The Breach News

UNC6384 Uses Captive Portal Hijacks and Valid Certificates for PlugX Deployment Targeting Diplomats

August 25, 2025
Malware / Cyber Espionage

A threat actor associated with China, known as UNC6384, has been linked to a series of attacks aimed at diplomats in Southeast Asia and various global entities to further Beijing’s strategic goals. “This complex attack chain employs sophisticated social engineering tactics, including the use of legitimate code signing certificates, adversary-in-the-middle (AitM) techniques, and indirect execution methods to bypass detection,” noted Patrick Whitsell from Google’s Threat Intelligence Group (GTIG). UNC6384 is believed to share resources and tactics with the well-known Chinese hacking group Mustang Panda, also identified by multiple aliases such as BASIN, Bronze President, and more. The campaign, identified by GTIG in March 2025, features a captive portal redirect to hijack web traffic and distribute a digitally signed downloader known as STATICPLUGIN. This downloader subsequently facilitates…

UNC6384 Employs PlugX via Captive Portal Hijacks and Credential Misuse Targeting Diplomats On August 25, 2025, Google Threat Intelligence Group (GTIG) uncovered a sophisticated cyber-espionage campaign attributed to a threat actor known as UNC6384. This group is believed to be aligned with Chinese interests and has been observed targeting diplomats…

Read More

UNC6384 Uses Captive Portal Hijacks and Valid Certificates for PlugX Deployment Targeting Diplomats

August 25, 2025
Malware / Cyber Espionage

A threat actor associated with China, known as UNC6384, has been linked to a series of attacks aimed at diplomats in Southeast Asia and various global entities to further Beijing’s strategic goals. “This complex attack chain employs sophisticated social engineering tactics, including the use of legitimate code signing certificates, adversary-in-the-middle (AitM) techniques, and indirect execution methods to bypass detection,” noted Patrick Whitsell from Google’s Threat Intelligence Group (GTIG). UNC6384 is believed to share resources and tactics with the well-known Chinese hacking group Mustang Panda, also identified by multiple aliases such as BASIN, Bronze President, and more. The campaign, identified by GTIG in March 2025, features a captive portal redirect to hijack web traffic and distribute a digitally signed downloader known as STATICPLUGIN. This downloader subsequently facilitates…

Instagram Bug Exposed Private Accounts, Allowing Unfettered Access to Archived Content

June 15, 2021

Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.

Instagram Security Vulnerability Exposed Private Accounts June 15, 2021 Instagram has recently addressed a significant security vulnerability that permitted unauthorized access to archived media from private accounts. This flaw allowed any individual to view posts and stories of users without needing to follow them, raising serious concerns about personal data…

Read More

Instagram Bug Exposed Private Accounts, Allowing Unfettered Access to Archived Content

June 15, 2021

Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.

“Understanding the Hacker’s Mindset: A Reflection on Their Essential Role in Cybersecurity”

On January 25, 2013, the critical role of hackers in cybersecurity became increasingly recognized. Often viewed as a nightmare by security experts, these specialists possess invaluable knowledge that sheds light on the vulnerabilities in our infrastructures. To effectively protect systems, one must adopt a hacker’s perspective.

Hacking embodies a culture and lifestyle that often clashes with conventional business logic. True hackers are not solely motivated by financial gain; while money is important, their primary drive lies in challenging their own skills and continuously pushing their limits.

Fortunately, the government and private sectors have come to appreciate the importance of hackers, transforming their reputation from undesirable outcasts to highly sought-after professionals. Identifying vulnerabilities before malicious actors can exploit them is crucial, especially in an era where millions of people and devices are interconnected.

Unpacking the Evolving Role of Hackers in Cybersecurity January 25, 2013 In today’s digital landscape, the role of hackers has taken on unprecedented significance, particularly within the realm of cybersecurity. Once perceived as antagonists by security professionals, hackers have emerged as crucial allies in the relentless fight against cyber threats.…

Read More

“Understanding the Hacker’s Mindset: A Reflection on Their Essential Role in Cybersecurity”

On January 25, 2013, the critical role of hackers in cybersecurity became increasingly recognized. Often viewed as a nightmare by security experts, these specialists possess invaluable knowledge that sheds light on the vulnerabilities in our infrastructures. To effectively protect systems, one must adopt a hacker’s perspective.

Hacking embodies a culture and lifestyle that often clashes with conventional business logic. True hackers are not solely motivated by financial gain; while money is important, their primary drive lies in challenging their own skills and continuously pushing their limits.

Fortunately, the government and private sectors have come to appreciate the importance of hackers, transforming their reputation from undesirable outcasts to highly sought-after professionals. Identifying vulnerabilities before malicious actors can exploit them is crucial, especially in an era where millions of people and devices are interconnected.

Debunking the Myth: AES 128 Remains Secure in a Post-Quantum Era

Understanding the Misconceptions of Quantum Computing and Cryptography A prevalent belief among some cybersecurity professionals is that quantum computers threaten to significantly reduce the security of symmetric encryption keys, suggesting that 256-bit keys are necessary to maintain the same level of security as 128-bit keys. However, a detailed analysis challenges…

Read MoreDebunking the Myth: AES 128 Remains Secure in a Post-Quantum Era

ShadowCaptcha Targets WordPress Sites to Distribute Ransomware, Info Stealers, and Crypto Miners

August 26, 2025
Ransomware / Cryptojacking

A significant new campaign has been uncovered, impacting over 100 compromised WordPress sites. This initiative redirects visitors to fake CAPTCHA verification pages employing the ClickFix social engineering technique to disseminate information stealers, ransomware, and cryptocurrency miners. Dubbed ShadowCaptcha by the Israel National Digital Agency, this widespread cybercrime operation, first detected in August 2025, utilizes a combination of social engineering, living-off-the-land binaries (LOLBins), and multi-stage payload delivery to establish and sustain access to targeted systems. Researchers Shimi Cohen, Adi Pick, Idan Beit Yosef, Hila David, and Yaniv Goldman explain, “The ultimate aims of ShadowCaptcha include harvesting sensitive information through credential theft and browser data exfiltration, deploying cryptocurrency miners for illicit gains, and even initiating ransomware outbreaks.” The attacks commence when unsuspecting users visit a compromised site…

ShadowCaptcha Campaign Targets WordPress Sites to Distribute Ransomware and Theft Tools In a significant cybersecurity breach identified in late August 2025, over 100 compromised WordPress websites have been leveraged to funnel unsuspecting visitors to deceptive CAPTCHA verification pages. This campaign, dubbed ShadowCaptcha by the Israel National Digital Agency, employs the…

Read More

ShadowCaptcha Targets WordPress Sites to Distribute Ransomware, Info Stealers, and Crypto Miners

August 26, 2025
Ransomware / Cryptojacking

A significant new campaign has been uncovered, impacting over 100 compromised WordPress sites. This initiative redirects visitors to fake CAPTCHA verification pages employing the ClickFix social engineering technique to disseminate information stealers, ransomware, and cryptocurrency miners. Dubbed ShadowCaptcha by the Israel National Digital Agency, this widespread cybercrime operation, first detected in August 2025, utilizes a combination of social engineering, living-off-the-land binaries (LOLBins), and multi-stage payload delivery to establish and sustain access to targeted systems. Researchers Shimi Cohen, Adi Pick, Idan Beit Yosef, Hila David, and Yaniv Goldman explain, “The ultimate aims of ShadowCaptcha include harvesting sensitive information through credential theft and browser data exfiltration, deploying cryptocurrency miners for illicit gains, and even initiating ransomware outbreaks.” The attacks commence when unsuspecting users visit a compromised site…

Urgent: Update Your Chrome Browser to Address New 0-Day Vulnerability

June 18, 2021

Google has released an important update for the Chrome browser on Windows, Mac, and Linux to resolve four security vulnerabilities, including a critical zero-day flaw currently being exploited. This issue, identified as CVE-2021-30554, is a high-severity “use after free” vulnerability in WebGL (Web Graphics Library), which is a JavaScript API used for rendering interactive 2D and 3D graphics in the browser. Exploiting this flaw could lead to data corruption, crashes, and unauthorized execution of code or commands. Google received an anonymous report about the vulnerability on June 15, and Chrome technical program manager Srinivas Sista confirmed that the company is “aware that an exploit for CVE-2021-30554 exists in the wild.” While it’s standard practice to withhold specific details until most users have applied the fix, this announcement comes just days after Google addressed another zero-day vulnerability.

Update Your Chrome Browser to Address Critical 0-Day Vulnerability On June 18, 2021, Google announced the release of a significant update for its Chrome browser, applicable to Windows, Mac, and Linux systems, aimed at rectifying multiple security vulnerabilities. This update specifically targets four identified flaws, one of which is a…

Read More

Urgent: Update Your Chrome Browser to Address New 0-Day Vulnerability

June 18, 2021

Google has released an important update for the Chrome browser on Windows, Mac, and Linux to resolve four security vulnerabilities, including a critical zero-day flaw currently being exploited. This issue, identified as CVE-2021-30554, is a high-severity “use after free” vulnerability in WebGL (Web Graphics Library), which is a JavaScript API used for rendering interactive 2D and 3D graphics in the browser. Exploiting this flaw could lead to data corruption, crashes, and unauthorized execution of code or commands. Google received an anonymous report about the vulnerability on June 15, and Chrome technical program manager Srinivas Sista confirmed that the company is “aware that an exploit for CVE-2021-30554 exists in the wild.” While it’s standard practice to withhold specific details until most users have applied the fix, this announcement comes just days after Google addressed another zero-day vulnerability.

Twitter Breached: 250,000 Accounts Compromised in Unauthorized Access

Feb 02, 2013

Recent updates from The Hacker News highlight several significant hacking incidents, including cyber attacks targeting The New York Times and Wall Street Journal by Chinese hackers, vulnerabilities in the UPnP protocol, a botnet attack compromising 16,000 Facebook accounts, and the hacking of 700,000 accounts in Africa along with a new Android malware affecting over 620,000 users.

Today, Twitter has reported unusual access patterns indicative of unauthorized attempts to access user data. This week, hackers breached Twitter, potentially gaining access to usernames, email addresses, session tokens, and encrypted/salted password versions for approximately 250,000 accounts. “The attackers may have had access to limited user information,” stated Bob Lord, Twitter’s Director of Information Security. In light of this breach, Twitter has implemented security measures by resetting passwords and revoking session tokens for affected accounts.

Twitter Suffers Security Breach; 250,000 Accounts Exposed February 2, 2013 In a significant cybersecurity incident, Twitter has reported a breach that compromises approximately 250,000 user accounts. The social media giant identified unusual access patterns in its system, indicating unauthorized attempts to gather sensitive user data. According to Bob Lord, Twitter’s…

Read More

Twitter Breached: 250,000 Accounts Compromised in Unauthorized Access

Feb 02, 2013

Recent updates from The Hacker News highlight several significant hacking incidents, including cyber attacks targeting The New York Times and Wall Street Journal by Chinese hackers, vulnerabilities in the UPnP protocol, a botnet attack compromising 16,000 Facebook accounts, and the hacking of 700,000 accounts in Africa along with a new Android malware affecting over 620,000 users.

Today, Twitter has reported unusual access patterns indicative of unauthorized attempts to access user data. This week, hackers breached Twitter, potentially gaining access to usernames, email addresses, session tokens, and encrypted/salted password versions for approximately 250,000 accounts. “The attackers may have had access to limited user information,” stated Bob Lord, Twitter’s Director of Information Security. In light of this breach, Twitter has implemented security measures by resetting passwords and revoking session tokens for affected accounts.

MixShell Malware Exploits Contact Forms to Target U.S. Supply Chain Manufacturers

Date: Aug 26, 2025
Categories: Enterprise Security / Artificial Intelligence

Cybersecurity experts are highlighting a complex social engineering initiative aimed at crucial supply chain manufacturing firms, deploying in-memory malware known as MixShell. This campaign, dubbed “ZipLine” by Check Point Research, circumvents traditional phishing tactics by initiating contact through companies’ public “Contact Us” forms. Attackers deceive employees into engaging in what appears to be a legitimate communication. According to Check Point’s statement to The Hacker News, these interactions can span several weeks, often involving fabricated non-disclosure agreements before the attackers deliver a weaponized ZIP file containing the stealthy MixShell malware. The attacks have impacted various organizations across multiple sectors, with a particular focus on U.S. manufacturers in industrial fields such as machinery, metalworking, component production, and engine manufacturing.

MixShell Malware Campaign Targets U.S. Supply Chain Manufacturers via Contact Forms August 26, 2025 Enterprise Security / Artificial Intelligence Cybersecurity experts have drawn attention to a sophisticated social engineering operation known as ZipLine, which is specifically aimed at U.S. supply chain manufacturers. This campaign employs a stealthy in-memory malware called…

Read More

MixShell Malware Exploits Contact Forms to Target U.S. Supply Chain Manufacturers

Date: Aug 26, 2025
Categories: Enterprise Security / Artificial Intelligence

Cybersecurity experts are highlighting a complex social engineering initiative aimed at crucial supply chain manufacturing firms, deploying in-memory malware known as MixShell. This campaign, dubbed “ZipLine” by Check Point Research, circumvents traditional phishing tactics by initiating contact through companies’ public “Contact Us” forms. Attackers deceive employees into engaging in what appears to be a legitimate communication. According to Check Point’s statement to The Hacker News, these interactions can span several weeks, often involving fabricated non-disclosure agreements before the attackers deliver a weaponized ZIP file containing the stealthy MixShell malware. The attacks have impacted various organizations across multiple sectors, with a particular focus on U.S. manufacturers in industrial fields such as machinery, metalworking, component production, and engine manufacturing.

NVIDIA Jetson Chipsets Vulnerable to Critical Security Flaws

On June 22, 2021, U.S. graphics chip manufacturer NVIDIA issued software updates to patch 26 vulnerabilities in its Jetson system-on-module (SOM) lineup. These flaws could allow attackers to escalate privileges and potentially cause denial-of-service or information disclosure issues. Ranging from CVE‑2021‑34372 to CVE‑2021‑34397, the vulnerabilities impact several Jetson products, including the TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano, as well as the Nano 2GB, all running Jetson Linux versions prior to 32.5.1. The issues were reported by Frédéric Perriot of Apple Media Products. NVIDIA’s Jetson line is designed for AI and computer vision applications, catering primarily to autonomous systems and mobile robots. A major concern is CVE‑2021‑34372, a buffer overflow vulnerability in the Trusty trusted execution environment (TEE) with a CVSS score of 8.2.

NVIDIA Jetson Chipsets Vulnerable to Critical Security Flaws On June 22, 2021, NVIDIA, a prominent player in the graphics chip industry, announced the release of critical software updates aimed at mitigating 26 vulnerabilities within its Jetson system-on-module (SOM) series. These vulnerabilities could potentially be exploited by malicious actors to escalate…

Read More

NVIDIA Jetson Chipsets Vulnerable to Critical Security Flaws

On June 22, 2021, U.S. graphics chip manufacturer NVIDIA issued software updates to patch 26 vulnerabilities in its Jetson system-on-module (SOM) lineup. These flaws could allow attackers to escalate privileges and potentially cause denial-of-service or information disclosure issues. Ranging from CVE‑2021‑34372 to CVE‑2021‑34397, the vulnerabilities impact several Jetson products, including the TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano, as well as the Nano 2GB, all running Jetson Linux versions prior to 32.5.1. The issues were reported by Frédéric Perriot of Apple Media Products. NVIDIA’s Jetson line is designed for AI and computer vision applications, catering primarily to autonomous systems and mobile robots. A major concern is CVE‑2021‑34372, a buffer overflow vulnerability in the Trusty trusted execution environment (TEE) with a CVSS score of 8.2.