The Breach News

Bharatiya Janata Party Website Hacked and Defaced by Anonymous Collective

September 19, 2012

The official website of the Bharatiya Janata Party (BJP.org) was hacked and defaced last night by members of the Anonymous Indian group. The hackers posted a series of messages and images expressing their disapproval of various government actions, including the approval of 51% FDI in multi-brand retail, the increase in diesel prices, corruption scandals, the cartoon controversy, and the Kudankulam Power Project.

They also called for public participation in the #OccupyIndiaground protest, scheduled for September 23, 2012 (this Sunday) at several key locations across India, including India Gate in Delhi, Freedom Park in Bangalore, Marine Beach in Chennai, Park Street Crossing in Kolkata, MG Road in Pune, and Subhash Park in Kochi.

The affected domains include:

Additionally, the group shared a YouTube video featuring a message from Anonymous, highlighting their concerns regarding the declining state of free speech in India and the government’s measures to restrict social media.

Bharatiya Janata Party Website Compromised by Anonymous Hackers On the evening of September 19, 2012, the official website of the Bharatiya Janata Party, BJP.org, fell victim to a cyberattack attributed to a group associated with Anonymous. This incident involved a significant defacement of the site, during which hackers displayed a…

Read More

Bharatiya Janata Party Website Hacked and Defaced by Anonymous Collective

September 19, 2012

The official website of the Bharatiya Janata Party (BJP.org) was hacked and defaced last night by members of the Anonymous Indian group. The hackers posted a series of messages and images expressing their disapproval of various government actions, including the approval of 51% FDI in multi-brand retail, the increase in diesel prices, corruption scandals, the cartoon controversy, and the Kudankulam Power Project.

They also called for public participation in the #OccupyIndiaground protest, scheduled for September 23, 2012 (this Sunday) at several key locations across India, including India Gate in Delhi, Freedom Park in Bangalore, Marine Beach in Chennai, Park Street Crossing in Kolkata, MG Road in Pune, and Subhash Park in Kochi.

The affected domains include:

Additionally, the group shared a YouTube video featuring a message from Anonymous, highlighting their concerns regarding the declining state of free speech in India and the government’s measures to restrict social media.

Exploitation of Apache ActiveMQ Vulnerability Leads to DripDropper Malware Deployment on Cloud Linux Systems

August 19, 2025
Linux / Malware

Threat actors are leveraging a nearly two-year-old security vulnerability in Apache ActiveMQ to gain persistent access to cloud-based Linux systems and install the DripDropper malware. In an unexpected turn, these unidentified attackers have been seen patching the exploited vulnerability after gaining access, likely to prevent further exploitation by others and to evade detection, according to a report from Red Canary shared with The Hacker News. “Follow-on command-and-control (C2) tools varied by endpoint and included Sliver and Cloudflare Tunnels, allowing for covert long-term control,” researchers Christina Johns, Chris Brook, and Tyler Edmonds noted.

The attacks exploit a critical security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS score: 10.0), a remote code execution vulnerability that enables the execution of arbitrary shell commands. This issue was addressed in late October 2023 but has since faced significant exploitation.

Exploitation of Apache ActiveMQ Vulnerability Leads to DripDropper Malware Deployment on Cloud Linux Systems August 19, 2025 In a troubling development for cybersecurity, threat actors are leveraging a significant vulnerability in Apache ActiveMQ, which has been known for nearly two years, to compromise cloud-based Linux systems. Their primary aim is…

Read More

Exploitation of Apache ActiveMQ Vulnerability Leads to DripDropper Malware Deployment on Cloud Linux Systems

August 19, 2025
Linux / Malware

Threat actors are leveraging a nearly two-year-old security vulnerability in Apache ActiveMQ to gain persistent access to cloud-based Linux systems and install the DripDropper malware. In an unexpected turn, these unidentified attackers have been seen patching the exploited vulnerability after gaining access, likely to prevent further exploitation by others and to evade detection, according to a report from Red Canary shared with The Hacker News. “Follow-on command-and-control (C2) tools varied by endpoint and included Sliver and Cloudflare Tunnels, allowing for covert long-term control,” researchers Christina Johns, Chris Brook, and Tyler Edmonds noted.

The attacks exploit a critical security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS score: 10.0), a remote code execution vulnerability that enables the execution of arbitrary shell commands. This issue was addressed in late October 2023 but has since faced significant exploitation.

Urgent: High-Severity RCE Vulnerability Discovered in Apache OFBiz ERP Software – Immediate Patch Required

On March 22, 2021, the Apache Software Foundation disclosed a critical vulnerability in Apache OFBiz that poses a significant risk. Tracked as CVE-2021-26295, this flaw allows unauthenticated attackers to potentially take remote control of the open-source enterprise resource planning (ERP) system. It impacts all versions prior to 17.12.06 and involves an “unsafe deserialization” vulnerability that enables remote code execution on susceptible servers.

Apache OFBiz is a Java-based web framework designed for automating various enterprise processes, including accounting, customer relationship management, manufacturing, order management, supply chain fulfillment, and warehouse management. By exploiting this vulnerability, an attacker can manipulate serialized data to introduce arbitrary code. Once deserialized, this code can lead to unauthorized remote execution. It is crucial for users to implement the necessary patches immediately.

Critical Remote Code Execution Vulnerability Discovered in Apache OFBiz ERP Software—Immediate Patch Recommended On March 22, 2021, the Apache Software Foundation reported a critical vulnerability in the Apache OFBiz enterprise resource planning (ERP) system that poses significant risks to users. Identified as CVE-2021-26295, this high-severity flaw could potentially enable an…

Read More

Urgent: High-Severity RCE Vulnerability Discovered in Apache OFBiz ERP Software – Immediate Patch Required

On March 22, 2021, the Apache Software Foundation disclosed a critical vulnerability in Apache OFBiz that poses a significant risk. Tracked as CVE-2021-26295, this flaw allows unauthenticated attackers to potentially take remote control of the open-source enterprise resource planning (ERP) system. It impacts all versions prior to 17.12.06 and involves an “unsafe deserialization” vulnerability that enables remote code execution on susceptible servers.

Apache OFBiz is a Java-based web framework designed for automating various enterprise processes, including accounting, customer relationship management, manufacturing, order management, supply chain fulfillment, and warehouse management. By exploiting this vulnerability, an attacker can manipulate serialized data to introduce arbitrary code. Once deserialized, this code can lead to unauthorized remote execution. It is crucial for users to implement the necessary patches immediately.

9 Million PCs Compromised by ZeroAccess Botnet

In recent months, the Win32/Sirefef and Win64/Sirefef rootkit family, also known as the ZeroAccess Botnet, has significantly expanded its reach, infecting millions of computers worldwide. This botnet has updated its command and control protocols and now connects to over one million systems globally. Previously, it was noted for creating hidden partitions on hard drives and utilizing alternative data streams to conceal its presence. However, recent changes by its developers have shifted its infection tactics, moving away from kernel-mode components in the latest version. Security firms have been actively monitoring the increase in x64 version infections. SophosLabs has recently uncovered a significant change in the ZeroAccess botnet’s strategy, which now operates entirely in user-mode memory. Two distinct ZeroAccess botnets exist, each featuring both 32-bit and 64-bit versions, resulting in a total of four unique botnets. Each one operates independently, communicating through a specific hard-coded port number embedded in the bot executable.

Surge in ZeroAccess Botnet Infections: 9 Million PCs Compromised On September 19, 2012, alarming reports surfaced concerning the ZeroAccess botnet, a sophisticated rootkit family identified as Win32/Sirefef and Win64 This malware has undergone significant evolution, effectively updating its command and control protocols to infiltrate an estimated 9 million computers worldwide.…

Read More

9 Million PCs Compromised by ZeroAccess Botnet

In recent months, the Win32/Sirefef and Win64/Sirefef rootkit family, also known as the ZeroAccess Botnet, has significantly expanded its reach, infecting millions of computers worldwide. This botnet has updated its command and control protocols and now connects to over one million systems globally. Previously, it was noted for creating hidden partitions on hard drives and utilizing alternative data streams to conceal its presence. However, recent changes by its developers have shifted its infection tactics, moving away from kernel-mode components in the latest version. Security firms have been actively monitoring the increase in x64 version infections. SophosLabs has recently uncovered a significant change in the ZeroAccess botnet’s strategy, which now operates entirely in user-mode memory. Two distinct ZeroAccess botnets exist, each featuring both 32-bit and 64-bit versions, resulting in a total of four unique botnets. Each one operates independently, communicating through a specific hard-coded port number embedded in the bot executable.

FBI Alerts on FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage

Date: Aug 20, 2025 | Cyber Espionage / Vulnerability

A state-sponsored Russian hacking group, identified as Static Tundra, is exploiting a seven-year-old vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to targeted networks. Cisco Talos revealed that these attacks are primarily aimed at telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Potential victims are selected based on their “strategic interest” to Russia, with recent targets focusing on Ukraine and its allies amid the ongoing Russo-Ukrainian conflict. The exploited vulnerability, CVE-2018-0171 (CVSS score: 9.8), is a critical flaw in the Smart Install feature of Cisco software, which may allow unauthorized remote attackers to initiate denial-of-service (DoS) attacks or execute arbitrary code.

FBI Alerts to FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage On August 20, 2025, the FBI issued a warning regarding a Russian state-sponsored cyber espionage group known as Static Tundra. This group has been identified as exploiting a significant vulnerability in Cisco IOS and Cisco IOS XE software,…

Read More

FBI Alerts on FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage

Date: Aug 20, 2025 | Cyber Espionage / Vulnerability

A state-sponsored Russian hacking group, identified as Static Tundra, is exploiting a seven-year-old vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to targeted networks. Cisco Talos revealed that these attacks are primarily aimed at telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Potential victims are selected based on their “strategic interest” to Russia, with recent targets focusing on Ukraine and its allies amid the ongoing Russo-Ukrainian conflict. The exploited vulnerability, CVE-2018-0171 (CVSS score: 9.8), is a critical flaw in the Smart Install feature of Cisco software, which may allow unauthorized remote attackers to initiate denial-of-service (DoS) attacks or execute arbitrary code.

Critical Security Flaws Discovered in Netop Remote Learning Software

On March 22, 2021, cybersecurity researchers revealed significant vulnerabilities in the remote student monitoring tool, Netop Vision Pro. These weaknesses could potentially allow attackers to execute arbitrary code and gain control over Windows computers. The McAfee Labs Advanced Threat Research team warned that these vulnerabilities enable privilege escalation and could facilitate full access to students’ devices within the same network. The identified issues, labeled as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020. The Denmark-based company addressed these vulnerabilities in an update (version 9.7.2) released on February 25. According to Netop, this maintenance release resolved several security concerns, including local privilege escalation and transmitting sensitive data in plain text.

Vulnerabilities Discovered in Netop Remote Learning Software: A Cybersecurity Concern On March 22, 2021, cybersecurity researchers revealed multiple significant vulnerabilities in Netop Vision Pro, a widely used remote monitoring software for student oversight. These vulnerabilities could potentially allow malicious attackers to execute arbitrary code and gain control over Windows computers…

Read More

Critical Security Flaws Discovered in Netop Remote Learning Software

On March 22, 2021, cybersecurity researchers revealed significant vulnerabilities in the remote student monitoring tool, Netop Vision Pro. These weaknesses could potentially allow attackers to execute arbitrary code and gain control over Windows computers. The McAfee Labs Advanced Threat Research team warned that these vulnerabilities enable privilege escalation and could facilitate full access to students’ devices within the same network. The identified issues, labeled as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020. The Denmark-based company addressed these vulnerabilities in an update (version 9.7.2) released on February 25. According to Netop, this maintenance release resolved several security concerns, including local privilege escalation and transmitting sensitive data in plain text.

🔍 Webinar: Uncover and Manage Hidden AI Agents in Your Enterprise Before Hackers Do

📅 Aug 20, 2025
Category: Artificial Intelligence / Enterprise Security

Do you know how many AI agents are currently operating within your organization? If you’re uncertain, you’re not alone—and that’s a significant concern. Every day, AI agents are being deployed across various industries, often initiated by business units eager for quick results, rather than just by IT. This creates a scenario where agents operate unnoticed—without proper identification, ownership, or activity logs. Essentially, they remain invisible.

👉 Register now for “Shadow Agents and Silent Threats: Securing AI’s New Identity Frontier” to learn how to proactively address this escalating issue.

The Hidden Dangers of Shadow AI Agents

Shadow agents aren’t merely benign assistants. If compromised, they can navigate through systems effortlessly, accessing sensitive data or elevating privileges at machine speed. Unlike humans, they are relentless, working around the clock without hesitation.

The reality is that most security programs weren’t designed to handle this challenge. They focus on managing people, not autonomous software agents. As the use of AI continues to rise, these circumstances pose a significant threat.

Webinar Announcement: Identifying and Managing Shadow AI Agents in Your Organization Before Threat Actors Do Date: August 20, 2025 Sector: Artificial Intelligence / Enterprise Security In today’s fast-paced digital landscape, the presence of artificial intelligence (AI) agents within organizations raises critical security concerns. Many business leaders are uncertain about how…

Read More

🔍 Webinar: Uncover and Manage Hidden AI Agents in Your Enterprise Before Hackers Do

📅 Aug 20, 2025
Category: Artificial Intelligence / Enterprise Security

Do you know how many AI agents are currently operating within your organization? If you’re uncertain, you’re not alone—and that’s a significant concern. Every day, AI agents are being deployed across various industries, often initiated by business units eager for quick results, rather than just by IT. This creates a scenario where agents operate unnoticed—without proper identification, ownership, or activity logs. Essentially, they remain invisible.

👉 Register now for “Shadow Agents and Silent Threats: Securing AI’s New Identity Frontier” to learn how to proactively address this escalating issue.

The Hidden Dangers of Shadow AI Agents

Shadow agents aren’t merely benign assistants. If compromised, they can navigate through systems effortlessly, accessing sensitive data or elevating privileges at machine speed. Unlike humans, they are relentless, working around the clock without hesitation.

The reality is that most security programs weren’t designed to handle this challenge. They focus on managing people, not autonomous software agents. As the use of AI continues to rise, these circumstances pose a significant threat.

Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.

Critical Remote Code Execution Vulnerability Discovered in SolarWinds Orion Platform On March 25, 2021, SolarWinds, a provider of IT infrastructure management solutions, released an important update for its Orion networking monitoring tool, addressing several security vulnerabilities. Among the fixes are two significant issues that could be exploited by authenticated attackers…

Read More

Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.