The Breach News

Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain

Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.

Feds Dismantle $6.4M VerifTools Counterfeit ID Marketplace; Operators Quickly Restart on New Domain Authorities from the United States and the Netherlands have successfully shut down VerifTools, a highly illicit marketplace known for selling fake identity documents to cybercriminals worldwide. In a coordinated operation, agents seized two major domains—verif[.]tools and veriftools[.]net—along…

Read More

Feds Shut Down $6.4M VerifTools Fake ID Marketplace, Operators Quickly Relaunch on New Domain

Authorities from the Netherlands and the U.S. have successfully dismantled VerifTools, an illegal marketplace supplying counterfeit identity documents to cybercriminals globally. The operation resulted in the seizure of two website domains and a related blog, which now redirect users to a notice about the FBI’s enforcement action under a U.S. District Court warrant. However, just days later, the platform’s operators announced a relaunch at “veriftools.com.” The domain, registered in 2018, now raises questions regarding its administrators’ identities.

Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus

April 27, 2013

Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.

Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.

Suspected Hacker Arrested in Connection with Largest DDoS Attack on Spamhaus April 27, 2013 In a significant development for cybersecurity, Dutch law enforcement authorities have confirmed the arrest of a 35-year-old man believed to be involved in the largest Distributed Denial of Service (DDoS) attack in history, which targeted the…

Read More

Suspected Hacker Arrested in Connection with Historic DDoS Attack on Spamhaus

April 27, 2013

Dutch police have arrested a 35-year-old man linked to a colossal DDoS attack on the anti-spam organization Spamhaus that occurred in March. This attack, which peaked at over 300 Gbps, is recorded as the largest DDoS attack ever. Spamhaus, known for creating blacklists that identify spam sites for Internet Service Providers, experienced a severe disruption as its website was overwhelmed with traffic.

Following the attack, Spamhaus enlisted CloudFlare for protection against future threats. The arrest took place in Barcelona under a European arrest warrant, with plans for the suspect’s transfer to the Netherlands. The individual arrested is believed to be Sven Kamphuis, the owner of Dutch hosting company Cyberbunker, which has been connected to the attack. This incident is thought to have been triggered by Spamhaus blacklisting Cyberbunker.

Republican Revolt Derails Trump’s Efforts to Extend Warrantless Surveillance

Late-Night Legislative Maneuver Leads to Surveillance Program Setback In a dramatic turn of events, House Speaker Mike Johnson called a late-night vote on Friday focused on the contentious reauthorization of a surveillance program that has raised privacy concerns. This program, part of Section 702 of the Foreign Intelligence Surveillance Act,…

Read MoreRepublican Revolt Derails Trump’s Efforts to Extend Warrantless Surveillance

Click Studios Addresses Authentication Bypass Vulnerability in Passwordstate’s Emergency Access Page

Published: August 29, 2025 | Category: Vulnerability / Enterprise Security

Click Studios, the developer behind Passwordstate, an enterprise password management solution, has released critical security updates to fix an authentication bypass vulnerability in its software. This high-severity issue, yet to receive a CVE identifier, has been resolved in Passwordstate version 9.9 (Build 9972), launched on August 28, 2025. The Australian company reported that the update addresses a “potential Authentication Bypass” in the Emergency Access page when exploited with a specially crafted URL. Additionally, the latest version incorporates enhanced protections against possible clickjacking attacks targeting its browser extension, particularly if users navigate to compromised sites. These enhancements likely respond to insights from security researcher Marek Tóth, who recently revealed a technique involving Document Object Model (DOM)-based extension clickjacking affecting various password manager browser add-ons.

Click Studios Addresses Critical Security Flaw in Passwordstate’s Emergency Access Feature On August 29, 2025, Click Studios, the developer behind the enterprise-level password management tool Passwordstate, announced the release of significant security updates aimed at resolving a high-severity authentication bypass vulnerability. This flaw, which has not yet been assigned a…

Read More

Click Studios Addresses Authentication Bypass Vulnerability in Passwordstate’s Emergency Access Page

Published: August 29, 2025 | Category: Vulnerability / Enterprise Security

Click Studios, the developer behind Passwordstate, an enterprise password management solution, has released critical security updates to fix an authentication bypass vulnerability in its software. This high-severity issue, yet to receive a CVE identifier, has been resolved in Passwordstate version 9.9 (Build 9972), launched on August 28, 2025. The Australian company reported that the update addresses a “potential Authentication Bypass” in the Emergency Access page when exploited with a specially crafted URL. Additionally, the latest version incorporates enhanced protections against possible clickjacking attacks targeting its browser extension, particularly if users navigate to compromised sites. These enhancements likely respond to insights from security researcher Marek Tóth, who recently revealed a technique involving Document Object Model (DOM)-based extension clickjacking affecting various password manager browser add-ons.

Microsoft Alerts Users to Unpatched Vulnerability in Windows Print Spooler

On July 16, 2021, Microsoft issued new guidance about a vulnerability in the Windows Print Spooler service, stating that it is working on a fix for an upcoming security update. Identified as CVE-2021-34481 (CVSS score: 7.8), this local privilege escalation flaw can be exploited for unauthorized actions on affected systems. The vulnerability was discovered and reported by security researcher Jacob Baines.

According to Microsoft’s advisory, “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could execute arbitrary code with SYSTEM privileges.” This would allow them to install software, access, modify, or delete data, and create new accounts with full user rights. It is important to note that successful exploitation requires the attacker to have specific conditions met.

Microsoft Issues Warning on Unpatched Print Spooler Vulnerability On July 16, 2021, Microsoft announced the emergence of a new vulnerability impacting the Windows Print Spooler service, raising alarms among cybersecurity circles. The company is currently working on a security update to address this issue, identified as CVE-2021-34481, which carries a…

Read More

Microsoft Alerts Users to Unpatched Vulnerability in Windows Print Spooler

On July 16, 2021, Microsoft issued new guidance about a vulnerability in the Windows Print Spooler service, stating that it is working on a fix for an upcoming security update. Identified as CVE-2021-34481 (CVSS score: 7.8), this local privilege escalation flaw can be exploited for unauthorized actions on affected systems. The vulnerability was discovered and reported by security researcher Jacob Baines.

According to Microsoft’s advisory, “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could execute arbitrary code with SYSTEM privileges.” This would allow them to install software, access, modify, or delete data, and create new accounts with full user rights. It is important to note that successful exploitation requires the attacker to have specific conditions met.

UK Banks Targeted by Ramnit Malware and Social Engineering Schemes

May 01, 2013

A menacing variant of the Ramnit malware has emerged, posing a threat to the UK’s financial sector. Trusteer has identified a sophisticated Trojan attack method that injects highly convincing, interactive real-time messages into the web session of users logging into UK online banking. Originally discovered in 2010, Ramnit evolved in 2011 when researchers noted its incorporation of source code from the notorious Zeus banking Trojan.

Cybercriminals are increasingly leveraging social engineering tactics to exploit the security moves made by online banking and e-commerce users. This malware reportedly remains undetected by entering an idle sleep mode until a victim accesses their online bank account. At that moment, it activates and displays a fraudulent phishing message. Furthermore, Ramnit has been shown to bypass the bank’s one-time password (OTP) feature through a ‘Man in the Browser’ attack.

UK Financial Sector Targeted by Evolving Ramnit Malware and Social Engineering Tactics May 1, 2013 The UK financial industry is confronting a significant cybersecurity threat as a variant of the Ramnit malware has been identified targeting its infrastructure. Security firm Trusteer has unveiled a sophisticated Trojan-based attack that injects highly…

Read More

UK Banks Targeted by Ramnit Malware and Social Engineering Schemes

May 01, 2013

A menacing variant of the Ramnit malware has emerged, posing a threat to the UK’s financial sector. Trusteer has identified a sophisticated Trojan attack method that injects highly convincing, interactive real-time messages into the web session of users logging into UK online banking. Originally discovered in 2010, Ramnit evolved in 2011 when researchers noted its incorporation of source code from the notorious Zeus banking Trojan.

Cybercriminals are increasingly leveraging social engineering tactics to exploit the security moves made by online banking and e-commerce users. This malware reportedly remains undetected by entering an idle sleep mode until a victim accesses their online bank account. At that moment, it activates and displays a fraudulent phishing message. Furthermore, Ramnit has been shown to bypass the bank’s one-time password (OTP) feature through a ‘Man in the Browser’ attack.

Recent Advances Bring Big Tech Closer to the Q-Day Risk Zone

In 2010, a sophisticated piece of malware dubbed Flame infiltrated Microsoft’s update distribution mechanism, impacting millions of Windows computers globally. It is believed that this malware was developed collaboratively by U.S. and Israeli intelligence agencies to compromise networks associated with the Iranian government. At the crux of this attack was…

Read MoreRecent Advances Bring Big Tech Closer to the Q-Day Risk Zone

Amazon Disrupts APT29’s Watering Hole Campaign Utilizing Microsoft Device Code Authentication

On August 29, 2025, in a significant security intervention, Amazon revealed it had identified and dismantled a watering hole campaign orchestrated by the Russia-linked APT29 group. This campaign exploited compromised websites to direct users towards malicious infrastructure, tricking them into authorizing attacker-controlled devices via Microsoft’s device code authentication process. Amazon’s Chief Information Security Officer, CJ Moses, provided insights into the threat. APT29, also known by aliases such as BlueBravo, Cozy Bear, and Midnight Blizzard, is a state-sponsored hacking group linked to Russia’s Foreign Intelligence Service (SVR). Recently, the group has been associated with attacks employing malicious Remote Desktop Protocol (RDP) configurations to target Ukrainian entities and extract sensitive information. As the year progresses, the adversary’s extensive targeting strategies continue to raise concerns.

Amazon Disrupts APT29 Watering Hole Campaign Exploiting Microsoft Device Code Authentication On August 29, 2025, Amazon disclosed its successful intervention in a watering hole campaign linked to the Russian cyber-espionage group APT29. This operation was characterized as opportunistic, aiming to gather intelligence by misleading users through compromised websites. These malicious…

Read More

Amazon Disrupts APT29’s Watering Hole Campaign Utilizing Microsoft Device Code Authentication

On August 29, 2025, in a significant security intervention, Amazon revealed it had identified and dismantled a watering hole campaign orchestrated by the Russia-linked APT29 group. This campaign exploited compromised websites to direct users towards malicious infrastructure, tricking them into authorizing attacker-controlled devices via Microsoft’s device code authentication process. Amazon’s Chief Information Security Officer, CJ Moses, provided insights into the threat. APT29, also known by aliases such as BlueBravo, Cozy Bear, and Midnight Blizzard, is a state-sponsored hacking group linked to Russia’s Foreign Intelligence Service (SVR). Recently, the group has been associated with attacks employing malicious Remote Desktop Protocol (RDP) configurations to target Ukrainian entities and extract sensitive information. As the year progresses, the adversary’s extensive targeting strategies continue to raise concerns.

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.

Update Your Chrome Browser to Address Critical Zero-Day Vulnerability On July 16, 2021, Google released an urgent security update for its Chrome browser, impacting users on Windows, Mac, and Linux systems. This update addresses multiple vulnerabilities, including a significant zero-day exploit that has reportedly been leveraged in real-world cyberattacks. According…

Read More

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.