The Breach News

Beware of Salty2FA: New Phishing Kit Targeting Enterprises in the US and EU

September 10, 2025
Malware Analysis / Enterprise Security

Phishing-as-a-Service (PhaaS) platforms are continuously evolving, providing cybercriminals with quicker and cheaper methods to infiltrate corporate accounts. Researchers at ANY.RUN have identified a new threat: Salty2FA, a sophisticated phishing kit capable of bypassing various two-factor authentication methods and evading traditional defenses. Currently active in campaigns across the US and EU, Salty2FA threatens numerous industries, including finance and energy. Its complex execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most formidable PhaaS frameworks observed this year.

Why Salty2FA Poses a Significant Risk for Enterprises
With the ability to bypass push notifications, SMS, and voice-based 2FA, Salty2FA allows stolen credentials to easily lead to account takeovers. Targeting sectors such as finance, energy, and telecommunications, this kit transforms ordinary phishing emails into severe security breaches.

Identifying the Targets
ANY.RUN analysts have mapped Salty2FA campaigns and highlighted…

Beware of Salty2FA: Emerging Phishing Kit Targeting US and EU Businesses September 10, 2025 By BreachSpot News Team The landscape of cybersecurity threats is evolving rapidly, with Phishing-as-a-Service (PhaaS) platforms gaining momentum among malicious actors. In a recent discovery, cybersecurity analysts at ANY.RUN have identified a new phishing kit dubbed…

Read More

Beware of Salty2FA: New Phishing Kit Targeting Enterprises in the US and EU

September 10, 2025
Malware Analysis / Enterprise Security

Phishing-as-a-Service (PhaaS) platforms are continuously evolving, providing cybercriminals with quicker and cheaper methods to infiltrate corporate accounts. Researchers at ANY.RUN have identified a new threat: Salty2FA, a sophisticated phishing kit capable of bypassing various two-factor authentication methods and evading traditional defenses. Currently active in campaigns across the US and EU, Salty2FA threatens numerous industries, including finance and energy. Its complex execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most formidable PhaaS frameworks observed this year.

Why Salty2FA Poses a Significant Risk for Enterprises
With the ability to bypass push notifications, SMS, and voice-based 2FA, Salty2FA allows stolen credentials to easily lead to account takeovers. Targeting sectors such as finance, energy, and telecommunications, this kit transforms ordinary phishing emails into severe security breaches.

Identifying the Targets
ANY.RUN analysts have mapped Salty2FA campaigns and highlighted…

Major Vulnerability in OpenSea Could Have Allowed Hackers to Steal Cryptocurrency from User Wallets

Oct 13, 2021

A recently patched critical vulnerability in OpenSea, the leading marketplace for non-fungible tokens (NFTs), had the potential to be exploited by hackers to siphon cryptocurrency from victims by sending specially-crafted tokens. This revelation comes from cybersecurity firm Check Point Research, which launched an investigation following reports of cryptocurrency theft linked to free airdropped NFTs. The issues were resolved within an hour of responsible disclosure on September 26, 2021. “If left unaddressed, these vulnerabilities could have permitted hackers to seize user accounts and drain entire cryptocurrency wallets by crafting malicious NFTs,” stated researchers from Check Point. NFTs, as unique digital assets, include items like photos, videos, and audio, traded on the blockchain, which serves as a certificate of authenticity.

OpenSea’s Recent Vulnerability Exposed Cryptocurrency Wallets to Potential Theft On October 13, 2021, a significant security flaw was discovered and promptly resolved within OpenSea, the largest marketplace for non-fungible tokens (NFTs) globally. This vulnerability permitted hackers to potentially siphon off cryptocurrency from user wallets through the delivery of specially designed…

Read More

Major Vulnerability in OpenSea Could Have Allowed Hackers to Steal Cryptocurrency from User Wallets

Oct 13, 2021

A recently patched critical vulnerability in OpenSea, the leading marketplace for non-fungible tokens (NFTs), had the potential to be exploited by hackers to siphon cryptocurrency from victims by sending specially-crafted tokens. This revelation comes from cybersecurity firm Check Point Research, which launched an investigation following reports of cryptocurrency theft linked to free airdropped NFTs. The issues were resolved within an hour of responsible disclosure on September 26, 2021. “If left unaddressed, these vulnerabilities could have permitted hackers to seize user accounts and drain entire cryptocurrency wallets by crafting malicious NFTs,” stated researchers from Check Point. NFTs, as unique digital assets, include items like photos, videos, and audio, traded on the blockchain, which serves as a certificate of authenticity.

Men Purchase Hacking Tools to Target Wives and Friends

Cybersecurity Threats Emerge from Telegram Communities Targeting Women Recent findings reveal alarming activities within Telegram groups where thousands of men engage in the sale and promotion of hacking and surveillance services. These services, which can be exploited to target individuals like friends, partners, and ex-partners, raise significant concerns about cyber…

Read MoreMen Purchase Hacking Tools to Target Wives and Friends

Microsoft Announces Fix for 80 Security Vulnerabilities, Including Critical SMB Privilege Escalation and Azure CVSS 10.0 Issues

On September 10, 2025, Microsoft released patches for 80 security flaws across its software. This update includes one vulnerability that had already been disclosed publicly. Among these, eight are classified as Critical, while 72 are deemed Important. Fortunately, none were exploited in the wild as zero-day vulnerabilities. Similar to the previous month, 38 flaws are linked to privilege escalation, followed by 22 related to remote code execution, 14 concerning information disclosure, and 3 classified as denial-of-service. “For the third time this year, Microsoft has addressed more privilege escalation vulnerabilities than remote code execution issues,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. “Almost half (47.5%) of the vulnerabilities this month are related to privilege escalation.” This patch release also includes updates to 12 vulnerabilities in Microsoft’s Chromium-based Edge browser since August 2025’s Patch Tuesday.

Microsoft Addresses 80 Security Flaws, Including Critical SMB Privilege Escalation and Azure Vulnerabilities On September 10, 2025, Microsoft released patches for 80 identified security vulnerabilities in its software ecosystem. Among these flaws, eight have been classified as Critical, while the remaining 72 are deemed Important in terms of severity. Notably,…

Read More

Microsoft Announces Fix for 80 Security Vulnerabilities, Including Critical SMB Privilege Escalation and Azure CVSS 10.0 Issues

On September 10, 2025, Microsoft released patches for 80 security flaws across its software. This update includes one vulnerability that had already been disclosed publicly. Among these, eight are classified as Critical, while 72 are deemed Important. Fortunately, none were exploited in the wild as zero-day vulnerabilities. Similar to the previous month, 38 flaws are linked to privilege escalation, followed by 22 related to remote code execution, 14 concerning information disclosure, and 3 classified as denial-of-service. “For the third time this year, Microsoft has addressed more privilege escalation vulnerabilities than remote code execution issues,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. “Almost half (47.5%) of the vulnerabilities this month are related to privilege escalation.” This patch release also includes updates to 12 vulnerabilities in Microsoft’s Chromium-based Edge browser since August 2025’s Patch Tuesday.

New ‘Trojan Source’ Technique Allows Hackers to Conceal Vulnerabilities in Source Code

November 1, 2021

A groundbreaking class of vulnerabilities has emerged, enabling threat actors to inject misleading malware that technically adheres to coding logic while distorting its intended functionality. Known as “Trojan Source attacks,” this method exploits nuances in text-encoding standards like Unicode, allowing the arrangement of source code tokens to differ from their displayed order. This results in vulnerabilities that evade detection by human reviewers, according to researchers Nicholas Boucher and Ross Anderson from Cambridge University, who outlined the findings in a recent paper. These vulnerabilities, identified as CVE-2021-42574 and CVE-2021-42694, impact compilers across numerous widely-used programming languages, including C, C++, C#, JavaScript, Java, Rust, Go, and Python. Compilers are essential tools that convert high-level human-readable code into executable machine code.

New ‘Trojan Source’ Technique Enables Hackers to Conceal Vulnerabilities in Code On November 1, 2021, researchers at Cambridge University unveiled a concerning development in cybersecurity: a technique known as “Trojan Source attacks.” This novel class of vulnerabilities allows threat actors to incorporate visually misleading malware within source code, maintaining logical…

Read More

New ‘Trojan Source’ Technique Allows Hackers to Conceal Vulnerabilities in Source Code

November 1, 2021

A groundbreaking class of vulnerabilities has emerged, enabling threat actors to inject misleading malware that technically adheres to coding logic while distorting its intended functionality. Known as “Trojan Source attacks,” this method exploits nuances in text-encoding standards like Unicode, allowing the arrangement of source code tokens to differ from their displayed order. This results in vulnerabilities that evade detection by human reviewers, according to researchers Nicholas Boucher and Ross Anderson from Cambridge University, who outlined the findings in a recent paper. These vulnerabilities, identified as CVE-2021-42574 and CVE-2021-42694, impact compilers across numerous widely-used programming languages, including C, C++, C#, JavaScript, Java, Rust, Go, and Python. Compilers are essential tools that convert high-level human-readable code into executable machine code.

FBI Alerts: Anonymous Hackers Have Compromised US Government Networks for Nearly a Year

November 17, 2013

The FBI has issued a warning that members of the hacktivist group Anonymous have been covertly infiltrating US government computers and stealing sensitive information in a campaign that started nearly a year ago. The group has exploited vulnerabilities in Adobe software to breach targeted systems and install backdoors, allowing ongoing access to compromised computers, with activities dating back to last December, according to a Reuters report.

This hacking campaign has affected various government entities, including the U.S. Army, Department of Energy, and the Department of Health and Human Services. The FBI described the intrusion as “a widespread problem that warrants immediate attention” and has provided guidance to system administrators on identifying potential compromises in their networks. Investigators are currently assessing the extent of the breaches, with concerns that the hackers’ activities are ongoing.

FBI Alerts on Anonymous Hackers Compromising U.S. Government Systems for Nearly a Year November 17, 2013 The FBI has issued a significant alert regarding the hacktivist collective known as Anonymous, revealing that its members have clandestinely infiltrated U.S. government computer systems, leading to the theft of sensitive data over the…

Read More

FBI Alerts: Anonymous Hackers Have Compromised US Government Networks for Nearly a Year

November 17, 2013

The FBI has issued a warning that members of the hacktivist group Anonymous have been covertly infiltrating US government computers and stealing sensitive information in a campaign that started nearly a year ago. The group has exploited vulnerabilities in Adobe software to breach targeted systems and install backdoors, allowing ongoing access to compromised computers, with activities dating back to last December, according to a Reuters report.

This hacking campaign has affected various government entities, including the U.S. Army, Department of Energy, and the Department of Health and Human Services. The FBI described the intrusion as “a widespread problem that warrants immediate attention” and has provided guidance to system administrators on identifying potential compromises in their networks. Investigators are currently assessing the extent of the breaches, with concerns that the hackers’ activities are ongoing.

Unlocking Boardroom Communication: Empowering CISOs to Articulate Business Impact

 
Sep 11, 2025
Continuous Threat Exposure Management

CISOs possess deep expertise in their domain—they are well-versed in the threat landscape, capable of building robust and cost-effective security systems, adept at staffing, navigating compliance intricacies, and managing risk. But a recurring challenge arises in discussions with these security leaders: how can they effectively convey the implications of risk to business decision-makers?

Boards focus on how risk influences revenue, governance, and growth, often showing little interest in detailed vulnerability lists or technicalities. When the narrative becomes overly technical, even critical initiatives can stall and miss funding.

CISOs must learn to translate technical challenges into business-friendly language, fostering trust, gaining support, and demonstrating how security decisions tie directly to sustainable growth. This urgent need to bridge the communication divide between CISOs and Boards has driven us to establish a new framework for CISO engagement.

Bridging the Gap: Empowering CISOs to Communicate with Business Leaders As cybersecurity threats continue to evolve, Chief Information Security Officers (CISOs) find themselves at the forefront of defending organizations against persistent risks. Their expertise encompasses a wide array of critical areas: they possess a profound understanding of the current threat…

Read More

Unlocking Boardroom Communication: Empowering CISOs to Articulate Business Impact

 
Sep 11, 2025
Continuous Threat Exposure Management

CISOs possess deep expertise in their domain—they are well-versed in the threat landscape, capable of building robust and cost-effective security systems, adept at staffing, navigating compliance intricacies, and managing risk. But a recurring challenge arises in discussions with these security leaders: how can they effectively convey the implications of risk to business decision-makers?

Boards focus on how risk influences revenue, governance, and growth, often showing little interest in detailed vulnerability lists or technicalities. When the narrative becomes overly technical, even critical initiatives can stall and miss funding.

CISOs must learn to translate technical challenges into business-friendly language, fostering trust, gaining support, and demonstrating how security decisions tie directly to sustainable growth. This urgent need to bridge the communication divide between CISOs and Boards has driven us to establish a new framework for CISO engagement.

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

Google Alerts on Newly Discovered Android Zero-Day Exploited in Targeted Attacks November 3, 2021 Google has announced the release of its monthly security updates for the Android operating system, which include fixes for 39 vulnerabilities. Among these is a critical zero-day vulnerability identified as CVE-2021-1048, which the company has confirmed…

Read More

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.