The Breach News

Urgent Log4J Vulnerability Poses Significant Threat to Internet Security

Dec 11, 2021

The Apache Software Foundation has addressed a critical zero-day vulnerability in the widely-used Apache Log4j Java logging library, actively exploited to execute malicious code and potentially gain full control over affected systems. Identified as CVE-2021-44228 and known as Log4Shell or LogJam, this flaw allows unauthenticated remote code execution (RCE) in applications utilizing this open-source tool, impacting versions from Log4j 2.0-beta9 to 2.14.1. The bug received a maximum severity score of 10 on the CVSS rating scale. The Apache Foundation’s advisory states, “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.” Starting with Log4j version 2.15.0, this functionality has been disabled by default. Exploitation can be performed with minimal effort…

Severe Log4J Vulnerability Poses Significant Threat to Internet Security December 11, 2021 The Apache Software Foundation has disclosed critical updates addressing a zero-day vulnerability actively exploited within the widely adopted Apache Log4j Java logging library. This vulnerability has the potential to allow malicious actors to execute arbitrary code, resulting in…

Read More

Urgent Log4J Vulnerability Poses Significant Threat to Internet Security

Dec 11, 2021

The Apache Software Foundation has addressed a critical zero-day vulnerability in the widely-used Apache Log4j Java logging library, actively exploited to execute malicious code and potentially gain full control over affected systems. Identified as CVE-2021-44228 and known as Log4Shell or LogJam, this flaw allows unauthenticated remote code execution (RCE) in applications utilizing this open-source tool, impacting versions from Log4j 2.0-beta9 to 2.14.1. The bug received a maximum severity score of 10 on the CVSS rating scale. The Apache Foundation’s advisory states, “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.” Starting with Log4j version 2.15.0, this functionality has been disabled by default. Exploitation can be performed with minimal effort…

Over 100,000 Refrigerators and Smart Appliances Hacked in Cyber Attack

Jan 18, 2014

Are you unaware that “zombies” could be lurking in your home? It might surprise you to learn that it’s not just computers and smartphones at risk—now even your household appliances can become weapons or victims in the realm of cyber warfare. Security researchers from Proofpoint recently discovered over 100,000 compromised smart devices, including refrigerators and TVs, that were hijacked by hackers to send out 750,000 malicious spam emails. As the Internet of Things gains traction, cybercriminals have seized this opportunity to launch large-scale attacks. The intrusion tracked by Proofpoint took place between December 23, 2013, and January 6, 2014, featuring aggressive email campaigns that targeted enterprises and individuals worldwide, sending out bursts of 100,000 emails three times daily. This marks the first documented case of smart appliances being utilized in such a manner, transitioning from theoretical discussion to a tangible threat.

Over 100,000 Home Appliances Hacked to Facilitate Cyber Attack January 18, 2014 A significant cybersecurity breach has been reported involving more than 100,000 compromised smart devices, including refrigerators and televisions, which were exploited by hackers to dispatch approximately 750,000 spam emails. Security researchers from Proofpoint have uncovered this alarming trend,…

Read More

Over 100,000 Refrigerators and Smart Appliances Hacked in Cyber Attack

Jan 18, 2014

Are you unaware that “zombies” could be lurking in your home? It might surprise you to learn that it’s not just computers and smartphones at risk—now even your household appliances can become weapons or victims in the realm of cyber warfare. Security researchers from Proofpoint recently discovered over 100,000 compromised smart devices, including refrigerators and TVs, that were hijacked by hackers to send out 750,000 malicious spam emails. As the Internet of Things gains traction, cybercriminals have seized this opportunity to launch large-scale attacks. The intrusion tracked by Proofpoint took place between December 23, 2013, and January 6, 2014, featuring aggressive email campaigns that targeted enterprises and individuals worldwide, sending out bursts of 100,000 emails three times daily. This marks the first documented case of smart appliances being utilized in such a manner, transitioning from theoretical discussion to a tangible threat.

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

Apple Addresses Vulnerability CVE-2025-43300 After Reports of Targeted Spyware Attacks September 16, 2025 Apple has recently implemented backported fixes for a significant security vulnerability, CVE-2025-43300, which has reportedly been exploited in sophisticated, targeted spyware incidents. The flaw, rated 8.8 on the CVSS scale, pertains to an out-of-bounds write issue within…

Read More

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

Recent BreachForums Relaunch Linked to Impersonation of ShinyHunters Admin

Cybercrime , Data Security , Fraud Management & Cybercrime Post-Reboot, Cybercrime Group Claims No Ties to Hacker Site Mathew J. Schwartz (euroinfosec) • April 3, 2026 Image: Shutterstock BreachForums continues to be a focal point of controversy following its recent reboot. An individual claiming affiliation with the ShinyHunters extortion group…

Read MoreRecent BreachForums Relaunch Linked to Impersonation of ShinyHunters Admin

Groups Oppose HHS’s Proposed Rollbacks on Health IT

Healthcare, Industry Specific, Standards, Regulations & Compliance Healthcare Groups Warn of Risks from HHS’ Proposed IT Certification Changes Marianne Kolbasuk McGee ( HealthInfoSec) • March 3, 2026 Proposed reductions in health IT certification requirements by HHS are facing resistance from industry groups concerned about privacy and security implications. (Image: Getty…

Read MoreGroups Oppose HHS’s Proposed Rollbacks on Health IT

State-Sponsored Hackers Likely Targeted MS Exchange 0-Days at Approximately 10 Organizations

On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…

Read MoreState-Sponsored Hackers Likely Targeted MS Exchange 0-Days at Approximately 10 Organizations

StoneDrill Disk Wiping Malware Discovered Targeting European Industries

A newly identified disk-wiping malware known as StoneDrill has emerged, targeting a petroleum company in Europe. This malware bears similarities to the infamous Shamoon, which notoriously deleted data from 35,000 computers at Saudi Arabia’s national oil company back in 2012. Disk-wiping malware like StoneDrill can inflict severe damage on organizations…

Read MoreStoneDrill Disk Wiping Malware Discovered Targeting European Industries

🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…

Read More🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

JetStream Secures $34M Seed Funding to Advance AI Governance

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Ex-CrowdStrike Product Leader Unveils Blueprint Model to Tackle MCP Server Issues and Cost Management Michael Novinson (MichaelNovinson) • March 3, 2026 Raj Rajamani, co-founder and CEO of JetStream (Image: JetStream) JetStream, a startup focusing on artificial intelligence governance, has successfully…

Read MoreJetStream Secures $34M Seed Funding to Advance AI Governance