The Breach News

Debunking “Passkeys Pwned”: An Examination of Potentially Misleading Research in Recent Years

Beware the Hype: New Claims of Passkey Vulnerabilities Under Scrutiny In a striking example of the alarmism that can emerge from cybersecurity marketing, a recent report from SquareX—a startup specializing in browser security—asserts the existence of a significant vulnerability involving passkeys. This claim potentially undermines the security frameworks established by…

Read MoreDebunking “Passkeys Pwned”: An Examination of Potentially Misleading Research in Recent Years

⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More

 
April 14, 2025
Threat Intelligence / Cybersecurity

Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.

Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.

Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…

Weekly Cybersecurity Recap: Notable Threats and Developments April 14, 2025 In an alarming trend within the cybersecurity landscape, attackers are increasingly beating organizations to the punch, exploiting vulnerabilities before patches can be implemented. This week has underscored a crucial reality: the need for a proactive security posture is more critical…

Read More

⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More

 
April 14, 2025
Threat Intelligence / Cybersecurity

Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.

Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.

Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…

TransUnion Reveals Data Breach Impacting Personal Information of 4.4 Million Customers

TransUnion, one of the largest credit reporting agencies in the United States, has announced a data breach impacting the personal information of approximately 4.4 million customers. This incident, which occurred on July 28, resulted from unauthorized access to a third-party application that stores customer data. Notably, the company clarified that…

Read MoreTransUnion Reveals Data Breach Impacting Personal Information of 4.4 Million Customers

Russia-Linked APT28 Exploits MDaemon Zero-Day to Target Government Webmail Servers

May 15, 2025
Vulnerability / Email Security

A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.

“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”

Russia-Linked APT28 Exploits MDaemon Zero-Day to Compromise Government Webmail Servers On May 15, 2025, ESET released a report detailing a cyber espionage campaign attributed to a Russia-linked threat actor targeting webmail servers, including Roundcube, Horde, MDaemon, and Zimbra. This operation, dubbed Operation RoundPress, has been under investigation since it commenced…

Read More

Russia-Linked APT28 Exploits MDaemon Zero-Day to Target Government Webmail Servers

May 15, 2025
Vulnerability / Email Security

A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.

“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Iranian Hackers Launch Destructive Attacks Disguised as Ransomware Operations April 8, 2023 — Cyber Threats A notable development in the realm of cybersecurity has emerged, as the Iranian cyber group known as MuddyWater has been detected executing destructive attacks in hybrid environments while masquerading as a ransomware operation. Recent investigations…

Read More

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Small US Agency to Implement Substance Abuse Regulations

Data Privacy, Data Security, Healthcare HHS Transfers 42 CFR Enforcement Responsibilities to Office of Civil Rights Amid Significant Restructuring Marianne Kolbasuk McGee (HealthInfoSec) • August 27, 2025 HHS shifts the regulatory oversight of substance abuse disorder record confidentiality from SAMHSA to HHS OCR, which also manages HIPAA enforcement. (Image: HHS)…

Read MoreSmall US Agency to Implement Substance Abuse Regulations

The Age of AI-Driven Ransomware Is Here

Recent findings indicate a concerning shift in the ransomware landscape, signaling potential dangers for businesses. While the use of artificial intelligence (AI) in ransomware development has not yet become widespread, instances of this trend serve as a stark reminder of evolving cyber threats. Allan Liska, a ransomware analyst at Recorded…

Read MoreThe Age of AI-Driven Ransomware Is Here

Critical RCE Vulnerability in Gladinet’s Triofox and CentreStack Actively Exploited

A recent security flaw in Gladinet CentreStack is also affecting its Triofox remote access solution, as revealed by Huntress. To date, seven organizations have been compromised due to this issue, tracked as CVE-2025-30406 (CVSS score: 9.0). The vulnerability stems from a hard-coded cryptographic key that exposes internet-accessible servers to remote code execution (RCE) attacks. It has been patched in CentreStack version 16.4.10315.56368, released on April 3, 2025. Although the exact nature of the attacks remains unclear, they reportedly exploited a zero-day variant in March 2025. According to Huntress, the flaw also affects Triofox up to version 16.4.10317.56372, as its previous versions contain the same hard-coded cryptographic keys, making them susceptible to RCE exploits, as noted by John Hammond, principal cybersecurity researcher at Huntress.

Gladinet’s Triofox and CentreStack Exploited Through a Critical RCE Vulnerability A critical security vulnerability affecting Gladinet’s CentreStack has also been found to compromise its Triofox remote access and collaboration solution, as revealed by Huntress. To date, seven distinct organizations have reported breaches linked to this issue. The vulnerability, designated as…

Read More

Critical RCE Vulnerability in Gladinet’s Triofox and CentreStack Actively Exploited

A recent security flaw in Gladinet CentreStack is also affecting its Triofox remote access solution, as revealed by Huntress. To date, seven organizations have been compromised due to this issue, tracked as CVE-2025-30406 (CVSS score: 9.0). The vulnerability stems from a hard-coded cryptographic key that exposes internet-accessible servers to remote code execution (RCE) attacks. It has been patched in CentreStack version 16.4.10315.56368, released on April 3, 2025. Although the exact nature of the attacks remains unclear, they reportedly exploited a zero-day variant in March 2025. According to Huntress, the flaw also affects Triofox up to version 16.4.10317.56372, as its previous versions contain the same hard-coded cryptographic keys, making them susceptible to RCE exploits, as noted by John Hammond, principal cybersecurity researcher at Huntress.