The Breach News

Citrix Addresses Three NetScaler Vulnerabilities, Alerts on Active Exploitation of CVE-2025-7775

Date: August 26, 2025
Focus: Vulnerability / Remote Code Execution

Citrix has issued patches for three security vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that is currently being actively exploited. The vulnerabilities are as follows:

  • CVE-2025-7775 (CVSS score: 9.2): Memory overflow vulnerability resulting in Remote Code Execution and/or Denial-of-Service.
  • CVE-2025-7776 (CVSS score: 8.8): Memory overflow issue causing unpredictable behavior and potential Denial-of-Service.
  • CVE-2025-8424 (CVSS score: 8.7): Improper access control on the NetScaler Management Interface.

Citrix noted that there have been observed exploits of CVE-2025-7775 on unmitigated devices but did not provide further specifics. However, certain conditions must be met for the vulnerabilities to be exploited.

For CVE-2025-7775, the NetScaler must be set up as a Gateway (including VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. Affected versions include NetScaler ADC and NetScaler Gateway 13.1, 14.1…

Citrix Addresses Critical NetScaler Vulnerabilities Amid Active Exploitation On August 26, 2025, Citrix announced the availability of patches designed to mitigate three significant security vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products. Notably, one of these vulnerabilities, identified as CVE-2025-7775, has been confirmed as being actively exploited in the…

Read More

Citrix Addresses Three NetScaler Vulnerabilities, Alerts on Active Exploitation of CVE-2025-7775

Date: August 26, 2025
Focus: Vulnerability / Remote Code Execution

Citrix has issued patches for three security vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that is currently being actively exploited. The vulnerabilities are as follows:

  • CVE-2025-7775 (CVSS score: 9.2): Memory overflow vulnerability resulting in Remote Code Execution and/or Denial-of-Service.
  • CVE-2025-7776 (CVSS score: 8.8): Memory overflow issue causing unpredictable behavior and potential Denial-of-Service.
  • CVE-2025-8424 (CVSS score: 8.7): Improper access control on the NetScaler Management Interface.

Citrix noted that there have been observed exploits of CVE-2025-7775 on unmitigated devices but did not provide further specifics. However, certain conditions must be met for the vulnerabilities to be exploited.

For CVE-2025-7775, the NetScaler must be set up as a Gateway (including VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. Affected versions include NetScaler ADC and NetScaler Gateway 13.1, 14.1…

Critical Authentication Bypass Vulnerability Discovered in VMware Carbon Black App Control

June 24, 2021
VMware has released security updates addressing a significant vulnerability in Carbon Black App Control that could allow attackers to bypass authentication and potentially take control of affected systems. Labeled CVE-2021-21998, this flaw has received a severity score of 9.4 out of 10 according to the Common Vulnerability Scoring System (CVSS). It impacts App Control versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. Carbon Black App Control serves as a security measure to protect critical systems and servers from unauthorized changes amidst cyber threats while ensuring compliance with regulations like PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. “An attacker with network access to the VMware Carbon Black App Control management server may gain administrative access without needing authentication,” the California-based cloud computing and virtualization company stated in a recent advisory.

VMware Addresses Serious Authentication Flaw in Carbon Black App Control On June 24, 2021, VMware announced the release of critical security updates designed to remediate a significant vulnerability in its Carbon Black App Control software. This flaw, designated as CVE-2021-21998, boasts a severity rating of 9.4 out of 10 according…

Read More

Critical Authentication Bypass Vulnerability Discovered in VMware Carbon Black App Control

June 24, 2021
VMware has released security updates addressing a significant vulnerability in Carbon Black App Control that could allow attackers to bypass authentication and potentially take control of affected systems. Labeled CVE-2021-21998, this flaw has received a severity score of 9.4 out of 10 according to the Common Vulnerability Scoring System (CVSS). It impacts App Control versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. Carbon Black App Control serves as a security measure to protect critical systems and servers from unauthorized changes amidst cyber threats while ensuring compliance with regulations like PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. “An attacker with network access to the VMware Carbon Black App Control management server may gain administrative access without needing authentication,” the California-based cloud computing and virtualization company stated in a recent advisory.

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

Microsoft Falls Victim to Cyber Attack Date: February 23, 2013 In a significant cybersecurity breach, Microsoft has confirmed that it has become the latest target of a sophisticated cyber attack, affecting a limited number of its computers, including those within its Mac software division. The company reported that these systems…

Read More

Microsoft Falls Victim to Cyber Attack

Feb 23, 2013

Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…

Salesloft OAuth Breach Through Drift AI Chat Agent Compromises Salesforce Customer Data

August 27, 2025
Cloud Security / Threat Intelligence

A significant data breach has targeted the sales automation platform Salesloft, allowing hackers to steal OAuth and refresh tokens linked to the Drift AI chat agent. This opportunistic attack has been connected to a threat group identified by Google Threat Intelligence Group (GTIG) and Mandiant, known as UNC6395. GTIG has reported over 700 potentially affected organizations. According to researchers Austin Larsen, Matt Lin, Tyler McLellan, and Omar ElAhdan, the attacks began as early as August 8, 2025, and continued until at least August 18, 2025, focusing on Salesforce customer accounts through the compromised Salesloft Drift application. The hackers have been seen exporting large volumes of data from various corporate Salesforce instances, likely in an effort to harvest credentials for further exploitation.

Salesloft OAuth Breach through Drift AI Chat Agent Affects Salesforce Customer Data August 27, 2025 In a significant cybersecurity incident, a data breach involving the sales automation service Salesloft has led to the compromise of OAuth and refresh tokens linked to the Drift artificial intelligence chat agent. This incident appears…

Read More

Salesloft OAuth Breach Through Drift AI Chat Agent Compromises Salesforce Customer Data

August 27, 2025
Cloud Security / Threat Intelligence

A significant data breach has targeted the sales automation platform Salesloft, allowing hackers to steal OAuth and refresh tokens linked to the Drift AI chat agent. This opportunistic attack has been connected to a threat group identified by Google Threat Intelligence Group (GTIG) and Mandiant, known as UNC6395. GTIG has reported over 700 potentially affected organizations. According to researchers Austin Larsen, Matt Lin, Tyler McLellan, and Omar ElAhdan, the attacks began as early as August 8, 2025, and continued until at least August 18, 2025, focusing on Salesforce customer accounts through the compromised Salesloft Drift application. The hackers have been seen exporting large volumes of data from various corporate Salesforce instances, likely in an effort to harvest credentials for further exploitation.

Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Security Flaw in Microsoft Edge Could Have Exposed User Data Across Websites June 28, 2021 Microsoft recently issued updates to its Edge browser addressing two critical security vulnerabilities. Among these is a significant security bypass flaw that has raised concerns regarding the potential for malicious actors to inject and execute…

Read More

Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Researchers Disclose PoC Exploit for Critical Windows RCE Vulnerability On June 30, 2021, news emerged regarding the brief online availability of a proof-of-concept (PoC) exploit linked to a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service. This vulnerability, cataloged as CVE-2021-1675, was identified as potentially allowing…

Read More

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Title: Cyber Attack Disrupts Pakistan Government Servers Following Security Breach

Date: March 11, 2013

Today, a cyber attack targeted Pakistan’s government servers, causing significant disruptions to various official websites, including those of the Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs and Statistics, and several others. The hacker, known as ‘Godzilla’, claimed responsibility for the breach, citing the government’s alleged support for terrorist activities as the motivation behind the attack. “I’ve gone after all network infrastructure because they deserve it; my focus is solely on government sites, not innocent ones,” he stated.

Despite Pakistani officials being aware of the threats posed by new viruses and malware, their reliance on a proxy server (http://202.83.164.6/) to protect their systems fell short due to inadequate cybersecurity measures, ultimately leading to a successful breach.

Pakistan Government Servers Compromised Following Cyber Attack March 11, 2013 In a significant cybersecurity incident, several official websites of Pakistan’s government have experienced outages due to a cyberattack. Key ministries, including the Ministry of Information Technology, the Ministry of Railways, the Ministry of Economic Affairs and Statistics, the Ministry of…

Read More

Title: Cyber Attack Disrupts Pakistan Government Servers Following Security Breach

Date: March 11, 2013

Today, a cyber attack targeted Pakistan’s government servers, causing significant disruptions to various official websites, including those of the Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs and Statistics, and several others. The hacker, known as ‘Godzilla’, claimed responsibility for the breach, citing the government’s alleged support for terrorist activities as the motivation behind the attack. “I’ve gone after all network infrastructure because they deserve it; my focus is solely on government sites, not innocent ones,” he stated.

Despite Pakistani officials being aware of the threats posed by new viruses and malware, their reliance on a proxy server (http://202.83.164.6/) to protect their systems fell short due to inadequate cybersecurity measures, ultimately leading to a successful breach.

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

ShadowSilk Launches Targeted Cyber Assaults on 35 Organizations Across Central Asia and APAC In a concerning development within the cybersecurity landscape, a threat activity cluster identified as ShadowSilk has executed a series of targeted cyberattacks against government organizations in Central Asia and the Asia-Pacific (APAC) region. The security firm Group-IB…

Read More

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.