The Breach News

Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.

Linphone SIP Stack Vulnerability Exposes Clients to Remote Disruption On September 1, 2021, cybersecurity experts unveiled a critical zero-click vulnerability within the Linphone Session Initiation Protocol (SIP) stack, allowing potential exploitation that could lead to remote crashes of affected client devices. Identified as CVE-2021-33056, this vulnerability boasts a CVSS score…

Read More

Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.

Zero-Day Exploit in Internet Explorer Used for Targeted Watering Hole Attacks on Japanese Users

Sep 24, 2013

Attackers are leveraging a zero-day vulnerability, CVE-2013-3893, in Microsoft’s Internet Explorer browser to target Japanese users through compromised popular news websites. According to FireEye, at least three major Japanese media outlets fell victim to these watering hole attacks, part of an operation dubbed “DeputyDog,” which appears to focus on manufacturers, government entities, and media organizations within Japan. The compromised sites experienced over 75,000 page views before the exploits were detected. This vulnerability in Internet Explorer versions 8 and 9 enables the covert installation of malware on users’ devices, granting hackers remote access. Typically, these attackers deploy Trojans tailored for targeted operations aimed at stealing intellectual property. Researchers identified a payload disguised as an image file hosted on a Hong Kong server that was used against a Japanese target. The attacks were uncovered just two days after Microsoft disclosed the vulnerability.

Zero-Day Exploit Targets Japanese Users via Watering Hole Attacks In a significant cybersecurity incident reported on September 24, 2013, a zero-day vulnerability identified as CVE-2013-3893 in Microsoft’s Internet Explorer browser has been exploited through a series of watering hole attacks intended to compromise Japanese users. Attackers have reportedly targeted at…

Read More

Zero-Day Exploit in Internet Explorer Used for Targeted Watering Hole Attacks on Japanese Users

Sep 24, 2013

Attackers are leveraging a zero-day vulnerability, CVE-2013-3893, in Microsoft’s Internet Explorer browser to target Japanese users through compromised popular news websites. According to FireEye, at least three major Japanese media outlets fell victim to these watering hole attacks, part of an operation dubbed “DeputyDog,” which appears to focus on manufacturers, government entities, and media organizations within Japan. The compromised sites experienced over 75,000 page views before the exploits were detected. This vulnerability in Internet Explorer versions 8 and 9 enables the covert installation of malware on users’ devices, granting hackers remote access. Typically, these attackers deploy Trojans tailored for targeted operations aimed at stealing intellectual property. Researchers identified a payload disguised as an image file hosted on a Hong Kong server that was used against a Japanese target. The attacks were uncovered just two days after Microsoft disclosed the vulnerability.

The Most Ridiculous Hack of the Year Uncovers a Serious Issue

In the early hours of April last year, a significant cybersecurity incident unfolded across Silicon Valley, impacting about 20 street intersections. This unprecedented attack was executed by an unidentified individual who exploited weak, publicly accessible default passwords to wirelessly upload altered audio recordings. These recordings played in response to pedestrians…

Read MoreThe Most Ridiculous Hack of the Year Uncovers a Serious Issue

Cybercriminals Exploit HexStrike AI to Target Citrix Vulnerabilities Just Days After Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability

Threat actors are actively utilizing a new artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit recently identified security vulnerabilities. Marketed as an AI-powered platform, HexStrike AI aims to streamline reconnaissance and vulnerability detection, enhancing authorized red teaming, bug bounty programs, and capture the flag (CTF) competitions. Information from its GitHub repository reveals that the open-source tool integrates with over 150 security solutions, enabling comprehensive network reconnaissance, web application testing, reverse engineering, and cloud security assessments. Additionally, it features numerous specialized AI agents tailored for tasks like vulnerability intelligence, exploit development, attack chain analysis, and error handling. However, a report from Check Point indicates that cybercriminals are attempting to weaponize the tool to gain a strategic advantage.

Threat Actors Exploit Citrix Vulnerabilities Using HexStrike AI Within Days of Disclosure September 3, 2025 In a concerning development for cybersecurity, threat actors are reportedly leveraging a newly launched artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit security vulnerabilities recently disclosed in Citrix products. The tool, which was…

Read More

Cybercriminals Exploit HexStrike AI to Target Citrix Vulnerabilities Just Days After Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability

Threat actors are actively utilizing a new artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit recently identified security vulnerabilities. Marketed as an AI-powered platform, HexStrike AI aims to streamline reconnaissance and vulnerability detection, enhancing authorized red teaming, bug bounty programs, and capture the flag (CTF) competitions. Information from its GitHub repository reveals that the open-source tool integrates with over 150 security solutions, enabling comprehensive network reconnaissance, web application testing, reverse engineering, and cloud security assessments. Additionally, it features numerous specialized AI agents tailored for tasks like vulnerability intelligence, exploit development, attack chain analysis, and error handling. However, a report from Check Point indicates that cybercriminals are attempting to weaponize the tool to gain a strategic advantage.

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

WhatsApp Photo Filter Vulnerability Could Have Exposed User Data to Remote Threats On September 2, 2021, it was revealed that a significant security flaw in WhatsApp’s image-filtering capability posed a risk of data exposure to unauthorized remote attackers. This vulnerability, designated CVE-2020-1910 and assigned a CVSS score of 7.8, was…

Read More

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

Thousands of WordPress Blogs Compromised for DDoS Attacks

September 25, 2013

A massive cyber attack campaign is currently targeting numerous WordPress websites across the internet. In April 2012, we reported on a widespread brute force attack against millions of WordPress sites, resulting in the compromise of approximately 90,000 servers to form a large botnet of WordPress hosts. Recent DDoS attack logs received from reader Steven Veldkamp at ‘The Hacker News’ reveal that victims’ websites are experiencing heavy DDoS attacks, stemming from various compromised WordPress sites.

Utilizing brute force techniques on WordPress administrative portals, hackers are exploiting poorly secured hosts using commonly known username and password combinations. An analysis of DDoS attack logs from September 23, 2013, indicates a storm of malicious activity over just 26 seconds…

Widespread Compromise of WordPress Blogs Results in DDoS Attacks September 25, 2013 A significant cyberattack campaign is currently targeting a large swath of WordPress websites across the globe. This follows a larger trend first reported in April 2012, when millions of WordPress sites were subjected to a widespread distributed brute-force…

Read More

Thousands of WordPress Blogs Compromised for DDoS Attacks

September 25, 2013

A massive cyber attack campaign is currently targeting numerous WordPress websites across the internet. In April 2012, we reported on a widespread brute force attack against millions of WordPress sites, resulting in the compromise of approximately 90,000 servers to form a large botnet of WordPress hosts. Recent DDoS attack logs received from reader Steven Veldkamp at ‘The Hacker News’ reveal that victims’ websites are experiencing heavy DDoS attacks, stemming from various compromised WordPress sites.

Utilizing brute force techniques on WordPress administrative portals, hackers are exploiting poorly secured hosts using commonly known username and password combinations. An analysis of DDoS attack logs from September 23, 2013, indicates a storm of malicious activity over just 26 seconds…

Cybercriminals Leverage X’s Grok AI to Circumvent Ad Safeguards and Distribute Malware to Millions

Sep 04, 2025
Artificial Intelligence / Malware

Cybersecurity experts have identified a new tactic employed by cybercriminals to circumvent the malvertising protections of social media platform X, utilizing its AI assistant Grok to disseminate harmful links. This method, dubbed “Grokking,” was discussed in a series of posts by Nati Tal, head of Guardio Labs.

The technique aims to exploit the limitations set by X on Promoted Ads, which typically permit only text, images, or videos for advertising. By leveraging video card-promoted posts featuring adult content as bait, malvertisers cleverly conceal malicious links in the “From:” metadata field located below the video player—an area that goes unchecked by the platform’s security measures.

Cybercriminals Exploit X’s Grok AI to Circumvent Ad Protections and Distribute Malware Widely Cybersecurity experts have uncovered a disturbing trend in which cybercriminals are leveraging the artificial intelligence assistant Grok, from the social media platform X, to evade advertising safeguards and disseminate malicious links. This sophisticated method, referred to as…

Read More

Cybercriminals Leverage X’s Grok AI to Circumvent Ad Safeguards and Distribute Malware to Millions

Sep 04, 2025
Artificial Intelligence / Malware

Cybersecurity experts have identified a new tactic employed by cybercriminals to circumvent the malvertising protections of social media platform X, utilizing its AI assistant Grok to disseminate harmful links. This method, dubbed “Grokking,” was discussed in a series of posts by Nati Tal, head of Guardio Labs.

The technique aims to exploit the limitations set by X on Promoted Ads, which typically permit only text, images, or videos for advertising. By leveraging video card-promoted posts featuring adult content as bait, malvertisers cleverly conceal malicious links in the “From:” metadata field located below the video player—an area that goes unchecked by the platform’s security measures.

16-Year-Old Arrested for Involvement in History’s Largest Cyber Attack

Sept 27, 2013

A 16-year-old has been detained for allegedly participating in the largest DDoS attack ever recorded, targeting the Dutch anti-spam organization Spamhaus. The arrest, made by British police in April, came to light recently. Authorities stormed his home in south-west London after discovering substantial funds in his bank account. Upon investigation, he was found with various computer systems logged into virtual forums. The March 20 attack on Spamhaus was described as a monumental event in cybercrime, unleashing a torrent of traffic measured at 300 billion bits per second (300Gbps). DDoS attacks occur when hackers mobilize a network of infected computers to overwhelm a server, leading to shutdowns.

16-Year-Old Arrested in Connection with Historic Cyber Attack on Spamhaus Sept 27, 2013 Authorities have arrested a 16-year-old in the United Kingdom for his alleged involvement in what has been described as the largest Distributed Denial of Service (DDoS) attack in Internet history. The assault targeted Spamhaus, a prominent Dutch…

Read More

16-Year-Old Arrested for Involvement in History’s Largest Cyber Attack

Sept 27, 2013

A 16-year-old has been detained for allegedly participating in the largest DDoS attack ever recorded, targeting the Dutch anti-spam organization Spamhaus. The arrest, made by British police in April, came to light recently. Authorities stormed his home in south-west London after discovering substantial funds in his bank account. Upon investigation, he was found with various computer systems logged into virtual forums. The March 20 attack on Spamhaus was described as a monumental event in cybercrime, unleashing a torrent of traffic measured at 300 billion bits per second (300Gbps). DDoS attacks occur when hackers mobilize a network of infected computers to overwhelm a server, leading to shutdowns.

GhostRedirector Compromises 65 Windows Servers Through Rungan Backdoor and Gamshen IIS Module

Sep 04, 2025
Data Breach / Malware

Cybersecurity experts have uncovered a new threat cluster known as GhostRedirector, which has infiltrated at least 65 Windows servers predominantly located in Brazil, Thailand, and Vietnam. According to Slovak cybersecurity firm ESET, the attacks have resulted in the installation of a passive C++ backdoor named Rungan, alongside a native Internet Information Services (IIS) module referred to as Gamshen. The threat actor is thought to have been active since at least August 2024.

“While Rungan can execute commands on an infected server, Gamshen is designed to facilitate SEO fraud as-a-service, manipulating search engine results to enhance the page ranking of a specified target website,” stated ESET researcher Fernando Tavella in a report shared with The Hacker News. “Notably, Gamshen only alters responses when requests come from Googlebot, ensuring that regular visitors are not impacted.”

GhostRedirector Compromises 65 Windows Servers Through Rungan Backdoor and Gamshen IIS Module In a recent cybersecurity investigation, researchers from the Slovak firm ESET have uncovered a sophisticated threat cluster known as GhostRedirector, responsible for breaching at least 65 Windows servers, predominantly situated in Brazil, Thailand, and Vietnam. According to ESET,…

Read More

GhostRedirector Compromises 65 Windows Servers Through Rungan Backdoor and Gamshen IIS Module

Sep 04, 2025
Data Breach / Malware

Cybersecurity experts have uncovered a new threat cluster known as GhostRedirector, which has infiltrated at least 65 Windows servers predominantly located in Brazil, Thailand, and Vietnam. According to Slovak cybersecurity firm ESET, the attacks have resulted in the installation of a passive C++ backdoor named Rungan, alongside a native Internet Information Services (IIS) module referred to as Gamshen. The threat actor is thought to have been active since at least August 2024.

“While Rungan can execute commands on an infected server, Gamshen is designed to facilitate SEO fraud as-a-service, manipulating search engine results to enhance the page ranking of a specified target website,” stated ESET researcher Fernando Tavella in a report shared with The Hacker News. “Notably, Gamshen only alters responses when requests come from Googlebot, ensuring that regular visitors are not impacted.”