The Breach News

Anonymous Threatens Estonian Government with Impending Cyber Attack

Oct 10, 2012

On October 8, the hacker collective Anonymous, through its AnonSwedenOp account, released a video on YouTube warning the Estonian government of a potential cyber attack. The video accused the government of neglecting its citizens, claiming, “The Estonian government sacrificed its own people rather than providing support. Instead of helping its own, it has funneled money to Greece, which is in a better financial position.” They highlighted the irony of Estonia’s financial struggles while simultaneously donating €357 million to Greece.

The group’s video indicated that the attack, dubbed Operation #OpEstonia, is likely scheduled for Friday, October 12. It concluded with a message of solidarity towards the Estonian people: “This must end. Estonian people, we haven’t forgotten you.”

Recently, Anonymous also targeted the website of the Swedish central bank, raising concerns about the potential scale and intensity of the forthcoming attack.

Stay updated—subscribe to our daily newsletter for the latest developments.

Anonymous Threatens Estonian Government with Cyber Attack On October 8, the hacker collective Anonymous, through its AnonSwedenOp channel, released a video on YouTube, issuing a warning to the Estonian government about a potential cyber attack. The video criticizes the government’s priorities, claiming that it has failed to adequately support its…

Read More

Anonymous Threatens Estonian Government with Impending Cyber Attack

Oct 10, 2012

On October 8, the hacker collective Anonymous, through its AnonSwedenOp account, released a video on YouTube warning the Estonian government of a potential cyber attack. The video accused the government of neglecting its citizens, claiming, “The Estonian government sacrificed its own people rather than providing support. Instead of helping its own, it has funneled money to Greece, which is in a better financial position.” They highlighted the irony of Estonia’s financial struggles while simultaneously donating €357 million to Greece.

The group’s video indicated that the attack, dubbed Operation #OpEstonia, is likely scheduled for Friday, October 12. It concluded with a message of solidarity towards the Estonian people: “This must end. Estonian people, we haven’t forgotten you.”

Recently, Anonymous also targeted the website of the Swedish central bank, raising concerns about the potential scale and intensity of the forthcoming attack.

Stay updated—subscribe to our daily newsletter for the latest developments.

Microsoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…

Read MoreMicrosoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…

Read More

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability

On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.

F5 BIG-IP Vulnerability Exposed to Kerberos KDC Spoofing Threat April 28, 2021 Cybersecurity experts have uncovered a significant vulnerability in F5’s BIG-IP application delivery services that affects its Kerberos Key Distribution Center (KDC) security feature. Identified as CVE-2021-23008, this bypass vulnerability poses a serious risk, as it allows attackers to…

Read More

F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability

On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.

New Cyber Attack Targets Regions Bank and SunTrust

October 11, 2012

As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”

Cyber Attack Targets Regions Bank and SunTrust On October 11, 2012, Regions Financial Corp and SunTrust fell victim to a significant distributed denial-of-service (DDoS) attack. This breach was executed by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters, who had previously announced their plans to target these financial institutions in…

Read More

New Cyber Attack Targets Regions Bank and SunTrust

October 11, 2012

As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”

Newly Decoded Sabotage Malware May Have Aimed at Iran’s Nuclear Program—Predating Stuxnet

Recent analysis by cybersecurity experts has revealed the emergence of a sophisticated piece of malware known as Fast16, which operates with self-replicating capabilities resembling those of a worm. This code is particularly alarming due to its ability to propagate through network shares on Windows systems. According to findings, Fast16 utilizes…

Read MoreNewly Decoded Sabotage Malware May Have Aimed at Iran’s Nuclear Program—Predating Stuxnet

Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Commvault Issues Critical Security Updates to Mitigate Remote Code Execution Vulnerabilities On August 21, 2025, Commvault announced significant updates aimed at addressing four critical security vulnerabilities that could potentially be exploited to execute remote code on vulnerable instances of its software. These vulnerabilities, which affect versions prior to 11.36.60, reveal…

Read More

Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits

On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:

  • CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.

  • CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.

  • CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…

Apple Issues Critical Security Patches for Zero-Day Vulnerabilities Amid Active Exploits On May 3, 2021, Apple announced the release of a suite of security updates for its operating systems, including iOS, macOS, and watchOS, aimed at addressing several pressing vulnerabilities. Notably, these updates specifically target three zero-day flaws tied to…

Read More

Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits

On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:

  • CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.

  • CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.

  • CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…

miniFlame: Newly Uncovered Cyber Espionage Malware

October 15, 2012

Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.

Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.

Discovery of miniFlame Malware Marks a New Era in Cyber Espionage On October 15, 2012, cybersecurity firm Kaspersky Lab revealed the emergence of a new type of malware known as miniFlame. Directly associated with the more notorious Flame malware, miniFlame represents a sophisticated cyber espionage tool that has been linked…

Read More

miniFlame: Newly Uncovered Cyber Espionage Malware

October 15, 2012

Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.

Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.