The Breach News

Malware Leverages Inaudible Audio Signals to Transfer Stolen Data

Dec 03, 2013

If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.

New Malware Exploits Inaudible Audio Signals to Exfiltrate Data On December 3, 2013, researchers revealed a groundbreaking malware prototype capable of transferring stolen data via inaudible audio signals, challenging prevailing assumptions about the security of isolated digital systems. Traditionally, the belief is that computers disconnected from networks and devoid of…

Read More

Malware Leverages Inaudible Audio Signals to Transfer Stolen Data

Dec 03, 2013

If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.

Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Senator Wyden Calls for FTC Investigation into Microsoft Over Cybersecurity Negligence Linked to Ransomware Attacks September 11, 2025 U.S. Senator Ron Wyden has formally requested the Federal Trade Commission (FTC) to investigate Microsoft, alleging severe cybersecurity negligence that has facilitated ransomware assaults on critical U.S. infrastructure, notably in the healthcare…

Read More

Senator Wyden Calls for FTC Investigation into Microsoft Over Ransomware-Related Cybersecurity Failures

U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.

Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access

November 5, 2021

Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.

Hardcoded SSH Key in Cisco Policy Suite Exposes Systems to Remote Root Access Vulnerability On November 5, 2021, Cisco Systems disclosed critical security updates aimed at addressing significant vulnerabilities across several of its products. One of the foremost issues identified is linked to a hardcoded SSH key within the Cisco…

Read More

Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access

November 5, 2021

Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.

DDoS Attacks Exploit Thousands of Outdated .EDU and .GOV WordPress Blogs

Dec 04, 2013

A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.

DDoS Attacks Launch from Thousands of Outdated .EDU and .GOV WordPress Blogs In a recent cyber assault against a prominent online forum, thousands of obsolete yet legitimate WordPress blogs were exploited to orchestrate Distributed Denial of Service (DDoS) attacks. This operation capitalized on previously identified vulnerabilities within the WordPress content…

Read More

DDoS Attacks Exploit Thousands of Outdated .EDU and .GOV WordPress Blogs

Dec 04, 2013

A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.

Storm-1175 Launches Medusa Ransomware Just 24 Hours After Vulnerability Revealed

A notorious hacking group known as Storm-1175 is wreaking havoc on a global scale by deploying the destructive Medusa ransomware. Microsoft Threat Intelligence has identified this group as particularly adept at exploiting the narrow window between the discovery of a security vulnerability and the implementation of a patch. Research from…

Read MoreStorm-1175 Launches Medusa Ransomware Just 24 Hours After Vulnerability Revealed

Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

Security Flaw in Cursor AI Code Editor Enables Silent Code Execution from Malicious Repositories A recent vulnerability has been uncovered in the AI-powered code editor Cursor, which poses significant risks for developers. This flaw allows for unauthorized code execution when users open a maliciously designed repository within the application. The…

Read More

Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

New eSentire CEO Champions AI-Driven Transformation in Managed Security

Artificial Intelligence & Machine Learning, Managed Detection & Response (MDR), Next-Generation Technologies & Secure Development James Foster Emphasizes Importance of Agentic Security and Outsourcing Defense Michael Novinson (@MichaelNovinson) • April 7, 2026 James Foster, CEO, eSentire (Image: eSentire) James Foster, the newly appointed CEO of eSentire, intends to create artificial…

Read MoreNew eSentire CEO Champions AI-Driven Transformation in Managed Security

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService

On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService On November 8, 2021, it was disclosed that a cyber espionage campaign had exploited a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus platform, which is widely used for self-service password management and single sign-on (SSO) solutions. The breach has…

Read More

Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService

On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”