The Breach News

Docker Addresses Critical Container Escape Vulnerability CVE-2025-9074 with CVSS Score of 9.3

August 25, 2025
Container Security / Vulnerability

Docker has released updates to fix a serious security vulnerability in the Docker Desktop application for Windows and macOS. This security flaw, identified as CVE-2025-9074, has a CVSS score of 9.3 out of 10.0, indicating its severity. The issue has been resolved in version 4.44.3. According to Docker’s advisory from last week, “A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without needing the Docker socket to be mounted.” This could result in unauthorized access to user files on the host system, and Enhanced Container Isolation (ECI) does not provide mitigation for this vulnerability. Security researcher Felix Boulet notes that the vulnerability stems from a container’s ability to connect to the Docker Engine API at 192.168.65[.]7:2375 without requiring any authentication, which could lead to a scenario where a privileged container can…

Docker Addresses Critical Container Escape Vulnerability (CVE-2025-9074) with High CVSS Score August 25, 2025 In a significant cybersecurity development, Docker has released updates to rectify a critical vulnerability in its Desktop application for Windows and macOS. Known as CVE-2025-9074, this security flaw poses a severe risk, allowing potential attackers to…

Read More

Docker Addresses Critical Container Escape Vulnerability CVE-2025-9074 with CVSS Score of 9.3

August 25, 2025
Container Security / Vulnerability

Docker has released updates to fix a serious security vulnerability in the Docker Desktop application for Windows and macOS. This security flaw, identified as CVE-2025-9074, has a CVSS score of 9.3 out of 10.0, indicating its severity. The issue has been resolved in version 4.44.3. According to Docker’s advisory from last week, “A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without needing the Docker socket to be mounted.” This could result in unauthorized access to user files on the host system, and Enhanced Container Isolation (ECI) does not provide mitigation for this vulnerability. Security researcher Felix Boulet notes that the vulnerability stems from a container’s ability to connect to the Docker Engine API at 192.168.65[.]7:2375 without requiring any authentication, which could lead to a scenario where a privileged container can…

10 Major Vulnerabilities Identified in CODESYS Industrial Automation Software

Cybersecurity researchers revealed ten significant flaws in CODESYS automation software that could allow remote code execution on programmable logic controllers (PLCs). According to experts from Positive Technologies, an attacker requires only network access to exploit these vulnerabilities—no username or password is necessary. The root cause lies in inadequate input data verification, often due to non-adherence to secure development practices. The Russian cybersecurity firm identified these flaws in a PLC produced by WAGO, which, along with other automation companies like Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, utilizes CODESYS software for programming and configuring their controllers. CODESYS provides a development environment for programming controller applications.

Critical Vulnerabilities Discovered in CODESYS Automation Software On June 4, 2021, cybersecurity experts released alarming findings regarding multiple vulnerabilities in CODESYS industrial automation software. These vulnerabilities, numbering up to ten, pose significant risks as they can potentially be exploited to enable remote code execution on programmable logic controllers (PLCs). According…

Read More

10 Major Vulnerabilities Identified in CODESYS Industrial Automation Software

Cybersecurity researchers revealed ten significant flaws in CODESYS automation software that could allow remote code execution on programmable logic controllers (PLCs). According to experts from Positive Technologies, an attacker requires only network access to exploit these vulnerabilities—no username or password is necessary. The root cause lies in inadequate input data verification, often due to non-adherence to secure development practices. The Russian cybersecurity firm identified these flaws in a PLC produced by WAGO, which, along with other automation companies like Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, utilizes CODESYS software for programming and configuring their controllers. CODESYS provides a development environment for programming controller applications.

Malware Breach at US Power Plants via Infected USB Drives

Date: January 16, 2013

The US Department of Homeland Security’s Cyber Emergency Response Team has issued a report detailing the compromise of two American electrical power plants late last year, highlighting significant electronic vulnerabilities. The report reveals that an unidentified malware infiltrated the control systems of the facilities through unprotected USB drives.

The contaminated USB drive reportedly connected to several machines within the power generation facility, leading investigators to discover advanced malware on two engineering workstations vital to controlling operations. While the report does not specify whether these computers had current antivirus software, it does indicate that updated systems would have detected the malware.

In a separate incident, another infection occurred in 10 computers within a turbine control system, also propagated via a USB drive. This incident caused significant downtime, delaying the plant’s restart by approximately three weeks.

Malware Breach Targets U.S. Power Plants via USB Drives In a troubling revelation, the U.S. Department of Homeland Security’s Cyber Emergency Response Team has reported that two American electrical power plants fell victim to malware attacks late last year. The incidents highlight significant electronic vulnerabilities within critical infrastructure systems, particularly…

Read More

Malware Breach at US Power Plants via Infected USB Drives

Date: January 16, 2013

The US Department of Homeland Security’s Cyber Emergency Response Team has issued a report detailing the compromise of two American electrical power plants late last year, highlighting significant electronic vulnerabilities. The report reveals that an unidentified malware infiltrated the control systems of the facilities through unprotected USB drives.

The contaminated USB drive reportedly connected to several machines within the power generation facility, leading investigators to discover advanced malware on two engineering workstations vital to controlling operations. While the report does not specify whether these computers had current antivirus software, it does indicate that updated systems would have detected the malware.

In a separate incident, another infection occurred in 10 computers within a turbine control system, also propagated via a USB drive. This incident caused significant downtime, delaying the plant’s restart by approximately three weeks.

Mozilla Leveraged Anthropic’s Mythos to Identify and Resolve 271 Bugs in Firefox

Mozilla’s Firefox 150 Release Enhances Cybersecurity with AI-Backed Protections Amidst the intensifying discourse on the implications of emerging AI technologies on cybersecurity, Mozilla has announced that its latest release of the Firefox browser—version 150—will incorporate robust defenses addressing 271 vulnerabilities. This significant upgrade leverages insights gained through early access to…

Read MoreMozilla Leveraged Anthropic’s Mythos to Identify and Resolve 271 Bugs in Firefox

UNC6384 Uses Captive Portal Hijacks and Valid Certificates for PlugX Deployment Targeting Diplomats

August 25, 2025
Malware / Cyber Espionage

A threat actor associated with China, known as UNC6384, has been linked to a series of attacks aimed at diplomats in Southeast Asia and various global entities to further Beijing’s strategic goals. “This complex attack chain employs sophisticated social engineering tactics, including the use of legitimate code signing certificates, adversary-in-the-middle (AitM) techniques, and indirect execution methods to bypass detection,” noted Patrick Whitsell from Google’s Threat Intelligence Group (GTIG). UNC6384 is believed to share resources and tactics with the well-known Chinese hacking group Mustang Panda, also identified by multiple aliases such as BASIN, Bronze President, and more. The campaign, identified by GTIG in March 2025, features a captive portal redirect to hijack web traffic and distribute a digitally signed downloader known as STATICPLUGIN. This downloader subsequently facilitates…

UNC6384 Employs PlugX via Captive Portal Hijacks and Credential Misuse Targeting Diplomats On August 25, 2025, Google Threat Intelligence Group (GTIG) uncovered a sophisticated cyber-espionage campaign attributed to a threat actor known as UNC6384. This group is believed to be aligned with Chinese interests and has been observed targeting diplomats…

Read More

UNC6384 Uses Captive Portal Hijacks and Valid Certificates for PlugX Deployment Targeting Diplomats

August 25, 2025
Malware / Cyber Espionage

A threat actor associated with China, known as UNC6384, has been linked to a series of attacks aimed at diplomats in Southeast Asia and various global entities to further Beijing’s strategic goals. “This complex attack chain employs sophisticated social engineering tactics, including the use of legitimate code signing certificates, adversary-in-the-middle (AitM) techniques, and indirect execution methods to bypass detection,” noted Patrick Whitsell from Google’s Threat Intelligence Group (GTIG). UNC6384 is believed to share resources and tactics with the well-known Chinese hacking group Mustang Panda, also identified by multiple aliases such as BASIN, Bronze President, and more. The campaign, identified by GTIG in March 2025, features a captive portal redirect to hijack web traffic and distribute a digitally signed downloader known as STATICPLUGIN. This downloader subsequently facilitates…

Instagram Bug Exposed Private Accounts, Allowing Unfettered Access to Archived Content

June 15, 2021

Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.

Instagram Security Vulnerability Exposed Private Accounts June 15, 2021 Instagram has recently addressed a significant security vulnerability that permitted unauthorized access to archived media from private accounts. This flaw allowed any individual to view posts and stories of users without needing to follow them, raising serious concerns about personal data…

Read More

Instagram Bug Exposed Private Accounts, Allowing Unfettered Access to Archived Content

June 15, 2021

Instagram has resolved a significant vulnerability that permitted anyone to access archived posts and stories from private accounts without needing to follow them. Security researcher Mayur Fartade revealed in a Medium post today that “this bug could have allowed a malicious user to view targeted media on Instagram.” By leveraging the Media ID, an attacker could see details of private posts, stories, reels, and IGTV videos without following the user. Fartade reported the issue to Facebook’s security team on April 16, 2021, and the flaw was patched on June 15, leading to a $30,000 reward for his efforts through the company’s bug bounty program. Although exploiting this vulnerability required knowledge of the media ID, Fartade demonstrated that by brute-forcing the identifiers, it was feasible to send a POST request to a GraphQL endpoint and access sensitive information. As a result of this flaw, details like likes, comments, and saves could have been exposed.

“Understanding the Hacker’s Mindset: A Reflection on Their Essential Role in Cybersecurity”

On January 25, 2013, the critical role of hackers in cybersecurity became increasingly recognized. Often viewed as a nightmare by security experts, these specialists possess invaluable knowledge that sheds light on the vulnerabilities in our infrastructures. To effectively protect systems, one must adopt a hacker’s perspective.

Hacking embodies a culture and lifestyle that often clashes with conventional business logic. True hackers are not solely motivated by financial gain; while money is important, their primary drive lies in challenging their own skills and continuously pushing their limits.

Fortunately, the government and private sectors have come to appreciate the importance of hackers, transforming their reputation from undesirable outcasts to highly sought-after professionals. Identifying vulnerabilities before malicious actors can exploit them is crucial, especially in an era where millions of people and devices are interconnected.

Unpacking the Evolving Role of Hackers in Cybersecurity January 25, 2013 In today’s digital landscape, the role of hackers has taken on unprecedented significance, particularly within the realm of cybersecurity. Once perceived as antagonists by security professionals, hackers have emerged as crucial allies in the relentless fight against cyber threats.…

Read More

“Understanding the Hacker’s Mindset: A Reflection on Their Essential Role in Cybersecurity”

On January 25, 2013, the critical role of hackers in cybersecurity became increasingly recognized. Often viewed as a nightmare by security experts, these specialists possess invaluable knowledge that sheds light on the vulnerabilities in our infrastructures. To effectively protect systems, one must adopt a hacker’s perspective.

Hacking embodies a culture and lifestyle that often clashes with conventional business logic. True hackers are not solely motivated by financial gain; while money is important, their primary drive lies in challenging their own skills and continuously pushing their limits.

Fortunately, the government and private sectors have come to appreciate the importance of hackers, transforming their reputation from undesirable outcasts to highly sought-after professionals. Identifying vulnerabilities before malicious actors can exploit them is crucial, especially in an era where millions of people and devices are interconnected.

Debunking the Myth: AES 128 Remains Secure in a Post-Quantum Era

Understanding the Misconceptions of Quantum Computing and Cryptography A prevalent belief among some cybersecurity professionals is that quantum computers threaten to significantly reduce the security of symmetric encryption keys, suggesting that 256-bit keys are necessary to maintain the same level of security as 128-bit keys. However, a detailed analysis challenges…

Read MoreDebunking the Myth: AES 128 Remains Secure in a Post-Quantum Era

ShadowCaptcha Targets WordPress Sites to Distribute Ransomware, Info Stealers, and Crypto Miners

August 26, 2025
Ransomware / Cryptojacking

A significant new campaign has been uncovered, impacting over 100 compromised WordPress sites. This initiative redirects visitors to fake CAPTCHA verification pages employing the ClickFix social engineering technique to disseminate information stealers, ransomware, and cryptocurrency miners. Dubbed ShadowCaptcha by the Israel National Digital Agency, this widespread cybercrime operation, first detected in August 2025, utilizes a combination of social engineering, living-off-the-land binaries (LOLBins), and multi-stage payload delivery to establish and sustain access to targeted systems. Researchers Shimi Cohen, Adi Pick, Idan Beit Yosef, Hila David, and Yaniv Goldman explain, “The ultimate aims of ShadowCaptcha include harvesting sensitive information through credential theft and browser data exfiltration, deploying cryptocurrency miners for illicit gains, and even initiating ransomware outbreaks.” The attacks commence when unsuspecting users visit a compromised site…

ShadowCaptcha Campaign Targets WordPress Sites to Distribute Ransomware and Theft Tools In a significant cybersecurity breach identified in late August 2025, over 100 compromised WordPress websites have been leveraged to funnel unsuspecting visitors to deceptive CAPTCHA verification pages. This campaign, dubbed ShadowCaptcha by the Israel National Digital Agency, employs the…

Read More

ShadowCaptcha Targets WordPress Sites to Distribute Ransomware, Info Stealers, and Crypto Miners

August 26, 2025
Ransomware / Cryptojacking

A significant new campaign has been uncovered, impacting over 100 compromised WordPress sites. This initiative redirects visitors to fake CAPTCHA verification pages employing the ClickFix social engineering technique to disseminate information stealers, ransomware, and cryptocurrency miners. Dubbed ShadowCaptcha by the Israel National Digital Agency, this widespread cybercrime operation, first detected in August 2025, utilizes a combination of social engineering, living-off-the-land binaries (LOLBins), and multi-stage payload delivery to establish and sustain access to targeted systems. Researchers Shimi Cohen, Adi Pick, Idan Beit Yosef, Hila David, and Yaniv Goldman explain, “The ultimate aims of ShadowCaptcha include harvesting sensitive information through credential theft and browser data exfiltration, deploying cryptocurrency miners for illicit gains, and even initiating ransomware outbreaks.” The attacks commence when unsuspecting users visit a compromised site…