The Breach News

Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

Severe Security Vulnerability Discovered in Multiple HP Printer Models November 30, 2021 Cybersecurity experts have revealed the existence of longstanding security vulnerabilities that affect a substantial range of HP multifunction printers (MFPs). Specifically, these flaws, which have persisted for eight years, could allow malicious actors to gain control of affected…

Read More

Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

Chinese Hackers Target European Diplomats in Recent G20 Cyber Espionage Incident

Dec 13, 2013

A report from security firm FireEye reveals that Chinese hackers conducted cyber espionage against European Ministries of Foreign Affairs during the recent G20 meetings. Researcher Nart Villeneuve highlighted that the hackers accessed the networks of five European foreign ministries by sending emails embedded with malware files, allowing them to steal credentials and sensitive information. The operation, termed “Operation Ke3chang,” is believed to have been active since at least 2010. The attackers used malware disguised as documents related to potential military interventions in Syria (US_military_options_in_Syria.pdf.zip), which, when downloaded and opened by victims, installed a backdoor on their systems. Additionally, they exploited a Java zero-day vulnerability (CVE-2012-4681) and other established exploits.

Chinese Cyber Espionage Targets European Diplomats During G20 Meetings In a recent disclosure, the cybersecurity firm FireEye has unveiled a sophisticated cyber espionage campaign directed at European Ministries of Foreign Affairs during the recent G20 meetings. This operation, attributed to Chinese hackers, has raised significant alarms regarding the security of…

Read More

Chinese Hackers Target European Diplomats in Recent G20 Cyber Espionage Incident

Dec 13, 2013

A report from security firm FireEye reveals that Chinese hackers conducted cyber espionage against European Ministries of Foreign Affairs during the recent G20 meetings. Researcher Nart Villeneuve highlighted that the hackers accessed the networks of five European foreign ministries by sending emails embedded with malware files, allowing them to steal credentials and sensitive information. The operation, termed “Operation Ke3chang,” is believed to have been active since at least 2010. The attackers used malware disguised as documents related to potential military interventions in Syria (US_military_options_in_Syria.pdf.zip), which, when downloaded and opened by victims, installed a backdoor on their systems. Additionally, they exploited a Java zero-day vulnerability (CVE-2012-4681) and other established exploits.

Iran-Connected Hackers Targeting U.S. Energy and Water Systems

Cyberattacks as Retaliation: Iran Targets U.S. Industrial Control Systems In the escalating tensions following President Donald Trump’s stark threats against Iran, the nation appears to have responded through a significant cyber offensive. U.S. governmental agencies are reporting an extensive hacking campaign aimed at industrial control systems across the United States,…

Read MoreIran-Connected Hackers Targeting U.S. Energy and Water Systems

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.

FBI Issues Alert on Cybercriminal Groups Targeting Salesforce Platforms September 13, 2025 In a concerning development, the Federal Bureau of Investigation (FBI) has issued a flash alert regarding two cybercriminal factions, referred to as UNC6040 and UNC6395, who are orchestrating a series of data theft and extortion attacks. This alert…

Read More

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.

CISA Issues Warning on Exploited Critical Vulnerability in Zoho ManageEngine ServiceDesk

On December 3, 2021, the FBI and CISA alerted the public about active exploitation of a newly patched vulnerability in Zoho’s ManageEngine ServiceDesk Plus. Identified as CVE-2021-44077 (CVSS score: 9.8), this flaw enables unauthenticated remote code execution in versions up to 11305. If unaddressed, it allows attackers to upload executable files and establish web shells for further malicious activities, such as compromising admin credentials, lateral movement, and exfiltrating sensitive information like registry hives and Active Directory files. Zoho also highlighted that a security misconfiguration in ServiceDesk Plus was the root cause of this issue.

CISA Issues Alert on Actively Exploited Critical Vulnerability in Zoho ManageEngine ServiceDesk On December 3, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a significant warning regarding an actively exploited vulnerability within Zoho’s ManageEngine ServiceDesk Plus. This flaw, identified as CVE-2021-44077, boasts a CVSS score of…

Read More

CISA Issues Warning on Exploited Critical Vulnerability in Zoho ManageEngine ServiceDesk

On December 3, 2021, the FBI and CISA alerted the public about active exploitation of a newly patched vulnerability in Zoho’s ManageEngine ServiceDesk Plus. Identified as CVE-2021-44077 (CVSS score: 9.8), this flaw enables unauthenticated remote code execution in versions up to 11305. If unaddressed, it allows attackers to upload executable files and establish web shells for further malicious activities, such as compromising admin credentials, lateral movement, and exfiltrating sensitive information like registry hives and Active Directory files. Zoho also highlighted that a security misconfiguration in ServiceDesk Plus was the root cause of this issue.

The Evolution of Cyber Threats: Insights from IntelCrawler’s Experts

Dec 16, 2013

In this article, I am excited to share an interview with Andrey Komarov, CEO of IntelCrawler, and Dan Clements, President of IntelCrawler. IntelCrawler is a comprehensive intelligence aggregator that collects data from an extensive pool of over 3 billion IPv4 addresses and more than 200 million domain names. Their services focus on scanning this data for analytics, allowing for a deep dive into specific cyber threats.

I’ve prepared a series of questions aimed at exploring the significant shifts in the cyber threat landscape:

Q. What are the most pressing cyber threats facing private businesses and government organizations today?

A. Moving beyond typical concerns, one of the most alarming issues is the rise of fundamentally new vulnerabilities within critical applications and systems. The market for “zero-day” vulnerabilities continues to grow daily, becoming an integral part of the evolving landscape of cyber warfare as it develops.

The Evolution of Cyber Threats: Insights from IntelCrawler’s Experts On December 16, 2013, I had the opportunity to delve into the evolving landscape of cyber threats through an insightful interview with Andrey Komarov, CEO of IntelCrawler, and Dan Clements, President of the same company. IntelCrawler operates as a sophisticated intelligence…

Read More

The Evolution of Cyber Threats: Insights from IntelCrawler’s Experts

Dec 16, 2013

In this article, I am excited to share an interview with Andrey Komarov, CEO of IntelCrawler, and Dan Clements, President of IntelCrawler. IntelCrawler is a comprehensive intelligence aggregator that collects data from an extensive pool of over 3 billion IPv4 addresses and more than 200 million domain names. Their services focus on scanning this data for analytics, allowing for a deep dive into specific cyber threats.

I’ve prepared a series of questions aimed at exploring the significant shifts in the cyber threat landscape:

Q. What are the most pressing cyber threats facing private businesses and government organizations today?

A. Moving beyond typical concerns, one of the most alarming issues is the rise of fundamentally new vulnerabilities within critical applications and systems. The market for “zero-day” vulnerabilities continues to grow daily, becoming an integral part of the evolving landscape of cyber warfare as it develops.

⚡ Weekly Roundup: Evolving Threats—Bootkit Malware, AI-Enhanced Attacks, Supply Chain Vulnerabilities, Zero-Day Exploits & More

Sep 15, 2025
Cybersecurity / Hacking News

In today’s landscape of relentless threats, the role of the modern CISO extends beyond mere technology security—it’s about safeguarding institutional trust and ensuring business continuity. This week revealed a disturbing trend: adversaries are increasingly targeting the intricate networks that connect businesses, from supply chains to strategic partnerships. As new regulations emerge and AI-driven attacks escalate, the choices you make now will define your organization’s resilience for years to come. This report isn’t just a list of threats; it’s a strategic framework for effective leadership. Here’s your comprehensive weekly recap, filled with insights to keep you ahead in the game.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A new variant of the notorious Petya/NotPetya malware, named HybridPetya, has been identified. While there is currently no data indicating its deployment in the wild, it stands out for its ability to compromise the secure boot feature.

Weekly Cybersecurity Recap: Ransomware Innovations, AI-Assisted Attacks, and Supply Chain Vulnerabilities Date: September 15, 2025 Category: Cybersecurity / Hacking News In an era where cybersecurity threats are ever-evolving, the chief information security officer (CISO) faces a daunting challenge: beyond merely safeguarding technology, their primary responsibility is to uphold institutional trust…

Read More

⚡ Weekly Roundup: Evolving Threats—Bootkit Malware, AI-Enhanced Attacks, Supply Chain Vulnerabilities, Zero-Day Exploits & More

Sep 15, 2025
Cybersecurity / Hacking News

In today’s landscape of relentless threats, the role of the modern CISO extends beyond mere technology security—it’s about safeguarding institutional trust and ensuring business continuity. This week revealed a disturbing trend: adversaries are increasingly targeting the intricate networks that connect businesses, from supply chains to strategic partnerships. As new regulations emerge and AI-driven attacks escalate, the choices you make now will define your organization’s resilience for years to come. This report isn’t just a list of threats; it’s a strategic framework for effective leadership. Here’s your comprehensive weekly recap, filled with insights to keep you ahead in the game.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A new variant of the notorious Petya/NotPetya malware, named HybridPetya, has been identified. While there is currently no data indicating its deployment in the wild, it stands out for its ability to compromise the secure boot feature.

Models Defy Norms to Support Their Peers

Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Research Uncovers Autonomous AI Behaviors Aimed at Preserving Peers Rashmi Ramesh (rashmiramesh_) • April 6, 2026 Image: One Time/Shutterstock Recent research indicates that artificial intelligence systems can engage in deceptive practices, falsifying data and sabotaging operational protocols in…

Read MoreModels Defy Norms to Support Their Peers