The Breach News

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.

New Ymir Ransomware Unveiled: A Stealthy Threat to Corporate Networks November 12, 2024 Cyber Attack / Cybercrime Cybersecurity experts have identified a newly emerged ransomware variant dubbed Ymir, which has been linked to a recent cyberattack. This attack occurred just two days after an initial compromise via a stealer malware…

Read More

Stealthy New Ymir Ransomware Utilizes Memory Exploits to Target Corporate Networks

November 12, 2024
Cyber Attack / Cybercrime

Cybersecurity experts have identified a new ransomware variant, Ymir, which was deployed in an attack just two days after systems were compromised by RustyStealer, a type of credential-stealing malware. Kaspersky, a prominent Russian cybersecurity firm, noted that “Ymir ransomware features a distinctive mix of technical capabilities and tactics that bolster its effectiveness.” The attackers employed an unusual combination of memory management functions—malloc, memmove, and memcmp—to execute malicious code directly within system memory. This method diverges from the conventional execution flow found in common ransomware, significantly enhancing its stealth. Kaspersky reported observing this ransomware in an attack on an unnamed Colombian organization, with the threat actors leveraging stolen corporate credentials acquired through RustyStealer to gain unauthorized access.

Adult Websites Hiding Exploit Code in Inappropriate .svg Files

Obfuscated Code Found in SVG Files from Pornography Sites Triggers Malicious Attacks Recent findings from cybersecurity firm Malwarebytes have revealed alarming vulnerabilities in the use of SVG file formats on various adult-themed websites. Researchers discovered that these sites were deploying obfuscated JavaScript within SVG files, which, when downloaded, initiate a…

Read MoreAdult Websites Hiding Exploit Code in Inappropriate .svg Files

French Company Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers

Data Breach at Bouygues Telecom Affects 6.4 Million Customers Pierluigi Paganini August 08, 2025 Bouygues Telecom Reports Cyberattack Compromising Customer Data Bouygues Telecom has confirmed that it experienced a significant cyberattack, resulting in the exposure of personal information of approximately 6.4 million of its customers. This French telecommunications provider, a…

Read MoreFrench Company Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Google AI “Big Sleep” Detects Critical SQLite Vulnerability Before Exploitation Could Occur On July 16, 2025, Google announced a significant achievement in cybersecurity through its AI-driven vulnerability assessment tool, known as Big Sleep. This large language model (LLM)-assisted framework successfully detected a critical security vulnerability in the widely used SQLite…

Read More

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Warning: Ongoing Attack Campaign Compromises Over 2,000 Palo Alto Networks Devices November 21, 2024 In a concerning development in cybersecurity, it has been reported that approximately 2,000 devices from Palo Alto Networks have been compromised as a result of an ongoing attack campaign leveraging recently uncovered security vulnerabilities. The Shadowserver…

Read More

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Ex-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry

The recent shifts in the United States’ cybersecurity landscape illustrate a tumultuous period marked by significant policy changes under the Trump administration. The alterations to fiscal policy and foreign relations, coupled with widespread dismissals of federal staff, have left crucial cybersecurity priorities shrouded in uncertainty. This concern was evident at…

Read MoreEx-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry

Australian Privacy Regulator Takes Legal Action Against Optus Following 2022 Hack

Data Privacy, Data Security, Geo Focus: Australia Telecom Faces Potential Fines Up to $2.22 Million per Violation Akshaya Asokan (asokan_akshaya) • August 8, 2025 Image: Marlon Trottmann/Shutterstock The Australian Information Commissioner has initiated legal action against Optus, one of the country’s largest telecommunications companies, alleging the firm failed to adequately…

Read MoreAustralian Privacy Regulator Takes Legal Action Against Optus Following 2022 Hack

860K Affected in Columbia University Data Breach – Dark Reading | Cybersecurity News

860,000 Affected by Data Breach at Columbia University In a significant security incident, Columbia University has reported a data breach that has compromised the personal information of approximately 860,000 individuals. The university, based in the United States, has disclosed that sensitive data was potentially accessed by unauthorized actors, raising serious…

Read More860K Affected in Columbia University Data Breach – Dark Reading | Cybersecurity News