware On October 9, 2025, a significant cybersecurity threat emerged from a China-aligned group known as UTA0388, which has been linked to a series of spear-phishing campaigns targeting entities in North America, Asia, and Europe. These operations are primarily aimed at…

Read More

From HealthKick to GOVERSHELL: Tracing the Development of UTA0388’s Espionage Malware

Oct 09, 2025
Cyber Espionage / Artificial Intelligence

A China-aligned threat group referred to as UTA0388 has been linked to a series of spear-phishing campaigns targeting North America, Asia, and Europe, with the intent of deploying a Go-based implant known as GOVERSHELL. According to a report from Volexity, “The initial campaigns were meticulously crafted for specific targets, using messages that appeared to come from senior researchers and analysts at convincingly fake organizations.” The aim of these spear-phishing efforts was to manipulate targets into clicking links leading to a remotely hosted archive containing a malicious payload. Over time, the threat actor has employed various lures and invented identities, utilizing multiple languages, including English, Chinese, Japanese, French, and German. Early versions of these campaigns often included links to phishing content hosted on either cloud services or their own infrastructure.

Zoom and Xerox Release Urgent Security Updates to Address Privilege Escalation and RCE Vulnerabilities

Aug 13, 2025
Vulnerability / Software Security

Zoom and Xerox have released critical security updates for Zoom Clients on Windows and FreeFlow Core, addressing significant vulnerabilities that could enable privilege escalation and remote code execution (RCE). The flaw in Zoom Clients for Windows, designated as CVE-2025-49457 (CVSS score: 9.6), involves an untrusted search path that may allow an unauthenticated user to escalate privileges via network access.

According to a security bulletin issued by Zoom, the issue was identified by its Offensive Security team and affects the following products:

  • Zoom Workplace for Windows versions prior to 6.3.10
  • Zoom Workplace VDI for Windows versions prior to 6.3.10 (excluding 6.1.16 and 6.2.12)
  • Zoom Rooms for Windows versions prior to 6.3.10
  • Zoom Rooms Controller for Windows versions prior to 6.3.10
  • Zoom Meeting SDK for Windows versions prior to 6.3.10

This disclosure follows the identification of multiple vulnerabilities in critical software platforms.

Zoom and Xerox Patch Serious Security Vulnerabilities On August 13, 2025, both Zoom and Xerox announced critical updates aimed at mitigating two significant security vulnerabilities found in their respective products. The flaws, affecting Zoom Clients for Windows and Xerox’s FreeFlow Core, present risks of privilege escalation and remote code execution.…

Read More

Zoom and Xerox Release Urgent Security Updates to Address Privilege Escalation and RCE Vulnerabilities

Aug 13, 2025
Vulnerability / Software Security

Zoom and Xerox have released critical security updates for Zoom Clients on Windows and FreeFlow Core, addressing significant vulnerabilities that could enable privilege escalation and remote code execution (RCE). The flaw in Zoom Clients for Windows, designated as CVE-2025-49457 (CVSS score: 9.6), involves an untrusted search path that may allow an unauthenticated user to escalate privileges via network access.

According to a security bulletin issued by Zoom, the issue was identified by its Offensive Security team and affects the following products:

  • Zoom Workplace for Windows versions prior to 6.3.10
  • Zoom Workplace VDI for Windows versions prior to 6.3.10 (excluding 6.1.16 and 6.2.12)
  • Zoom Rooms for Windows versions prior to 6.3.10
  • Zoom Rooms Controller for Windows versions prior to 6.3.10
  • Zoom Meeting SDK for Windows versions prior to 6.3.10

This disclosure follows the identification of multiple vulnerabilities in critical software platforms.

Microsoft Releases Patches for Active 0-Day Vulnerability and 55 Other Windows Flaws

On February 10, 2021, Microsoft addressed a total of 56 vulnerabilities, including a critical 0-day exploit that is currently being targeted in the wild. Among these, 11 vulnerabilities are classified as Critical, 43 as Important, and 2 as Moderate in severity, with six being previously disclosed. The updates enhance security across various platforms, including .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and key system components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).

The most critical vulnerability addressed is a Windows Win32k privilege escalation issue (CVE-2021-1732, CVSS score 7.8), which could allow attackers with access to a system to execute malicious code with elevated privileges. Microsoft acknowledges the contributions of JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity in identifying this vulnerability.

Microsoft Releases Security Updates Addressing 0-Day Vulnerability and 55 Additional Windows Flaws On February 10, 2021, Microsoft rolled out critical updates targeting 56 vulnerabilities, among which is a severe exploit that is currently being actively utilized in cyber-attacks. The updates categorize 11 vulnerabilities as Critical, 43 as Important, and 2…

Read More

Microsoft Releases Patches for Active 0-Day Vulnerability and 55 Other Windows Flaws

On February 10, 2021, Microsoft addressed a total of 56 vulnerabilities, including a critical 0-day exploit that is currently being targeted in the wild. Among these, 11 vulnerabilities are classified as Critical, 43 as Important, and 2 as Moderate in severity, with six being previously disclosed. The updates enhance security across various platforms, including .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and key system components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).

The most critical vulnerability addressed is a Windows Win32k privilege escalation issue (CVE-2021-1732, CVSS score 7.8), which could allow attackers with access to a system to execute malicious code with elevated privileges. Microsoft acknowledges the contributions of JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity in identifying this vulnerability.

Google Uncovers Three New Malware Families Linked to Russian COLDRIVER Hackers

October 21, 2025
Cyber Espionage / Threat Intelligence

Google’s Threat Intelligence Group (GTIG) has revealed that the hacking group COLDRIVER, associated with Russia, has introduced a new suite of malware, indicating an intensified operational pace. Since May 2025, the group has shown a knack for rapid development and refinement, unveiling these new malware families just five days after the release of their previously documented LOSTKEYS. While the exact duration of development for the new malware remains unclear, GTIG noted a complete absence of LOSTKEYS activities since its disclosure. The newly identified threats—codenamed NOROBOT, YESROBOT, and MAYBEROBOT—constitute a “collection of related malware families interconnected through a delivery chain,” according to GTIG researcher Wesley Shields in a Monday analysis. These recent attack strategies mark a significant shift from COLDRIVER’s standard operational patterns.

Google Uncovers Three New Malware Families Linked to COLDRIVER Hackers October 21, 2025 Cyber Espionage / Threat Intelligence In a recent revelation, Google’s Threat Intelligence Group (GTIG) has identified three new malware families attributed to the Russian hacking group COLDRIVER. This discovery, made public on October 21, highlights a concerted…

Read More

Google Uncovers Three New Malware Families Linked to Russian COLDRIVER Hackers

October 21, 2025
Cyber Espionage / Threat Intelligence

Google’s Threat Intelligence Group (GTIG) has revealed that the hacking group COLDRIVER, associated with Russia, has introduced a new suite of malware, indicating an intensified operational pace. Since May 2025, the group has shown a knack for rapid development and refinement, unveiling these new malware families just five days after the release of their previously documented LOSTKEYS. While the exact duration of development for the new malware remains unclear, GTIG noted a complete absence of LOSTKEYS activities since its disclosure. The newly identified threats—codenamed NOROBOT, YESROBOT, and MAYBEROBOT—constitute a “collection of related malware families interconnected through a delivery chain,” according to GTIG researcher Wesley Shields in a Monday analysis. These recent attack strategies mark a significant shift from COLDRIVER’s standard operational patterns.

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

New PS1Bot Malware Campaign Deploys Multi-Stage In-Memory Attacks via Malvertising August 13, 2025 Cybersecurity experts have uncovered a sophisticated malvertising campaign that aims to deploy a multi-stage malware framework known as PS1Bot. This threat is characterized by its modular architecture, allowing various malicious components to be executed on compromised systems.…

Read More

New PS1Bot Malware Campaign Utilizes Malvertising for Multi-Stage In-Memory Attacks

Aug 13, 2025
Malvertising / Cryptocurrency

Cybersecurity experts have identified a new malvertising campaign aimed at deploying a multi-stage malware framework known as PS1Bot. Researchers Edmund Brumaghin and Jordyn Dunk from Cisco Talos explained that “PS1Bot features a modular architecture, incorporating various modules for malicious activities such as information theft, keylogging, reconnaissance, and creating persistent access to compromised systems.” The design emphasizes stealth, leaving minimal traces on infected machines and using in-memory execution techniques to run subsequent modules without writing them to disk. Since early 2025, campaigns distributing this PowerShell and C# malware have actively exploited malvertising to propagate, executing modules in-memory to reduce forensic footprints.

Iranian Hackers Deploy ScreenConnect for Espionage Against UAE and Kuwait Government Agencies

February 11, 2021

Recent research reveals that UAE and Kuwait government agencies have fallen victim to a new cyberespionage initiative, likely orchestrated by Iranian threat actors. Attributed to the group known as Static Kitten (also referred to as MERCURY or MuddyWater), Anomali reports that the aim of this operation is to install a remote management tool named ScreenConnect, which was acquired by ConnectWise in 2015, using unique launch parameters and custom properties. Malware samples and URLs have been disguised as communications from the Kuwaiti Ministry of Foreign Affairs and the UAE National Council. Since its emergence in 2017, MuddyWater has been linked to several attacks targeting Middle Eastern nations, actively exploiting the Zerologon vulnerability to launch real-world attacks against significant Israeli organizations. This state-sponsored hacking group is believed to operate under the direction of Iran’s Islamic Revolutionary Guard Corps.

Iranian Hackers Target UAE and Kuwait Government Agencies Using ScreenConnect Feb 11, 2021 In a recent development, government agencies in the United Arab Emirates (UAE) and Kuwait have fallen victim to a sophisticated cyberespionage campaign, thought to be executed by Iranian threat actors. According to findings from Anomali, the attack…

Read More

Iranian Hackers Deploy ScreenConnect for Espionage Against UAE and Kuwait Government Agencies

February 11, 2021

Recent research reveals that UAE and Kuwait government agencies have fallen victim to a new cyberespionage initiative, likely orchestrated by Iranian threat actors. Attributed to the group known as Static Kitten (also referred to as MERCURY or MuddyWater), Anomali reports that the aim of this operation is to install a remote management tool named ScreenConnect, which was acquired by ConnectWise in 2015, using unique launch parameters and custom properties. Malware samples and URLs have been disguised as communications from the Kuwaiti Ministry of Foreign Affairs and the UAE National Council. Since its emergence in 2017, MuddyWater has been linked to several attacks targeting Middle Eastern nations, actively exploiting the Zerologon vulnerability to launch real-world attacks against significant Israeli organizations. This state-sponsored hacking group is believed to operate under the direction of Iran’s Islamic Revolutionary Guard Corps.

Bearlyfy Targets Russian Companies with Custom GenieLocker Ransomware

Mar 27, 2026
Threat Intelligence / Vulnerability

The pro-Ukrainian group Bearlyfy has carried out over 70 cyber attacks on Russian firms since emerging in January 2025, deploying a custom Windows ransomware strain known as GenieLocker in their latest campaigns. According to Russian security firm F6, “Bearlyfy (also referred to as Labubu) is a dual-purpose group focused on maximizing damage to Russian businesses, aiming for both financial extortion and acts of sabotage.” The group was first identified by F6 in September 2025, noted for using encryptors linked to LockBit 3 (Black) and Babuk, initially targeting smaller companies before escalating to ransom demands around €80,000 (approximately $92,100). By August 2025, Bearlyfy had claimed at least 30 victims. Additionally, starting in May 2025, the group began to use a modified version of PolyVice, a ransomware variant associated with Vice Society.

Bearlyfy Launches Custom GenieLocker Ransomware Against Russian Firms March 27, 2026 In a significant escalation of cyber hostilities, a pro-Ukrainian hacking group known as Bearlyfy has been linked to over 70 cyber attacks directed at Russian companies since it emerged on the cybersecurity radar in January 2025. The latest operations…

Read More

Bearlyfy Targets Russian Companies with Custom GenieLocker Ransomware

Mar 27, 2026
Threat Intelligence / Vulnerability

The pro-Ukrainian group Bearlyfy has carried out over 70 cyber attacks on Russian firms since emerging in January 2025, deploying a custom Windows ransomware strain known as GenieLocker in their latest campaigns. According to Russian security firm F6, “Bearlyfy (also referred to as Labubu) is a dual-purpose group focused on maximizing damage to Russian businesses, aiming for both financial extortion and acts of sabotage.” The group was first identified by F6 in September 2025, noted for using encryptors linked to LockBit 3 (Black) and Babuk, initially targeting smaller companies before escalating to ransom demands around €80,000 (approximately $92,100). By August 2025, Bearlyfy had claimed at least 30 victims. Additionally, starting in May 2025, the group began to use a modified version of PolyVice, a ransomware variant associated with Vice Society.