The Breach News

Unresolved Unauthorized File Read Vulnerability Impacts Microsoft Windows OS

On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.

Unpatched Unauthorized File Read Vulnerability Exposes Microsoft Windows OS Published: November 30, 2021 A security vulnerability affecting Microsoft Windows operating systems has come to light, revealing potential risks for data disclosure and local privilege escalation. This flaw, identified as CVE-2021-24084 and assigned a CVSS score of 5.5, pertains specifically to…

Read More

Unresolved Unauthorized File Read Vulnerability Impacts Microsoft Windows OS

On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.

Understanding Security Vulnerabilities of FTP and the Advantages of Managed File Transfer

Dec 10, 2013

File transfer services like FTP and HTTP have been widely used for business file exchanges. Essentially, file transfer involves using a protocol to send a stream of bits—comprised of file name, size, timestamp, and other metadata—from one host to another over a TCP-based network, such as the Internet. However, this method is not without its risks. FTP, in particular, is not inherently secure and is prone to various vulnerabilities. Notably, it lacks encryption for data transmission, leaving it susceptible to attacks. In many cases, businesses simply aim to transfer files between two endpoints without considering the security implications, potentially exposing sensitive data to numerous threats, including FTP Bounce Attacks.

Security Vulnerabilities of FTP and Advantages of Managed File Transfer File transfer protocols such as FTP and HTTP have long served as the primary means for organizations to share files. These protocols enable the transmission of files—complete with essential attributes like file name, size, timestamp, and metadata—between different hosts over…

Read More

Understanding Security Vulnerabilities of FTP and the Advantages of Managed File Transfer

Dec 10, 2013

File transfer services like FTP and HTTP have been widely used for business file exchanges. Essentially, file transfer involves using a protocol to send a stream of bits—comprised of file name, size, timestamp, and other metadata—from one host to another over a TCP-based network, such as the Internet. However, this method is not without its risks. FTP, in particular, is not inherently secure and is prone to various vulnerabilities. Notably, it lacks encryption for data transmission, leaving it susceptible to attacks. In many cases, businesses simply aim to transfer files between two endpoints without considering the security implications, potentially exposing sensitive data to numerous threats, including FTP Bounce Attacks.

Anthropic Collaborates with Competitors to Prevent AI from Compromising Security

In late March, leaked reports revealed that Anthropic has developed a new AI model named Mythos, which they formally announced on Tuesday. Alongside this announcement, the company introduced an industry consortium called Project Glasswing, aimed at addressing the cybersecurity implications associated with this advanced model and the evolving capabilities across…

Read MoreAnthropic Collaborates with Competitors to Prevent AI from Compromising Security

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.

Apple Alerts French Users to Fourth Spyware Campaign in 2025, CERT-FR Validates Findings On September 12, 2025, Apple issued a warning to its users in France regarding an ongoing spyware campaign that specifically targets their devices. This advisory comes as confirmed by the Computer Emergency Response Team of France (CERT-FR),…

Read More

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.

Anthropic Declares Its New Model Too Risky for Public Release

AI-Driven Security Operations, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Anthropic Restricts Access to New AI Model Due to Misuse Concerns David Perera (@daveperera), Chris Riotta (@chrisriotta) • April 7, 2026 Image: Shutterstock In a significant development for cybersecurity, Anthropic announced the creation of an artificial intelligence…

Read MoreAnthropic Declares Its New Model Too Risky for Public Release

Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

Severe Security Vulnerability Discovered in Multiple HP Printer Models November 30, 2021 Cybersecurity experts have revealed the existence of longstanding security vulnerabilities that affect a substantial range of HP multifunction printers (MFPs). Specifically, these flaws, which have persisted for eight years, could allow malicious actors to gain control of affected…

Read More

Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

Chinese Hackers Target European Diplomats in Recent G20 Cyber Espionage Incident

Dec 13, 2013

A report from security firm FireEye reveals that Chinese hackers conducted cyber espionage against European Ministries of Foreign Affairs during the recent G20 meetings. Researcher Nart Villeneuve highlighted that the hackers accessed the networks of five European foreign ministries by sending emails embedded with malware files, allowing them to steal credentials and sensitive information. The operation, termed “Operation Ke3chang,” is believed to have been active since at least 2010. The attackers used malware disguised as documents related to potential military interventions in Syria (US_military_options_in_Syria.pdf.zip), which, when downloaded and opened by victims, installed a backdoor on their systems. Additionally, they exploited a Java zero-day vulnerability (CVE-2012-4681) and other established exploits.

Chinese Cyber Espionage Targets European Diplomats During G20 Meetings In a recent disclosure, the cybersecurity firm FireEye has unveiled a sophisticated cyber espionage campaign directed at European Ministries of Foreign Affairs during the recent G20 meetings. This operation, attributed to Chinese hackers, has raised significant alarms regarding the security of…

Read More

Chinese Hackers Target European Diplomats in Recent G20 Cyber Espionage Incident

Dec 13, 2013

A report from security firm FireEye reveals that Chinese hackers conducted cyber espionage against European Ministries of Foreign Affairs during the recent G20 meetings. Researcher Nart Villeneuve highlighted that the hackers accessed the networks of five European foreign ministries by sending emails embedded with malware files, allowing them to steal credentials and sensitive information. The operation, termed “Operation Ke3chang,” is believed to have been active since at least 2010. The attackers used malware disguised as documents related to potential military interventions in Syria (US_military_options_in_Syria.pdf.zip), which, when downloaded and opened by victims, installed a backdoor on their systems. Additionally, they exploited a Java zero-day vulnerability (CVE-2012-4681) and other established exploits.

Iran-Connected Hackers Targeting U.S. Energy and Water Systems

Cyberattacks as Retaliation: Iran Targets U.S. Industrial Control Systems In the escalating tensions following President Donald Trump’s stark threats against Iran, the nation appears to have responded through a significant cyber offensive. U.S. governmental agencies are reporting an extensive hacking campaign aimed at industrial control systems across the United States,…

Read MoreIran-Connected Hackers Targeting U.S. Energy and Water Systems

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.

FBI Issues Alert on Cybercriminal Groups Targeting Salesforce Platforms September 13, 2025 In a concerning development, the Federal Bureau of Investigation (FBI) has issued a flash alert regarding two cybercriminal factions, referred to as UNC6040 and UNC6395, who are orchestrating a series of data theft and extortion attacks. This alert…

Read More

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.