In a significant security incident, Google has acknowledged that one of its internal databases was compromised by the notorious cybercriminal group known as ShinyHunters (also identified as UNC6040). The Google Threat Intelligence Group (GTIC) reported that the unauthorized access to its Salesforce database occurred in June and involved the exposure…
Governance & Risk Management, Legacy Infrastructure Security CISA Issues Emergency Directive Mandating Federal Agencies Address Vulnerability Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • August 7, 2025 Image: Microsoft/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive urging federal agencies to address a critical vulnerability affecting Microsoft…
Payback: ‘ShinyHunters’ Hacks Google via Salesforce In a recent cybersecurity incident, the notorious hacking group known as ‘ShinyHunters’ has reportedly executed a significant breach targeting Google by leveraging vulnerabilities in Salesforce. This breach adds another chapter to the ongoing saga of cyber threats plaguing major tech entities, highlighting the persistent…
July 17, 2025
Cryptocurrency / Security Threats
Recent findings by cybersecurity experts reveal a new campaign that targets a known vulnerability in the Apache HTTP Server to deploy a cryptocurrency miner named Linuxsys. This vulnerability, identified as CVE-2021-41773, carries a high severity rating (CVSS score: 7.5) and involves a path traversal issue in Apache HTTP Server version 2.4.49, which allows for remote code execution. According to Jacob Baines from VulnCheck, “Attackers exploit compromised legitimate websites to disseminate malware, facilitating hidden delivery and evasion of detection.” The infection process, traced back to an Indonesian IP address (103.193.177[.]152), aims to transfer a subsequent payload from “repositorylinux[.]org” using tools like curl or wget. This payload, a shell script, is tasked with downloading the Linuxsys cryptocurrency miner from five separate legitimate sites, indicating that the threat actors…
Hackers Target Apache HTTP Server Vulnerability to Deploy Linuxsys Cryptocurrency Miner On July 17, 2025, cybersecurity experts reported a dangerous campaign exploiting a vulnerability in the Apache HTTP Server, enabling attackers to deploy a cryptocurrency miner known as Linuxsys. This specific flaw, identified as CVE-2021-41773, carries a high severity rating…
July 17, 2025
Cryptocurrency / Security Threats
Recent findings by cybersecurity experts reveal a new campaign that targets a known vulnerability in the Apache HTTP Server to deploy a cryptocurrency miner named Linuxsys. This vulnerability, identified as CVE-2021-41773, carries a high severity rating (CVSS score: 7.5) and involves a path traversal issue in Apache HTTP Server version 2.4.49, which allows for remote code execution. According to Jacob Baines from VulnCheck, “Attackers exploit compromised legitimate websites to disseminate malware, facilitating hidden delivery and evasion of detection.” The infection process, traced back to an Indonesian IP address (103.193.177[.]152), aims to transfer a subsequent payload from “repositorylinux[.]org” using tools like curl or wget. This payload, a shell script, is tasked with downloading the Linuxsys cryptocurrency miner from five separate legitimate sites, indicating that the threat actors…
In recent developments, instances of fraudulent calls utilizing artificial intelligence to replicate familiar voices have surfaced with alarming frequency. These scams often manipulate the voice of a grandchild, colleague, or executive to convey urgent messages, compelling victims to rapidly wire money, share sensitive information, or visit harmful websites. The deceptive…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Interlock Claims to Possess 1.5TB of DaVita’s Data Amid Rising Costs Marianne Kolbasuk McGee (HealthInfoSec) • August 6, 2025 Image: DaVita Inc. DaVita Inc., a leading provider in kidney dialysis services globally, recently reported to regulators that a cyberattack occurring in…
Cybersecurity has suffered another blow as hackers have reportedly accessed personal information belonging to potentially hundreds of customers of KLM and Air France through a supply chain attack. This alarming breach was first unveiled in a report on KLM’s Dutch website, with a spokesperson from Air France-KLM confirming that the…
Severe Flaw in NVIDIA Container Toolkit Enables Privilege Escalation in AI Cloud Services
On July 18, 2025, cybersecurity experts revealed a critical vulnerability in the NVIDIA Container Toolkit that threatens AI cloud services. Identified as CVE-2025-23266, this flaw has a CVSS score of 9.0 out of 10.0 and has been dubbed “NVIDIAScape” by Wiz, a cloud security firm owned by Google. According to NVIDIA’s advisory, the vulnerability arises from issues in the initialization hooks of the container, allowing attackers to execute arbitrary code with elevated permissions. Successful exploitation could lead to privilege escalation, data tampering, information leakage, and denial-of-service attacks. This vulnerability affects all versions of the NVIDIA Container Toolkit up to 1.17.7 and the NVIDIA GPU Operator up to 25.3.0, with patches included in versions 1.17.8 and 25.3.1.
Critical Vulnerability Discovered in NVIDIA Container Toolkit: A Major Threat to AI Cloud Services July 18, 2025 Cloud Security / AI Security Recent analysis by cybersecurity experts has uncovered a serious vulnerability within the NVIDIA Container Toolkit, a critical component for AI cloud services, that could allow for significant privilege…
Severe Flaw in NVIDIA Container Toolkit Enables Privilege Escalation in AI Cloud Services
On July 18, 2025, cybersecurity experts revealed a critical vulnerability in the NVIDIA Container Toolkit that threatens AI cloud services. Identified as CVE-2025-23266, this flaw has a CVSS score of 9.0 out of 10.0 and has been dubbed “NVIDIAScape” by Wiz, a cloud security firm owned by Google. According to NVIDIA’s advisory, the vulnerability arises from issues in the initialization hooks of the container, allowing attackers to execute arbitrary code with elevated permissions. Successful exploitation could lead to privilege escalation, data tampering, information leakage, and denial-of-service attacks. This vulnerability affects all versions of the NVIDIA Container Toolkit up to 1.17.7 and the NVIDIA GPU Operator up to 25.3.0, with patches included in versions 1.17.8 and 25.3.1.
Dec 05, 2024
Threat Intelligence / Cyber Espionage
A suspected Chinese threat actor infiltrated a prominent U.S. organization earlier this year in a four-month-long cyber assault. According to Broadcom-owned Symantec, the first signs of the breach were detected on April 11, 2024, and continued until August, with the possibility of earlier activity not being ruled out.
“The attackers moved laterally within the organization’s network, compromising multiple computers,” reported the Symantec Threat Hunter Team in a release to The Hacker News. “Some targeted machines were Exchange Servers, indicating that the attackers were likely gathering intelligence through email harvesting. Additionally, exfiltration tools were deployed, implying that sensitive data was extracted from the organization.”
The identity of the affected organization remains undisclosed, though it is significant in size and presence in China. The implications of these links to Chinese actors …
Researchers Uncover Prolonged Cyberattack on U.S. Organization Tied to Chinese Hackers December 5, 2024 In a significant development within the realm of cybersecurity, researchers have revealed that a large U.S. organization fell victim to a sophisticated cyber intrusion believed to be orchestrated by a Chinese threat actor. The incident, which…
Dec 05, 2024
Threat Intelligence / Cyber Espionage
A suspected Chinese threat actor infiltrated a prominent U.S. organization earlier this year in a four-month-long cyber assault. According to Broadcom-owned Symantec, the first signs of the breach were detected on April 11, 2024, and continued until August, with the possibility of earlier activity not being ruled out.
“The attackers moved laterally within the organization’s network, compromising multiple computers,” reported the Symantec Threat Hunter Team in a release to The Hacker News. “Some targeted machines were Exchange Servers, indicating that the attackers were likely gathering intelligence through email harvesting. Additionally, exfiltration tools were deployed, implying that sensitive data was extracted from the organization.”
The identity of the affected organization remains undisclosed, though it is significant in size and presence in China. The implications of these links to Chinese actors …
