The Breach News

CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog

Aug 14, 2025 | Vulnerability / Network Security

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.

The identified vulnerabilities are as follows:

  • CVE-2025-8875 (CVSS score: N/A): An insecure deserialization vulnerability that may allow for command execution.
  • CVE-2025-8876 (CVSS score: N/A): A command injection vulnerability resulting from improper sanitization of user input.

Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.

CISA Adds Two N-able N-central Vulnerabilities to High-Risk Catalog On August 14, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of two significant vulnerabilities related to N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that these flaws…

Read More

CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog

Aug 14, 2025 | Vulnerability / Network Security

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.

The identified vulnerabilities are as follows:

  • CVE-2025-8875 (CVSS score: N/A): An insecure deserialization vulnerability that may allow for command execution.
  • CVE-2025-8876 (CVSS score: N/A): A command injection vulnerability resulting from improper sanitization of user input.

Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.

Malvertising Group Harnesses WebKit 0-Day to Redirect Users to Scam Sites

February 17, 2021

A malvertising collective known as “ScamClub” has exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirect users to fraudulent gift card scam websites. The attacks, first identified by the advertising security firm Confiant in late June 2020, took advantage of a bug (CVE-2021–1801) that allowed malicious actors to circumvent the iframe sandboxing policy in the browser engine used by Safari and Google Chrome on iOS, enabling them to execute harmful code. This technique specifically targeted the way WebKit manages JavaScript event listeners, allowing attackers to escape the sandbox of an ad’s inline frame even with the “allow-top-navigation-by-user-activation” attribute in place, which typically prevents redirection unless an event occurs within the iframe. To validate this approach, researchers created a simple HTML file featuring a cross-origin sandboxed iframe, along with an external button…

Malvertisers Exploit WebKit 0-Day to Redirect Users to Fraudulent Schemes On February 17, 2021, security researchers revealed a significant cybersecurity threat posed by a malvertising group dubbed “ScamClub.” This group has taken advantage of a zero-day vulnerability within WebKit-based browsers, enabling them to inject malicious payloads that redirect unsuspecting users…

Read More

Malvertising Group Harnesses WebKit 0-Day to Redirect Users to Scam Sites

February 17, 2021

A malvertising collective known as “ScamClub” has exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirect users to fraudulent gift card scam websites. The attacks, first identified by the advertising security firm Confiant in late June 2020, took advantage of a bug (CVE-2021–1801) that allowed malicious actors to circumvent the iframe sandboxing policy in the browser engine used by Safari and Google Chrome on iOS, enabling them to execute harmful code. This technique specifically targeted the way WebKit manages JavaScript event listeners, allowing attackers to escape the sandbox of an ad’s inline frame even with the “allow-top-navigation-by-user-activation” attribute in place, which typically prevents redirection unless an event occurs within the iframe. To validate this approach, researchers created a simple HTML file featuring a cross-origin sandboxed iframe, along with an external button…

The Race to Prevent AI Agents from Misusing Your Credit Cards

In light of the escalating threats posed by malware, impersonation, and account takeovers, digital security continues to be a critical concern for businesses. The emergence of agentic AI has further complicated matters, introducing new risks where automated agents act on behalf of users, and creating potential vulnerabilities in digital transactions.…

Read MoreThe Race to Prevent AI Agents from Misusing Your Credit Cards

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware On August 16, 2025, reports emerged that the Russian cybercriminal group known as EncryptHub is actively leveraging a recently patched vulnerability in Microsoft Windows to propagate malware. This group, also referred to as LARVA-208 and Water Gamayun, has…

Read More

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Cisco Issues Security Updates for Critical Vulnerabilities in Its Products

February 26, 2021

Cisco has released a critical security patch for a severe vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw potentially enables unauthenticated remote attackers to bypass authentication on compromised devices. According to a recent advisory from the company, “An attacker could exploit this vulnerability by sending a crafted request to the affected API.” A successful exploit could allow the attacker to obtain a token with administrator-level privileges, enabling authentication to the affected MSO and Cisco Application Policy Infrastructure Controller (APIC) devices. Identified as CVE-2021-1388, this vulnerability scores a 10 (out of 10) on the CVSS vulnerability scale and arises from improper token validation in an API endpoint of the Cisco ACI MSO installed on the Application Services Engine. It impacts ACI MSO versions running on the 3.0 software release. The ACI Multi-Site Orchestrator enables customers to monitor and manage their network infrastructure effectively.

Cisco Issues Critical Security Fixes for Major Vulnerabilities in Its Products February 26, 2021 Cisco has announced the release of security patches addressing a vulnerability of maximum severity within its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw could allow an unauthenticated remote attacker to bypass authentication on affected…

Read More

Cisco Issues Security Updates for Critical Vulnerabilities in Its Products

February 26, 2021

Cisco has released a critical security patch for a severe vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw potentially enables unauthenticated remote attackers to bypass authentication on compromised devices. According to a recent advisory from the company, “An attacker could exploit this vulnerability by sending a crafted request to the affected API.” A successful exploit could allow the attacker to obtain a token with administrator-level privileges, enabling authentication to the affected MSO and Cisco Application Policy Infrastructure Controller (APIC) devices. Identified as CVE-2021-1388, this vulnerability scores a 10 (out of 10) on the CVSS vulnerability scale and arises from improper token validation in an API endpoint of the Cisco ACI MSO installed on the Application Services Engine. It impacts ACI MSO versions running on the 3.0 software release. The ACI Multi-Site Orchestrator enables customers to monitor and manage their network infrastructure effectively.

Leveraging Wazuh for Achieving Regulatory Compliance

Published on: Aug 18, 2025

In industries that manage sensitive data and personally identifiable information (PII), adherence to regulatory compliance standards is critical. This necessity extends to sectors such as healthcare, finance, government contracting, and education. Key compliance frameworks include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NIST Special Publication 800-53
  • Trust Services Criteria (TSC)
  • Cybersecurity Maturity Model Certification (CMMC)

Importance of Compliance

Meeting compliance requirements is essential for several reasons:

  • Protecting organizations from cybersecurity threats, risks, and data breaches.
  • Establishing effective organizational processes that support continuous compliance.

Wazuh: A Key Player in Ensuring Regulatory Compliance As of August 18, 2025, organizations that manage sensitive data, including personally identifiable information (PII), are under increasing pressure to adhere to various regulatory compliance standards. This need for compliance is particularly acute for entities operating in highly regulated sectors such as…

Read More

Leveraging Wazuh for Achieving Regulatory Compliance

Published on: Aug 18, 2025

In industries that manage sensitive data and personally identifiable information (PII), adherence to regulatory compliance standards is critical. This necessity extends to sectors such as healthcare, finance, government contracting, and education. Key compliance frameworks include:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NIST Special Publication 800-53
  • Trust Services Criteria (TSC)
  • Cybersecurity Maturity Model Certification (CMMC)

Importance of Compliance

Meeting compliance requirements is essential for several reasons:

  • Protecting organizations from cybersecurity threats, risks, and data breaches.
  • Establishing effective organizational processes that support continuous compliance.

Updated ‘unc0ver’ Tool Now Jailbreaks All iPhone Models Running iOS 11.0 – 14.3

March 2, 2021

The popular jailbreaking tool “unc0ver” has received an update that allows it to jailbreak a wide range of iPhone models running iOS versions from 11.0 to 14.3. This update, known as unc0ver v6.0.0, leverages a kernel vulnerability, identified as CVE-2021-1782, which Apple acknowledged was actively exploited as of January. Lead developer Pwn20wnd announced the release on Sunday, emphasizing that the tool can now unlock devices across various iOS versions, including 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3. The vulnerability allows malicious apps to escalate their privileges due to a race condition in the kernel. According to Pwn20wnd, “We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability.” Apple has since addressed this flaw in its updates for iOS and iPadOS 14.

Updated ‘unc0ver’ Tool Enables Jailbreak for All iPhone Models Running iOS 11.0 to 14.3 On March 2, 2021, the renowned jailbreaking utility known as “unc0ver” received a significant update, allowing it to jailbreak all iPhone models operating on iOS versions from 11.0 to 14.3. This development comes in light of…

Read More

Updated ‘unc0ver’ Tool Now Jailbreaks All iPhone Models Running iOS 11.0 – 14.3

March 2, 2021

The popular jailbreaking tool “unc0ver” has received an update that allows it to jailbreak a wide range of iPhone models running iOS versions from 11.0 to 14.3. This update, known as unc0ver v6.0.0, leverages a kernel vulnerability, identified as CVE-2021-1782, which Apple acknowledged was actively exploited as of January. Lead developer Pwn20wnd announced the release on Sunday, emphasizing that the tool can now unlock devices across various iOS versions, including 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3. The vulnerability allows malicious apps to escalate their privileges due to a race condition in the kernel. According to Pwn20wnd, “We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability.” Apple has since addressed this flaw in its updates for iOS and iPadOS 14.

WikiLeaks Under Siege: DDoS Attack Strikes Again

Dec 01, 2010

WikiLeaks experienced a significant distributed denial of service (DDoS) attack on Tuesday morning, as detailed by Fast Company. This assault was more severe than a previous one on Sunday, yet it failed to completely disrupt the site. The perpetrator, a hacker known as “The Jester,” took credit for the cyber attack that targeted WikiLeaks just before it released a trove of classified U.S. embassy cables.

The Jester, an ex-soldier, defended his actions by alleging that WikiLeaks was “endangering the lives of our troops, ‘other assets,’ and foreign relations.” After his military service, he positioned himself as a “hacktivist for good,” aiming to combat terrorism and groups linked to Islamic extremism. Cybersecurity expert Mikko Hypponen from F-Secure expressed belief that The Jester was indeed the mastermind behind the attack.

WikiLeaks Targeted by Intensified DDoS Attack On December 1, 2010, WikiLeaks experienced a significant distributed denial of service (DDoS) attack early in the morning, amplifying the cyber challenges faced by the organization following a previous incident just days prior. While this latest attack proved to be more severe than the…

Read More

WikiLeaks Under Siege: DDoS Attack Strikes Again

Dec 01, 2010

WikiLeaks experienced a significant distributed denial of service (DDoS) attack on Tuesday morning, as detailed by Fast Company. This assault was more severe than a previous one on Sunday, yet it failed to completely disrupt the site. The perpetrator, a hacker known as “The Jester,” took credit for the cyber attack that targeted WikiLeaks just before it released a trove of classified U.S. embassy cables.

The Jester, an ex-soldier, defended his actions by alleging that WikiLeaks was “endangering the lives of our troops, ‘other assets,’ and foreign relations.” After his military service, he positioned himself as a “hacktivist for good,” aiming to combat terrorism and groups linked to Islamic extremism. Cybersecurity expert Mikko Hypponen from F-Secure expressed belief that The Jester was indeed the mastermind behind the attack.

Open Source Package with 1 Million Monthly Downloads Compromises User Credentials

Urgent Security Advisory for Developers: Action Required After Vulnerability Discovered A significant security incident has emerged involving version 0.23.3 of the popular elementary-data Python package, compelling developers who have installed this version to undertake immediate mitigation measures. Users are advised to conduct a review of their installed software to ascertain…

Read MoreOpen Source Package with 1 Million Monthly Downloads Compromises User Credentials