The Breach News

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models On September 22, 2021, networking equipment manufacturer Netgear announced the release of crucial patches to address a high-severity remote code execution vulnerability that could allow unauthorized attackers to gain control over affected routers. This vulnerability, assigned the identifier CVE-2021-40847…

Read More

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

13 Members of Anonymous Charged in ‘Operation Payback’ Cyber Attack Scheme

Oct 04, 2013

A U.S. Grand Jury has indicted 13 alleged members of the hacking collective Anonymous for their involvement in cyber attacks against various websites during the anti-copyright initiative known as “Operation Payback.” The group executed denial-of-service (DDoS) attacks on sites belonging to organizations like the Recording Industry Association of America, Visa, and MasterCard. These actions were in retaliation for the closure of “The Pirate Bay,” a Swedish file-sharing platform used for illegal downloads. The DDoS campaign later targeted Bank of America and other credit card companies after they declined to process payments for WikiLeaks. The indictment charges the suspects with conspiracy to intentionally damage protected computers and using software called Low Orbit Ion Cannon (LOIC) to facilitate the attacks.

Thirteen Members of Anonymous Indicted in Operation Payback Cyber Attacks On October 4, 2013, a U.S. grand jury announced the indictment of thirteen individuals associated with the hacking group Anonymous, in connection with a series of cyber attacks carried out under the banner of “Operation Payback.” This initiative was reportedly…

Read More

13 Members of Anonymous Charged in ‘Operation Payback’ Cyber Attack Scheme

Oct 04, 2013

A U.S. Grand Jury has indicted 13 alleged members of the hacking collective Anonymous for their involvement in cyber attacks against various websites during the anti-copyright initiative known as “Operation Payback.” The group executed denial-of-service (DDoS) attacks on sites belonging to organizations like the Recording Industry Association of America, Visa, and MasterCard. These actions were in retaliation for the closure of “The Pirate Bay,” a Swedish file-sharing platform used for illegal downloads. The DDoS campaign later targeted Bank of America and other credit card companies after they declined to process payments for WikiLeaks. The indictment charges the suspects with conspiracy to intentionally damage protected computers and using software called Low Orbit Ion Cannon (LOIC) to facilitate the attacks.

“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”

Sep 06, 2025 – Malware / Cyber Espionage

A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”

Noisy Bear Campaign: Phishing Test Unveiled in Kazakhstan’s Energy Sector On September 6, 2025, cybersecurity experts revealed that a series of attacks targeting Kazakhstan’s energy sector has been linked to a threat actor possibly originating from Russia. This campaign, dubbed Operation BarrelFire, is attributed to a new group identified by…

Read More

“Noisy Bear Campaign Disguised as Phishing Test Revealed Targeting Kazakhstan’s Energy Sector”

Sep 06, 2025 – Malware / Cyber Espionage

A suspected Russian threat actor is behind a series of attacks aimed at Kazakhstan’s energy sector, identified as Operation BarrelFire by Seqrite Labs, which tracks the group as Noisy Bear. Active since at least April 2025, the campaign specifically targets employees of KazMunaiGas (KMG). The attackers delivered a counterfeit document purporting to be from the KMG IT department, mimicking legitimate internal communications and addressing topics like policy updates, certification processes, and salary adjustments. According to security researcher Subhajeet Singha, the infection process starts with a phishing email containing a ZIP file that includes a Windows shortcut (LNK) downloader, a decoy document related to KazMunaiGas, and a README.txt file with instructions in both Russian and Kazakh to execute a program named “KazMunayGaz_Viewer.”

New Windows Vulnerability Exposes Devices to Rootkit Installation by Hackers

New Microsoft Windows Vulnerability Could Enable Rootkit Installation by Hackers September 23, 2021 Security researchers have identified a critical vulnerability in the Microsoft Windows Platform Binary Table (WPBT) that poses risks to all devices operating on Windows since the release of Windows 8. This unpatched flaw could allow attackers to…

Read More

New Windows Vulnerability Exposes Devices to Rootkit Installation by Hackers

New Phishing Attack Targets Poste Italiane’s Postal and Financial Services Again

Date: Oct 21, 2013

This phishing attack exemplifies a sophisticated blend of technology and psychology. Individuals are often deceived into clicking on unsecured website links. This week, Sophos experts uncovered a noteworthy phishing scheme aimed at Poste Italiane, the Italian postal service. This incident stood out due to its use of an old social engineering tactic. Poste Italiane encompasses postal, financial, and payment services and has been identified as a leading target in a recent F-Secure Threat report. The frequency of attacks against Poste Italiane is striking, with the primary goal of tricking customers into unknowingly submitting their credentials to fraudulent login sites. In this latest attack, criminals deployed a common tactic by sending an email with an enticing HTML attachment that prompts recipients to open it: “To activate the ‘Security Web Postepay,’ you need to: – Download…”

Phishing Attack Targets Poste Italiane, Exposing Vulnerabilities in Online Security October 21, 2013 In a concerning development for the Italian postal and financial services sector, a sophisticated phishing attack targeting Poste Italiane has come to light. Security experts at Sophos detected this breach, which showcases a notable revival of established…

Read More

New Phishing Attack Targets Poste Italiane’s Postal and Financial Services Again

Date: Oct 21, 2013

This phishing attack exemplifies a sophisticated blend of technology and psychology. Individuals are often deceived into clicking on unsecured website links. This week, Sophos experts uncovered a noteworthy phishing scheme aimed at Poste Italiane, the Italian postal service. This incident stood out due to its use of an old social engineering tactic. Poste Italiane encompasses postal, financial, and payment services and has been identified as a leading target in a recent F-Secure Threat report. The frequency of attacks against Poste Italiane is striking, with the primary goal of tricking customers into unknowingly submitting their credentials to fraudulent login sites. In this latest attack, criminals deployed a common tactic by sending an email with an enticing HTML attachment that prompts recipients to open it: “To activate the ‘Security Web Postepay,’ you need to: – Download…”

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Apple Issues Critical Updates to Address Zero-Day Vulnerabilities in iOS and macOS September 24, 2021 Apple has issued important security updates for older versions of iOS and macOS in response to vulnerabilities that are currently being actively exploited. The company identified these issues during its ongoing security monitoring and reported…

Read More

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

South Korea Faces Android Trojan Threats, Malware in Gaming Apps, and DDoS Assaults

Oct 25, 2013

Last Tuesday, the National Police Agency of South Korea issued a warning about the proliferation of malware-infected video games available in the South Korean market, designed to facilitate cyberattacks against the country. This malware collects users’ location data and IP addresses, reportedly transmitting the information to servers based in North Korea.

Today, AhnLab, South Korea’s leading antivirus company, confirmed that they have detected distributed denial-of-service (DDoS) attacks targeting the websites of local businesses. The report indicates that approximately 16 websites belonging to 13 companies, including Daum, MSN, and the JoongAng Ilbo newspaper, have been affected. AhnLab noted that around 10,000 computers were compromised, primarily due to the failure to install or update antivirus programs since the last cyberattack in July. The attack was first identified around 4:00 p.m. on Thursday, impacting roughly 10,000 systems.

South Korea Faces Cyber Threats: Android Trojan, Malware in Gaming Apps, and DDoS Attacks On October 25, 2013, South Korea’s National Police Agency issued a stark warning regarding an alarming emergence of malware-laden video games infiltrating local markets. These applications are believed to serve as conduits for orchestrated cyber attacks…

Read More

South Korea Faces Android Trojan Threats, Malware in Gaming Apps, and DDoS Assaults

Oct 25, 2013

Last Tuesday, the National Police Agency of South Korea issued a warning about the proliferation of malware-infected video games available in the South Korean market, designed to facilitate cyberattacks against the country. This malware collects users’ location data and IP addresses, reportedly transmitting the information to servers based in North Korea.

Today, AhnLab, South Korea’s leading antivirus company, confirmed that they have detected distributed denial-of-service (DDoS) attacks targeting the websites of local businesses. The report indicates that approximately 16 websites belonging to 13 companies, including Daum, MSN, and the JoongAng Ilbo newspaper, have been affected. AhnLab noted that around 10,000 computers were compromised, primarily due to the failure to install or update antivirus programs since the last cyberattack in July. The attack was first identified around 4:00 p.m. on Thursday, impacting roughly 10,000 systems.