The Breach News

DDoS Attacks Exploit Thousands of Outdated .EDU and .GOV WordPress Blogs

Dec 04, 2013

A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.

DDoS Attacks Launch from Thousands of Outdated .EDU and .GOV WordPress Blogs In a recent cyber assault against a prominent online forum, thousands of obsolete yet legitimate WordPress blogs were exploited to orchestrate Distributed Denial of Service (DDoS) attacks. This operation capitalized on previously identified vulnerabilities within the WordPress content…

Read More

DDoS Attacks Exploit Thousands of Outdated .EDU and .GOV WordPress Blogs

Dec 04, 2013

A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.

Storm-1175 Launches Medusa Ransomware Just 24 Hours After Vulnerability Revealed

A notorious hacking group known as Storm-1175 is wreaking havoc on a global scale by deploying the destructive Medusa ransomware. Microsoft Threat Intelligence has identified this group as particularly adept at exploiting the narrow window between the discovery of a security vulnerability and the implementation of a patch. Research from…

Read MoreStorm-1175 Launches Medusa Ransomware Just 24 Hours After Vulnerability Revealed

Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

Security Flaw in Cursor AI Code Editor Enables Silent Code Execution from Malicious Repositories A recent vulnerability has been uncovered in the AI-powered code editor Cursor, which poses significant risks for developers. This flaw allows for unauthorized code execution when users open a maliciously designed repository within the application. The…

Read More

Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

New eSentire CEO Champions AI-Driven Transformation in Managed Security

Artificial Intelligence & Machine Learning, Managed Detection & Response (MDR), Next-Generation Technologies & Secure Development James Foster Emphasizes Importance of Agentic Security and Outsourcing Defense Michael Novinson (@MichaelNovinson) • April 7, 2026 James Foster, CEO, eSentire (Image: eSentire) James Foster, the newly appointed CEO of eSentire, intends to create artificial…

Read MoreNew eSentire CEO Champions AI-Driven Transformation in Managed Security

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService

On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService On November 8, 2021, it was disclosed that a cyber espionage campaign had exploited a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus platform, which is widely used for self-service password management and single sign-on (SSO) solutions. The breach has…

Read More

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService

On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”

JPMorgan Chase Hacked: Data of 465,000 Prepaid Card Users Compromised

Dec 5, 2013

JPMorgan Chase, one of the largest banks in the world, has reported a cyber attack affecting approximately 465,000 holders of its prepaid cash cards. The breach occurred in July on the bank’s website, www.ucard.chase.com, compromising about 2% of the 25 million UCard users. The bank has assured customers that debit, credit, and prepaid Liquid card accounts remain secure. They alerted law enforcement in September, though details on the attack method remain undisclosed. JPMorgan spokesman Michael Fusco stated that the investigation has identified affected accounts, and cardholders have been notified. Importantly, no funds were accessed in user accounts, which is why the company has not advised customers to change their card information.

JPMorgan Chase Suffers Data Breach, Exposing Information of 465,000 Prepaid Card Users On December 5, 2013, JPMorgan Chase, recognized as one of the world’s largest banking institutions, disclosed a significant data breach that has raised alarms among its clients. This cyber incident has reportedly compromised the personal information of approximately…

Read More

JPMorgan Chase Hacked: Data of 465,000 Prepaid Card Users Compromised

Dec 5, 2013

JPMorgan Chase, one of the largest banks in the world, has reported a cyber attack affecting approximately 465,000 holders of its prepaid cash cards. The breach occurred in July on the bank’s website, www.ucard.chase.com, compromising about 2% of the 25 million UCard users. The bank has assured customers that debit, credit, and prepaid Liquid card accounts remain secure. They alerted law enforcement in September, though details on the attack method remain undisclosed. JPMorgan spokesman Michael Fusco stated that the investigation has identified affected accounts, and cardholders have been notified. Importantly, no funds were accessed in user accounts, which is why the company has not advised customers to change their card information.

Thousands of Consumer Routers Compromised by Russian Military Hacking

Recent reports indicate that the Russian military has resumed large-scale hacking campaigns targeting home and small office routers, unknowingly redirecting users to malicious sites that collect passwords and credential tokens for espionage purposes. This alarming activity was highlighted by researchers from Lumen Technologies’ Black Lotus Labs on Tuesday. Estimates suggest…

Read MoreThousands of Consumer Routers Compromised by Russian Military Hacking

Urgent Warning: CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Alerts Public

September 12, 2025
Vulnerability / Cybersecurity Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.

According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.

Critical Vulnerability CVE-2025-5086 in DELMIA Apriso Actively Exploited; CISA Raises Alarm On September 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) elevated concerns regarding a serious security vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software by adding it to its Known Exploited Vulnerabilities (KEV) catalog.…

Read More

Urgent Warning: CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Alerts Public

September 12, 2025
Vulnerability / Cybersecurity Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.

According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.

OT Threats to US Critical Infrastructure Linked to Iran

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Governance & Risk Management CISA Reports Iranian-Linked Groups Target Operational Technology Vulnerabilities Chris Riotta (@chrisriotta) • April 7, 2026 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding Iranian-linked cyberthreat actors actively exploiting vulnerabilities in operational technology (OT) devices…

Read MoreOT Threats to US Critical Infrastructure Linked to Iran