The Breach News

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

Google Alerts on Newly Discovered Android Zero-Day Exploited in Targeted Attacks November 3, 2021 Google has announced the release of its monthly security updates for the Android operating system, which include fixes for 39 vulnerabilities. Among these is a critical zero-day vulnerability identified as CVE-2021-1048, which the company has confirmed…

Read More

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

NSA Compromised Over 50,000 Computer Networks with Malware

November 23, 2013

The NSA possesses the capability to track “anyone, anywhere, anytime.” In September, we reported on how the agency, along with GCHQ, used LinkedIn and Slashdot to implant malware targeting engineers at Belgacom, the largest telecom company. Recently, a Dutch newspaper unveiled a new secret document from the NSA, disclosed by former intelligence employee Edward Snowden. This document reveals that the NSA has infiltrated over 50,000 computer networks globally with malware intended for stealing sensitive information. A slide from a 2012 NSA management presentation illustrates a world map pinpointing these targeted locations. The agency employs a method called “Computer Network Exploitation” (CNE), which allows for covert malware installation in computer systems. This malware can be remotely controlled, activated, and deactivated at will. According to the NSA’s own website, CNE encompasses actions that facilitate intelligence collection by exploiting data gathered through computer networks.

NSA Compromises Over 50,000 Computer Networks with Malware November 23, 2013 A recent revelation from a Dutch newspaper, stemming from documents leaked by former NSA contractor Edward Snowden, indicates that the National Security Agency (NSA) has successfully infiltrated more than 50,000 computer networks globally. This significant breach involves sophisticated malware…

Read More

NSA Compromised Over 50,000 Computer Networks with Malware

November 23, 2013

The NSA possesses the capability to track “anyone, anywhere, anytime.” In September, we reported on how the agency, along with GCHQ, used LinkedIn and Slashdot to implant malware targeting engineers at Belgacom, the largest telecom company. Recently, a Dutch newspaper unveiled a new secret document from the NSA, disclosed by former intelligence employee Edward Snowden. This document reveals that the NSA has infiltrated over 50,000 computer networks globally with malware intended for stealing sensitive information. A slide from a 2012 NSA management presentation illustrates a world map pinpointing these targeted locations. The agency employs a method called “Computer Network Exploitation” (CNE), which allows for covert malware installation in computer systems. This malware can be remotely controlled, activated, and deactivated at will. According to the NSA’s own website, CNE encompasses actions that facilitate intelligence collection by exploiting data gathered through computer networks.

Iranian Hackers Disrupt Operations at Key U.S. Infrastructure Sites

Iranian Hackers Targeting US Critical Infrastructure Amid Ongoing Tensions Recent reports indicate that hackers tied to the Iranian government are actively disrupting operations at various critical infrastructure sites across the United States. This disruption appears to be a reaction to the heightened geopolitical conflict between Iran and the U.S., as…

Read MoreIranian Hackers Disrupt Operations at Key U.S. Infrastructure Sites

Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise

September 11, 2025

Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”

SonicWall SSL VPN Vulnerabilities Targeted by Akira Ransomware Group On September 11, 2025, cybersecurity experts reported a significant uptick in cyber intrusions targeting SonicWall devices, particularly those involving the SSL VPN feature. This surge is attributed to ongoing attacks by the Akira ransomware group, which has recently intensified its efforts…

Read More

Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise

September 11, 2025

Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”

Critical RCE Vulnerability Discovered in the Linux Kernel’s TIPC Module

November 4, 2021

Cybersecurity experts have uncovered a significant security vulnerability in the Transparent Inter-Process Communication (TIPC) module of the Linux Kernel. This flaw could potentially allow both local and remote attackers to execute arbitrary code within the kernel, giving them control over affected systems. Assigned CVE-2021-43267 and rated with a CVSS score of 9.8, this heap overflow vulnerability “can be exploited locally or remotely within a network to gain kernel privileges, enabling attackers to compromise the entire system,” according to a report by cybersecurity firm SentinelOne shared with The Hacker News. TIPC is a transport layer protocol designed for seamless communication between nodes in dynamic cluster environments, offering improved efficiency and fault tolerance compared to traditional protocols like TCP. The vulnerability arises from inadequate validation of user-provided sizes for a new message type.

Significant RCE Vulnerability Discovered in Linux Kernel’s TIPC Module On November 4, 2021, cybersecurity experts disclosed a critical security vulnerability within the Linux Kernel’s Transparent Inter Process Communication (TIPC) module. This flaw, designated as CVE-2021-43267, has been assigned a high common vulnerability scoring system (CVSS) score of 9.8, indicating severe…

Read More

Critical RCE Vulnerability Discovered in the Linux Kernel’s TIPC Module

November 4, 2021

Cybersecurity experts have uncovered a significant security vulnerability in the Transparent Inter-Process Communication (TIPC) module of the Linux Kernel. This flaw could potentially allow both local and remote attackers to execute arbitrary code within the kernel, giving them control over affected systems. Assigned CVE-2021-43267 and rated with a CVSS score of 9.8, this heap overflow vulnerability “can be exploited locally or remotely within a network to gain kernel privileges, enabling attackers to compromise the entire system,” according to a report by cybersecurity firm SentinelOne shared with The Hacker News. TIPC is a transport layer protocol designed for seamless communication between nodes in dynamic cluster environments, offering improved efficiency and fault tolerance compared to traditional protocols like TCP. The vulnerability arises from inadequate validation of user-provided sizes for a new message type.

Malware Leverages Inaudible Audio Signals to Transfer Stolen Data

Dec 03, 2013

If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.

New Malware Exploits Inaudible Audio Signals to Exfiltrate Data On December 3, 2013, researchers revealed a groundbreaking malware prototype capable of transferring stolen data via inaudible audio signals, challenging prevailing assumptions about the security of isolated digital systems. Traditionally, the belief is that computers disconnected from networks and devoid of…

Read More

Malware Leverages Inaudible Audio Signals to Transfer Stolen Data

Dec 03, 2013

If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.

Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Senator Wyden Calls for FTC Investigation into Microsoft Over Cybersecurity Negligence Linked to Ransomware Attacks September 11, 2025 U.S. Senator Ron Wyden has formally requested the Federal Trade Commission (FTC) to investigate Microsoft, alleging severe cybersecurity negligence that has facilitated ransomware assaults on critical U.S. infrastructure, notably in the healthcare…

Read More

Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access

November 5, 2021

Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.

Hardcoded SSH Key in Cisco Policy Suite Exposes Systems to Remote Root Access Vulnerability On November 5, 2021, Cisco Systems disclosed critical security updates aimed at addressing significant vulnerabilities across several of its products. One of the foremost issues identified is linked to a hardcoded SSH key within the Cisco…

Read More

Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access

November 5, 2021

Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.