The Breach News

Webinar: Harmonize Dev, Sec, and Ops Teams with a Unified Playbook

Date: August 29, 2025
Topic: Cloud Security / Generative AI

Imagine this: your team deploys new code, confident everything is perfect. But hidden within is a minor flaw that spirals into a major crisis once it reaches the cloud. Suddenly, hackers infiltrate your system, resulting in costly damages that can amount to millions. Frightening, right? In 2025, the average data breach will set businesses back around $4.44 million globally. A significant portion of these issues arises from app security oversights, such as web attacks that compromise credentials and cause chaos.

If you’re part of the dev, ops, or security teams, you’ve likely experienced this stress—constant alerts, disputes over accountability, and slow fixes. But it doesn’t have to be this way. What if you could detect risks early, from the moment code is written to its operation in the cloud? That’s the power of code-to-cloud visibility, transforming how proactive teams manage app security.

Join our upcoming webinar, “Code-to-Cloud…

Webinar Announcement: Unifying Dev, Sec, and Ops Teams with a Comprehensive Playbook Date: August 29, 2025 Focus: Cloud Security and Generative AI In today’s rapidly evolving digital landscape, even minor coding errors can lead to significant cybersecurity breaches. Imagine deploying new software code with high hopes, only to discover that…

Read More

Webinar: Harmonize Dev, Sec, and Ops Teams with a Unified Playbook

Date: August 29, 2025
Topic: Cloud Security / Generative AI

Imagine this: your team deploys new code, confident everything is perfect. But hidden within is a minor flaw that spirals into a major crisis once it reaches the cloud. Suddenly, hackers infiltrate your system, resulting in costly damages that can amount to millions. Frightening, right? In 2025, the average data breach will set businesses back around $4.44 million globally. A significant portion of these issues arises from app security oversights, such as web attacks that compromise credentials and cause chaos.

If you’re part of the dev, ops, or security teams, you’ve likely experienced this stress—constant alerts, disputes over accountability, and slow fixes. But it doesn’t have to be this way. What if you could detect risks early, from the moment code is written to its operation in the cloud? That’s the power of code-to-cloud visibility, transforming how proactive teams manage app security.

Join our upcoming webinar, “Code-to-Cloud…

Israeli Company Aided Governments in Targeting Journalists and Activists with Zero-Day Exploits and Spyware

Two recently patched zero-day vulnerabilities in Windows, addressed in Microsoft’s Patch Tuesday update, were reportedly exploited by the Israeli firm Candiru in a series of targeted attacks on over 100 journalists, academics, activists, and political dissidents worldwide. This spyware vendor has also been identified by Google’s Threat Analysis Group (TAG) as having exploited various zero-day vulnerabilities in the Chrome browser to compromise targets in Armenia, according to a report by the University of Toronto’s Citizen Lab. Citizen Lab researchers noted that “Candiru’s widespread presence and the use of its surveillance technology against global civil society highlight the significant risks posed by the mercenary spyware industry, which is rife with potential for abuse.”

Israeli Company Utilizes Zero-Day Exploits to Target Journalists and Activists On July 16, 2021, revelations emerged regarding the actions of Candiru, an Israeli surveillance firm, which is reported to have employed two zero-day vulnerabilities in Windows. These flaws were addressed in Microsoft’s recent Patch Tuesday update and were allegedly used…

Read More

Israeli Company Aided Governments in Targeting Journalists and Activists with Zero-Day Exploits and Spyware

Two recently patched zero-day vulnerabilities in Windows, addressed in Microsoft’s Patch Tuesday update, were reportedly exploited by the Israeli firm Candiru in a series of targeted attacks on over 100 journalists, academics, activists, and political dissidents worldwide. This spyware vendor has also been identified by Google’s Threat Analysis Group (TAG) as having exploited various zero-day vulnerabilities in the Chrome browser to compromise targets in Armenia, according to a report by the University of Toronto’s Citizen Lab. Citizen Lab researchers noted that “Candiru’s widespread presence and the use of its surveillance technology against global civil society highlight the significant risks posed by the mercenary spyware industry, which is rife with potential for abuse.”

Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Internet Explorer 8 Zero-Day Exploit Expands to Nine Additional Websites May 8, 2013 A zero-day exploit targeting Internet Explorer 8 has spread beyond its initial attack, impacting nine more websites over the weekend. This includes a significant European corporation in the aerospace, defense, and security sectors, along with various non-profit…

Read More

Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

Attackers Exploit Velociraptor Forensic Tool to Deploy Visual Studio Code for Command-and-Control Tunneling On August 30, 2025, cybersecurity experts unveiled a concerning cyber attack involving the exploitation of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident highlights a troubling trend where legitimate software is misused for nefarious…

Read More

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

China Enacts New Law Mandating Prompt Disclosure of Zero-Day Vulnerabilities On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stringent regulations regarding the disclosure of cybersecurity vulnerabilities. Under the newly established “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are now required to…

Read More

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

New Malware Uncovered Linked to Chinese Cybercriminals Targeting Southeast Asian Gaming Sector May 10, 2013 Recent findings by researchers at Trend Micro reveal a sophisticated form of malware associated with the Winnti group, a well-known Chinese cybercriminal organization. This backdoor malware primarily targets organizations within the Southeast Asian video gaming…

Read More

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

Rethinking Browser Security: Addressing the Threats Posed by Scattered Spider

As businesses increasingly rely on browser-based operations, security teams are confronted with escalating cyber threats. Today, over 80% of security incidents stem from web applications accessed through browsers like Chrome, Edge, and Firefox. A particularly agile adversary known as Scattered Spider (also identified as UNC3944, Octo Tempest, or Muddled Libra) has emerged, targeting sensitive data within these browsers. Unlike infamous cybercriminal groups such as Lazarus Group, Fancy Bear, and REvil, Scattered Spider has honed its methods over the past two years, focusing on the human element and browser environments. If critical information—like your calendar, login credentials, or security tokens—resides in your browser tabs, Scattered Spider is poised to seize it. This article will delve into the attack techniques employed by Scattered Spider and outline strategies to defend against them.

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider As businesses increasingly rely on web-based operations, security professionals are confronted with a mounting array of cyber threats. A startling statistic reveals that over 80% of security incidents now stem from web applications accessed through popular browsers such as…

Read More

Rethinking Browser Security: Addressing the Threats Posed by Scattered Spider

As businesses increasingly rely on browser-based operations, security teams are confronted with escalating cyber threats. Today, over 80% of security incidents stem from web applications accessed through browsers like Chrome, Edge, and Firefox. A particularly agile adversary known as Scattered Spider (also identified as UNC3944, Octo Tempest, or Muddled Libra) has emerged, targeting sensitive data within these browsers. Unlike infamous cybercriminal groups such as Lazarus Group, Fancy Bear, and REvil, Scattered Spider has honed its methods over the past two years, focusing on the human element and browser environments. If critical information—like your calendar, login credentials, or security tokens—resides in your browser tabs, Scattered Spider is poised to seize it. This article will delve into the attack techniques employed by Scattered Spider and outline strategies to defend against them.