The Breach News

Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.

Critical Remote Code Execution Vulnerability Discovered in SolarWinds Orion Platform On March 25, 2021, SolarWinds, a provider of IT infrastructure management solutions, released an important update for its Orion networking monitoring tool, addressing several security vulnerabilities. Among the fixes are two significant issues that could be exploited by authenticated attackers…

Read More

Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.

Cyber Attacks Target Six Major U.S. Banks

Published: Oct 1, 2012

Recent reports indicate that several of the largest financial institutions in the United States, including Wells Fargo, JPMorgan Chase, Bank of America, Citigroup, and U.S. Bancorp, were subjected to a series of cyber attacks last week. A group claiming to have Middle Eastern affiliations executed these attacks, resulting in internet outages and disruptions to online banking services.

The banks experienced denial-of-service attacks, where hackers inundate a website with excessive traffic, causing it to become overwhelmed and shut down. Although these attacks can be disruptive, they are not technically advanced and do not compromise the security of the banks’ computer networks, funds, or customer accounts.

The group, identifying itself as “Mrt. Izz ad-Din al-Qassam Cyber Fighters,” specifically targeted Wells Fargo and announced plans to attack U.S. Bancorp and PNC Financial Services Group next. They stated that their actions were a response to an anti-Islam video that ridicules the Prophet Muhammad and vowed to persist in their assaults on American financial institutions.

Cyber Attacks Target Major U.S. Banks October 1, 2012 Recent reports indicate that several of America’s leading financial institutions, including Wells Fargo, JPMorgan Chase, Bank of America, Citigroup, and U.S. Bancorp, experienced a wave of cyber attacks last week. The assaults were attributed to a group claiming connections to the…

Read More

Cyber Attacks Target Six Major U.S. Banks

Published: Oct 1, 2012

Recent reports indicate that several of the largest financial institutions in the United States, including Wells Fargo, JPMorgan Chase, Bank of America, Citigroup, and U.S. Bancorp, were subjected to a series of cyber attacks last week. A group claiming to have Middle Eastern affiliations executed these attacks, resulting in internet outages and disruptions to online banking services.

The banks experienced denial-of-service attacks, where hackers inundate a website with excessive traffic, causing it to become overwhelmed and shut down. Although these attacks can be disruptive, they are not technically advanced and do not compromise the security of the banks’ computer networks, funds, or customer accounts.

The group, identifying itself as “Mrt. Izz ad-Din al-Qassam Cyber Fighters,” specifically targeted Wells Fargo and announced plans to attack U.S. Bancorp and PNC Financial Services Group next. They stated that their actions were a response to an anti-Islam video that ridicules the Prophet Muhammad and vowed to persist in their assaults on American financial institutions.

Discord Investigators Achieve Unauthorized Access to Anthropic’s Mythos

As the discourse around the implications of advanced AI models on cybersecurity continues, Mozilla announced that it utilized early access to Anthropic’s Mythos Preview to identify and address 271 vulnerabilities in its latest Firefox 150 browser release. Concurrently, researchers have uncovered a group of North Korean hackers who have adeptly…

Read MoreDiscord Investigators Achieve Unauthorized Access to Anthropic’s Mythos

DOM-Based Clickjacking Vulnerability Threatens Popular Password Managers, Exposing Users to Credential and Data Theft

AUGUST 20, 2025
Vulnerability / Browser Security

Recent findings reveal that widely used password manager browser extensions are vulnerable to DOM-based clickjacking attacks, which can compromise users’ account credentials, two-factor authentication (2FA) codes, and credit card information under specific conditions. Independent security researcher Marek Tóth highlighted this risk during his presentation at DEF CON 33 earlier this month. “With just a single click on an attacker-controlled site, users’ sensitive data—including credit card details, personal information, and login credentials (including TOTP)—can be stolen,” Tóth explained. This new technique is versatile and could potentially target other extension types as well. Clickjacking, also known as UI redressing, involves manipulating users into executing seemingly benign actions on a website, while the real intent is to hijack their information.

DOM-Based Extension Clickjacking Poses Risks to Leading Password Managers On August 20, 2025, new findings emerged highlighting a significant security vulnerability affecting popular password management extensions for web browsers. These vulnerabilities, known as DOM-based extension clickjacking, could potentially facilitate the theft of sensitive user information, including account credentials, two-factor authentication…

Read More

DOM-Based Clickjacking Vulnerability Threatens Popular Password Managers, Exposing Users to Credential and Data Theft

AUGUST 20, 2025
Vulnerability / Browser Security

Recent findings reveal that widely used password manager browser extensions are vulnerable to DOM-based clickjacking attacks, which can compromise users’ account credentials, two-factor authentication (2FA) codes, and credit card information under specific conditions. Independent security researcher Marek Tóth highlighted this risk during his presentation at DEF CON 33 earlier this month. “With just a single click on an attacker-controlled site, users’ sensitive data—including credit card details, personal information, and login credentials (including TOTP)—can be stolen,” Tóth explained. This new technique is versatile and could potentially target other extension types as well. Clickjacking, also known as UI redressing, involves manipulating users into executing seemingly benign actions on a website, while the real intent is to hijack their information.

OpenSSL Issues Updates to Address Two Critical Security Vulnerabilities

On March 26, 2021, OpenSSL maintainers released fixes for two high-severity security flaws that could lead to denial-of-service (DoS) attacks and the circumvention of certificate verification. Identified as CVE-2021-3449 and CVE-2021-3450, these vulnerabilities have been patched in the latest update (version OpenSSL 1.1.1k), made available on Thursday. CVE-2021-3449 is applicable to all OpenSSL 1.1.1 versions, while CVE-2021-3450 affects versions 1.1.1h and later. OpenSSL provides cryptographic functions that support the Transport Layer Security protocol, aiding in the secure transmission of communication over networks. According to an advisory from OpenSSL, CVE-2021-3449 poses a potential DoS risk linked to NULL pointer dereferencing, which can result in an OpenSSL TLS server crash if a client sends a malicious “ClientHello” message during the handshake process.

OpenSSL Addresses Two High-Severity Vulnerabilities March 26, 2021 OpenSSL has announced the release of critical patches aimed at addressing two high-severity vulnerabilities that pose a significant risk to its widely used cryptographic library. These flaws, identified as CVE-2021-3449 and CVE-2021-3450, could potentially enable attackers to execute denial-of-service (DoS) attacks and…

Read More

OpenSSL Issues Updates to Address Two Critical Security Vulnerabilities

On March 26, 2021, OpenSSL maintainers released fixes for two high-severity security flaws that could lead to denial-of-service (DoS) attacks and the circumvention of certificate verification. Identified as CVE-2021-3449 and CVE-2021-3450, these vulnerabilities have been patched in the latest update (version OpenSSL 1.1.1k), made available on Thursday. CVE-2021-3449 is applicable to all OpenSSL 1.1.1 versions, while CVE-2021-3450 affects versions 1.1.1h and later. OpenSSL provides cryptographic functions that support the Transport Layer Security protocol, aiding in the secure transmission of communication over networks. According to an advisory from OpenSSL, CVE-2021-3449 poses a potential DoS risk linked to NULL pointer dereferencing, which can result in an OpenSSL TLS server crash if a client sends a malicious “ClientHello” message during the handshake process.

Chinese Hackers Target White House Computer Networks

October 1, 2012

The White House confirmed Monday that a cyber attack had compromised one of its computer networks, though it reported no breach of classified systems or any evidence of lost data. The attack was said to involve systems connected to military nuclear commands and was linked to Chinese hackers. The initial report, published by The Washington Free Beacon—a conservative outlet critical of the Obama administration—characterized the breach as one of Beijing’s most audacious cyber operations against the United States and suggested a failure by the Obama administration to confront China’s ongoing cyber threats. This revelation comes amid rising tensions in Asia, as the Pentagon has positioned two U.S. aircraft carrier strike groups and Marine amphibious units near the waters surrounding Japan’s Senkaku Islands. An official referred to the incident as a “spear-phishing” attack…

Chinese Hackers Target White House Computer Networks October 1, 2012 The White House confirmed on Monday that one of its computer networks suffered a cyber attack, attributing the breach to Chinese hackers. Officials stated that while there was no evidence of access to classified systems or data loss, the incident…

Read More

Chinese Hackers Target White House Computer Networks

October 1, 2012

The White House confirmed Monday that a cyber attack had compromised one of its computer networks, though it reported no breach of classified systems or any evidence of lost data. The attack was said to involve systems connected to military nuclear commands and was linked to Chinese hackers. The initial report, published by The Washington Free Beacon—a conservative outlet critical of the Obama administration—characterized the breach as one of Beijing’s most audacious cyber operations against the United States and suggested a failure by the Obama administration to confront China’s ongoing cyber threats. This revelation comes amid rising tensions in Asia, as the Pentagon has positioned two U.S. aircraft carrier strike groups and Marine amphibious units near the waters surrounding Japan’s Senkaku Islands. An official referred to the incident as a “spear-phishing” attack…

Why Are Leading University Websites Displaying Adult Content? It’s a Matter of Poor Maintenance.

Cybersecurity Alert: Scammers Exploit University Domains to Distribute Malicious Content Recent research has uncovered significant security breaches affecting the websites of several esteemed universities, including the University of California, Berkeley (berkeley.edu), Columbia University (columbia.edu), and Washington University in St. Louis (washi.edu). According to cybersecurity researcher Alex Shakhov, attackers have successfully…

Read MoreWhy Are Leading University Websites Displaying Adult Content? It’s a Matter of Poor Maintenance.

Scattered Spider Hacker Sentenced to 10 Years, Ordered to Repay $13M for SIM Swapping Crypto Theft

A 20-year-old member of the infamous cybercrime group Scattered Spider has received a ten-year prison sentence in the U.S. for his role in a series of high-profile hacks and cryptocurrency thefts. Noah Michael Urban, who pleaded guilty to wire fraud and aggravated identity theft in April 2025, will also face three years of supervised release and is required to pay $13 million in restitution to his victims. Urban, who used multiple aliases including Sosa and King Bob, was apprehended by U.S. authorities in Florida in January 2024, following crimes committed between August 2022 and March 2023 that resulted in the theft of over $800,000. In a statement to security journalist Brian Krebs, Urban decried the sentence as unjust.

Scattered Spider Hacker Sentenced to 10 Years and $13M Restitution for SIM Swapping Scheme In a significant development within the realm of cybercrime, a 20-year-old associate of the infamous hacking collective known as Scattered Spider has been sentenced to ten years in federal prison for his involvement in a series…

Read More

Scattered Spider Hacker Sentenced to 10 Years, Ordered to Repay $13M for SIM Swapping Crypto Theft

A 20-year-old member of the infamous cybercrime group Scattered Spider has received a ten-year prison sentence in the U.S. for his role in a series of high-profile hacks and cryptocurrency thefts. Noah Michael Urban, who pleaded guilty to wire fraud and aggravated identity theft in April 2025, will also face three years of supervised release and is required to pay $13 million in restitution to his victims. Urban, who used multiple aliases including Sosa and King Bob, was apprehended by U.S. authorities in Florida in January 2024, following crimes committed between August 2022 and March 2023 that resulted in the theft of over $800,000. In a statement to security journalist Brian Krebs, Urban decried the sentence as unjust.

New Vulnerabilities May Allow Hackers to Bypass Spectre Mitigations on Linux

Cybersecurity researchers have recently unveiled two critical vulnerabilities in Linux-based systems. If exploited, these flaws could enable attackers to bypass mitigations for speculative execution attacks like Spectre and access sensitive kernel memory. Identified by Piotr Krysiuk from Symantec’s Threat Hunter team, the vulnerabilities are designated as CVE-2020-27170 and CVE-2020-27171, both with a CVSS score of 5.5. They affect all Linux kernels released before version 5.11.8. Security patches were made available on March 20, with various distributions, including Ubuntu, Debian, and Red Hat, implementing fixes. CVE-2020-27170 can disclose content from any kernel memory location, while CVE-2020-27171 enables data retrieval from a 4GB segment of kernel memory. First reported in January 2018, the Spectre and Meltdown vulnerabilities exploit weaknesses in modern CPUs to leak sensitive data.

New Vulnerabilities Raise Concerns Over Spectre Mitigations on Linux Systems On March 29, 2021, cybersecurity researchers revealed two significant vulnerabilities affecting Linux-based operating systems that could enable hackers to bypass existing protections against speculative execution attacks, including the notorious Spectre exploit. Discovered by Piotr Krysiuk from Symantec’s Threat Hunter team,…

Read More

New Vulnerabilities May Allow Hackers to Bypass Spectre Mitigations on Linux

Cybersecurity researchers have recently unveiled two critical vulnerabilities in Linux-based systems. If exploited, these flaws could enable attackers to bypass mitigations for speculative execution attacks like Spectre and access sensitive kernel memory. Identified by Piotr Krysiuk from Symantec’s Threat Hunter team, the vulnerabilities are designated as CVE-2020-27170 and CVE-2020-27171, both with a CVSS score of 5.5. They affect all Linux kernels released before version 5.11.8. Security patches were made available on March 20, with various distributions, including Ubuntu, Debian, and Red Hat, implementing fixes. CVE-2020-27170 can disclose content from any kernel memory location, while CVE-2020-27171 enables data retrieval from a 4GB segment of kernel memory. First reported in January 2018, the Spectre and Meltdown vulnerabilities exploit weaknesses in modern CPUs to leak sensitive data.