The Breach News

FBI Collaborated with Anonymous and LulzSec Hackers to Target Foreign Governments

August 28, 2013

Sentencing for former LulzSec leader Hector Xavier Monsegur, also known as “Sabu,” has been postponed again. Monsegur, who pleaded guilty to multiple criminal charges two years ago, faces a maximum sentence exceeding 124 years. Additionally, fellow LulzSec hacker Jeremy Hammond has alleged that the FBI utilized Sabu to orchestrate attacks against foreign governments, leveraging the efforts of Anonymous and other hackers.

The ongoing delays suggest that the FBI may not be fully extracting information from Monsegur, hinting at the possibility that he is assisting with other covert operations as claimed by Hammond. In a recent statement, Hammond accused the U.S. government of directing Monsegur to motivate fellow hacktivists to breach foreign government entities. “What many don’t realize is that Sabu was also used by his handlers to orchestrate hacking activities targeting government-selected entities, including multiple foreign government websites,” Hammond stated.

FBI Collaborated with Anonymous and LulzSec Hackers for Foreign Government Cyber Operations On August 28, 2013, developments emerged regarding Hector Xavier Monsegur, infamously known as “Sabu,” the former leader of the hacking group LulzSec. His sentencing, initially slated for last year after he pleaded guilty to multiple criminal charges, has…

Read More

FBI Collaborated with Anonymous and LulzSec Hackers to Target Foreign Governments

August 28, 2013

Sentencing for former LulzSec leader Hector Xavier Monsegur, also known as “Sabu,” has been postponed again. Monsegur, who pleaded guilty to multiple criminal charges two years ago, faces a maximum sentence exceeding 124 years. Additionally, fellow LulzSec hacker Jeremy Hammond has alleged that the FBI utilized Sabu to orchestrate attacks against foreign governments, leveraging the efforts of Anonymous and other hackers.

The ongoing delays suggest that the FBI may not be fully extracting information from Monsegur, hinting at the possibility that he is assisting with other covert operations as claimed by Hammond. In a recent statement, Hammond accused the U.S. government of directing Monsegur to motivate fellow hacktivists to breach foreign government entities. “What many don’t realize is that Sabu was also used by his handlers to orchestrate hacking activities targeting government-selected entities, including multiple foreign government websites,” Hammond stated.

Meta Warned That Facial Recognition Glasses Could Empower Sexual Predators

A coalition of over 70 civil liberties organizations, including notable groups such as the ACLU and the Electronic Privacy Information Center, has called on Meta to abandon plans to implement facial recognition technology in its smart glasses produced in partnership with Ray-Ban and Oakley. The functionality, internally referred to as…

Read MoreMeta Warned That Facial Recognition Glasses Could Empower Sexual Predators

Preventing Data Leaks Before They Strike

In January 2025, cybersecurity experts from Wiz Research uncovered a significant data leak at Chinese AI firm DeepSeek, which compromised over 1 million sensitive log streams. The researchers discovered a publicly accessible ClickHouse database associated with DeepSeek, granting potential full control over database operations and allowing access to internal data. This incident included more than a million lines of log streams containing chat histories, secret keys, and more. Wiz promptly notified DeepSeek, which took immediate action to secure the vulnerability. However, this event highlights the persistent risk of data leakage. Whether intentional or accidental, data leakage encompasses various scenarios, as defined by IBM, which describes it as the unintentional exposure of sensitive information to unauthorized parties. On the intentional side…

Identifying Data Leaks Before They Escalate In early January 2025, cybersecurity firm Wiz Research unveiled that DeepSeek, a Chinese AI company, faced a serious data leak exposing over one million sensitive log entries. The Wiz team discovered a publicly accessible ClickHouse database owned by DeepSeek, which compromised the organization’s operations…

Read More

Preventing Data Leaks Before They Strike

In January 2025, cybersecurity experts from Wiz Research uncovered a significant data leak at Chinese AI firm DeepSeek, which compromised over 1 million sensitive log streams. The researchers discovered a publicly accessible ClickHouse database associated with DeepSeek, granting potential full control over database operations and allowing access to internal data. This incident included more than a million lines of log streams containing chat histories, secret keys, and more. Wiz promptly notified DeepSeek, which took immediate action to secure the vulnerability. However, this event highlights the persistent risk of data leakage. Whether intentional or accidental, data leakage encompasses various scenarios, as defined by IBM, which describes it as the unintentional exposure of sensitive information to unauthorized parties. On the intentional side…

Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.

Linphone SIP Stack Vulnerability Exposes Clients to Remote Disruption On September 1, 2021, cybersecurity experts unveiled a critical zero-click vulnerability within the Linphone Session Initiation Protocol (SIP) stack, allowing potential exploitation that could lead to remote crashes of affected client devices. Identified as CVE-2021-33056, this vulnerability boasts a CVSS score…

Read More

Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.

Zero-Day Exploit in Internet Explorer Used for Targeted Watering Hole Attacks on Japanese Users

Sep 24, 2013

Attackers are leveraging a zero-day vulnerability, CVE-2013-3893, in Microsoft’s Internet Explorer browser to target Japanese users through compromised popular news websites. According to FireEye, at least three major Japanese media outlets fell victim to these watering hole attacks, part of an operation dubbed “DeputyDog,” which appears to focus on manufacturers, government entities, and media organizations within Japan. The compromised sites experienced over 75,000 page views before the exploits were detected. This vulnerability in Internet Explorer versions 8 and 9 enables the covert installation of malware on users’ devices, granting hackers remote access. Typically, these attackers deploy Trojans tailored for targeted operations aimed at stealing intellectual property. Researchers identified a payload disguised as an image file hosted on a Hong Kong server that was used against a Japanese target. The attacks were uncovered just two days after Microsoft disclosed the vulnerability.

Zero-Day Exploit Targets Japanese Users via Watering Hole Attacks In a significant cybersecurity incident reported on September 24, 2013, a zero-day vulnerability identified as CVE-2013-3893 in Microsoft’s Internet Explorer browser has been exploited through a series of watering hole attacks intended to compromise Japanese users. Attackers have reportedly targeted at…

Read More

Zero-Day Exploit in Internet Explorer Used for Targeted Watering Hole Attacks on Japanese Users

Sep 24, 2013

Attackers are leveraging a zero-day vulnerability, CVE-2013-3893, in Microsoft’s Internet Explorer browser to target Japanese users through compromised popular news websites. According to FireEye, at least three major Japanese media outlets fell victim to these watering hole attacks, part of an operation dubbed “DeputyDog,” which appears to focus on manufacturers, government entities, and media organizations within Japan. The compromised sites experienced over 75,000 page views before the exploits were detected. This vulnerability in Internet Explorer versions 8 and 9 enables the covert installation of malware on users’ devices, granting hackers remote access. Typically, these attackers deploy Trojans tailored for targeted operations aimed at stealing intellectual property. Researchers identified a payload disguised as an image file hosted on a Hong Kong server that was used against a Japanese target. The attacks were uncovered just two days after Microsoft disclosed the vulnerability.

The Most Ridiculous Hack of the Year Uncovers a Serious Issue

In the early hours of April last year, a significant cybersecurity incident unfolded across Silicon Valley, impacting about 20 street intersections. This unprecedented attack was executed by an unidentified individual who exploited weak, publicly accessible default passwords to wirelessly upload altered audio recordings. These recordings played in response to pedestrians…

Read MoreThe Most Ridiculous Hack of the Year Uncovers a Serious Issue

Cybercriminals Exploit HexStrike AI to Target Citrix Vulnerabilities Just Days After Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability

Threat actors are actively utilizing a new artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit recently identified security vulnerabilities. Marketed as an AI-powered platform, HexStrike AI aims to streamline reconnaissance and vulnerability detection, enhancing authorized red teaming, bug bounty programs, and capture the flag (CTF) competitions. Information from its GitHub repository reveals that the open-source tool integrates with over 150 security solutions, enabling comprehensive network reconnaissance, web application testing, reverse engineering, and cloud security assessments. Additionally, it features numerous specialized AI agents tailored for tasks like vulnerability intelligence, exploit development, attack chain analysis, and error handling. However, a report from Check Point indicates that cybercriminals are attempting to weaponize the tool to gain a strategic advantage.

Threat Actors Exploit Citrix Vulnerabilities Using HexStrike AI Within Days of Disclosure September 3, 2025 In a concerning development for cybersecurity, threat actors are reportedly leveraging a newly launched artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit security vulnerabilities recently disclosed in Citrix products. The tool, which was…

Read More

Cybercriminals Exploit HexStrike AI to Target Citrix Vulnerabilities Just Days After Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability

Threat actors are actively utilizing a new artificial intelligence (AI) offensive security tool, HexStrike AI, to exploit recently identified security vulnerabilities. Marketed as an AI-powered platform, HexStrike AI aims to streamline reconnaissance and vulnerability detection, enhancing authorized red teaming, bug bounty programs, and capture the flag (CTF) competitions. Information from its GitHub repository reveals that the open-source tool integrates with over 150 security solutions, enabling comprehensive network reconnaissance, web application testing, reverse engineering, and cloud security assessments. Additionally, it features numerous specialized AI agents tailored for tasks like vulnerability intelligence, exploit development, attack chain analysis, and error handling. However, a report from Check Point indicates that cybercriminals are attempting to weaponize the tool to gain a strategic advantage.

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

WhatsApp Photo Filter Vulnerability Could Have Exposed User Data to Remote Threats On September 2, 2021, it was revealed that a significant security flaw in WhatsApp’s image-filtering capability posed a risk of data exposure to unauthorized remote attackers. This vulnerability, designated CVE-2020-1910 and assigned a CVSS score of 7.8, was…

Read More

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

Thousands of WordPress Blogs Compromised for DDoS Attacks

September 25, 2013

A massive cyber attack campaign is currently targeting numerous WordPress websites across the internet. In April 2012, we reported on a widespread brute force attack against millions of WordPress sites, resulting in the compromise of approximately 90,000 servers to form a large botnet of WordPress hosts. Recent DDoS attack logs received from reader Steven Veldkamp at ‘The Hacker News’ reveal that victims’ websites are experiencing heavy DDoS attacks, stemming from various compromised WordPress sites.

Utilizing brute force techniques on WordPress administrative portals, hackers are exploiting poorly secured hosts using commonly known username and password combinations. An analysis of DDoS attack logs from September 23, 2013, indicates a storm of malicious activity over just 26 seconds…

Widespread Compromise of WordPress Blogs Results in DDoS Attacks September 25, 2013 A significant cyberattack campaign is currently targeting a large swath of WordPress websites across the globe. This follows a larger trend first reported in April 2012, when millions of WordPress sites were subjected to a widespread distributed brute-force…

Read More

Thousands of WordPress Blogs Compromised for DDoS Attacks

September 25, 2013

A massive cyber attack campaign is currently targeting numerous WordPress websites across the internet. In April 2012, we reported on a widespread brute force attack against millions of WordPress sites, resulting in the compromise of approximately 90,000 servers to form a large botnet of WordPress hosts. Recent DDoS attack logs received from reader Steven Veldkamp at ‘The Hacker News’ reveal that victims’ websites are experiencing heavy DDoS attacks, stemming from various compromised WordPress sites.

Utilizing brute force techniques on WordPress administrative portals, hackers are exploiting poorly secured hosts using commonly known username and password combinations. An analysis of DDoS attack logs from September 23, 2013, indicates a storm of malicious activity over just 26 seconds…