The Breach News

CISA Adds Critical Broadcom and Commvault Vulnerabilities to KEV Database

April 29, 2025
Vulnerability / Web Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that two serious security vulnerabilities affecting Broadcom’s Brocade Fabric OS and Commvault’s Web Server have been added to its Known Exploited Vulnerabilities (KEV) database, following reports of active exploitation. The specific vulnerabilities are:

  • CVE-2025-1976 (CVSS score: 8.6) – A code injection vulnerability in Broadcom Brocade Fabric OS that permits a local user with administrative rights to execute arbitrary code with full root access.
  • CVE-2025-3928 (CVSS score: 8.7) – An unspecified flaw in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells. Commvault’s advisory from February 2025 noted, “Exploiting this vulnerability requires the attacker to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your organization must …”

CISA Integrates Broadcom and Commvault Vulnerabilities into KEV Database On April 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) fortifies its Known Exploited Vulnerabilities (KEV) catalog by including two critical security flaws affecting Broadcom’s Brocade Fabric OS and Commvault Web Server. This addition follows confirmed instances of active…

Read More

CISA Adds Critical Broadcom and Commvault Vulnerabilities to KEV Database

April 29, 2025
Vulnerability / Web Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that two serious security vulnerabilities affecting Broadcom’s Brocade Fabric OS and Commvault’s Web Server have been added to its Known Exploited Vulnerabilities (KEV) database, following reports of active exploitation. The specific vulnerabilities are:

  • CVE-2025-1976 (CVSS score: 8.6) – A code injection vulnerability in Broadcom Brocade Fabric OS that permits a local user with administrative rights to execute arbitrary code with full root access.
  • CVE-2025-3928 (CVSS score: 8.7) – An unspecified flaw in the Commvault Web Server that enables a remote, authenticated attacker to create and execute web shells. Commvault’s advisory from February 2025 noted, “Exploiting this vulnerability requires the attacker to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your organization must …”

STC to Introduce Cybersecurity Clinic Aimed at Assisting Valley Businesses in Preventing Data Breaches

South Texas College to Launch Innovative Cybersecurity Clinic Aimed at Local Businesses South Texas College (STC) is set to introduce a pioneering cybersecurity clinic, designed to extend its services beyond student involvement. This initiative underscores the institution’s commitment to address real-world security challenges faced by local enterprises. A stark illustration…

Read MoreSTC to Introduce Cybersecurity Clinic Aimed at Assisting Valley Businesses in Preventing Data Breaches

HPE Releases Security Patch for StoreOnce Vulnerability Allowing Remote Authentication Bypass

June 04, 2025
Vulnerability / DevOps

Hewlett Packard Enterprise (HPE) has issued security updates to address up to eight vulnerabilities in its StoreOnce data backup and deduplication software, which could lead to remote authentication bypass and remote code execution. HPE’s advisory states, “These vulnerabilities could be remotely exploited, enabling remote code execution, information disclosure, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal.” Among them is a critical flaw identified as CVE-2025-37093, rated 9.8 on the CVSS scale, which affects all software versions prior to 4.3.11. The vendor was notified of the vulnerability on October 31, 2024. Acknowledging an anonymous researcher for the discovery, the Zero Day Initiative (ZDI) shared insights on the issue…

HPE Releases Critical Security Patch for StoreOnce, Addressing Authentication Bypass Vulnerabilities On June 4, 2025, Hewlett Packard Enterprise (HPE) announced the rollout of significant security updates aimed at rectifying multiple vulnerabilities within its StoreOnce data backup and deduplication solution. Among the eight identified flaws, a particularly concerning authentication bypass issue…

Read More

HPE Releases Security Patch for StoreOnce Vulnerability Allowing Remote Authentication Bypass

June 04, 2025
Vulnerability / DevOps

Hewlett Packard Enterprise (HPE) has issued security updates to address up to eight vulnerabilities in its StoreOnce data backup and deduplication software, which could lead to remote authentication bypass and remote code execution. HPE’s advisory states, “These vulnerabilities could be remotely exploited, enabling remote code execution, information disclosure, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal.” Among them is a critical flaw identified as CVE-2025-37093, rated 9.8 on the CVSS scale, which affects all software versions prior to 4.3.11. The vendor was notified of the vulnerability on October 31, 2024. Acknowledging an anonymous researcher for the discovery, the Zero Day Initiative (ZDI) shared insights on the issue…

U.S. Government Dismantles Russia’s Advanced Snake Cyber Espionage Tool

May 10, 2023
Cyber Espionage / Cyber Attack

On Tuesday, the U.S. government announced the successful court-authorized disruption of a global network compromised by an advanced malware strain known as Snake, utilized by Russia’s Federal Security Service (FSB). Referred to as the “most sophisticated cyber espionage tool,” Snake is attributed to the Russian state-sponsored group Turla (also known as Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug), connected to a unit within Center 16 of the FSB. This threat actor has historically targeted entities in Europe, the Commonwealth of Independent States (CIS), and NATO-affiliated countries, with recent efforts expanding into Middle Eastern nations viewed as threats to Russian-supported interests in the region. “For nearly 20 years, this unit […] has leveraged versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries…”

U.S. Government Disrupts Advanced Russian Cyber Espionage Network On May 10, 2023, the U.S. government announced it had successfully disrupted a sophisticated cyber espionage network tied to an advanced malware strain known as Snake. This operation was carried out with court authorization and targeted a global network compromised by this…

Read More

U.S. Government Dismantles Russia’s Advanced Snake Cyber Espionage Tool

May 10, 2023
Cyber Espionage / Cyber Attack

On Tuesday, the U.S. government announced the successful court-authorized disruption of a global network compromised by an advanced malware strain known as Snake, utilized by Russia’s Federal Security Service (FSB). Referred to as the “most sophisticated cyber espionage tool,” Snake is attributed to the Russian state-sponsored group Turla (also known as Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug), connected to a unit within Center 16 of the FSB. This threat actor has historically targeted entities in Europe, the Commonwealth of Independent States (CIS), and NATO-affiliated countries, with recent efforts expanding into Middle Eastern nations viewed as threats to Russian-supported interests in the region. “For nearly 20 years, this unit […] has leveraged versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries…”

Live Webinar | Selecting the Ideal Data Collection Partner: Practical Insights from Actual Customers

Certainly! Here’s a revised version of the content reflecting a more polished and cohesive style suited for a business-oriented audience: — Welcome to ISMG Enhance your profile and keep yourself informed Select Title LevelAnalytics/Architecture/EngineeringAttorney / General Counsel / CounselAVPBoard of DirectorC-Level ExecutiveC Level – OtherCCOCEO / PresidentCFOChairpersonCIOCISO / CSOCISO/CSO/CIOCOOCROCTODirectorEVP /…

Read MoreLive Webinar | Selecting the Ideal Data Collection Partner: Practical Insights from Actual Customers

New Reports Reveal Vulnerabilities: Jailbreaks, Unsafe Code, and Data Theft Risks in Major AI Systems

April 29, 2025
Vulnerability / Artificial Intelligence

Recent findings have identified significant vulnerabilities within various generative artificial intelligence (GenAI) platforms, uncovering two distinct jailbreak techniques that can produce harmful or illegal content. The first technique, known as Inception, manipulates an AI tool to envision a fictional scenario, which can then evolve into a second scenario devoid of safety measures. According to an advisory from the CERT Coordination Center (CERT/CC), “Continuous prompting within this second context can lead to the bypassing of safety guardrails, enabling the generation of malicious outputs.” The second jailbreak tactic involves instructing the AI on how to evade specific responses. “By alternating between illicit and legitimate prompts, attackers can effectively navigate around safety protocols,” CERT/CC noted.

New Findings Expose Vulnerabilities in Prominent AI Systems, Highlighting Risks of Jailbreaks and Data Theft April 29, 2025 Recent reports have unveiled significant vulnerabilities in various generative artificial intelligence (GenAI) services, revealing that they are susceptible to two distinct forms of jailbreak attacks. These vulnerabilities could enable the creation of…

Read More

New Reports Reveal Vulnerabilities: Jailbreaks, Unsafe Code, and Data Theft Risks in Major AI Systems

April 29, 2025
Vulnerability / Artificial Intelligence

Recent findings have identified significant vulnerabilities within various generative artificial intelligence (GenAI) platforms, uncovering two distinct jailbreak techniques that can produce harmful or illegal content. The first technique, known as Inception, manipulates an AI tool to envision a fictional scenario, which can then evolve into a second scenario devoid of safety measures. According to an advisory from the CERT Coordination Center (CERT/CC), “Continuous prompting within this second context can lead to the bypassing of safety guardrails, enabling the generation of malicious outputs.” The second jailbreak tactic involves instructing the AI on how to evade specific responses. “By alternating between illicit and legitimate prompts, attackers can effectively navigate around safety protocols,” CERT/CC noted.

User Data Leaked on Dark Web Following Major Telecom Hack in Europe: Should You Be Concerned?

*Image credit — Bloomberg A significant hacking operation targeting Orange SA, a French telecommunications firm, was executed by a group known as Warlock. Earlier this month, approximately four gigabytes of stolen data surfaced on the dark web, although the breach occurred in July. In August, Orange had alerted relevant authorities…

Read MoreUser Data Leaked on Dark Web Following Major Telecom Hack in Europe: Should You Be Concerned?

Critical Cisco ISE Authentication Bypass Vulnerability Threatens Cloud Environments on AWS, Azure, and OCI

June 5, 2025
Network Security / Vulnerability

Cisco has issued security patches for a severe vulnerability affecting its Identity Services Engine (ISE). This flaw, identified as CVE-2025-20286 and rated 9.9 out of 10 on the CVSS scale, could be exploited by unauthenticated attackers to perform harmful actions on vulnerable systems. The vulnerability, categorized as a static credential issue, affects cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). Cisco warned that attackers could potentially access sensitive data, perform limited administrative tasks, alter system configurations, or disrupt services in the affected environments. The networking company credited Kentaro Kawane from GMO Cybersecurity for reporting the flaw and acknowledged the presence of a proof-of-concept (PoC) exploit, although no active exploitation has been confirmed.

Critical Cisco ISE Authentication Bypass Vulnerability Threatens Cloud Environments on AWS, Azure, and OCI On June 5, 2025, Cisco announced the release of security patches addressing a high-severity vulnerability within its Identity Services Engine (ISE). This flaw, designated as CVE-2025-20286, has received a CVSS score of 9.9 out of 10,…

Read More

Critical Cisco ISE Authentication Bypass Vulnerability Threatens Cloud Environments on AWS, Azure, and OCI

June 5, 2025
Network Security / Vulnerability

Cisco has issued security patches for a severe vulnerability affecting its Identity Services Engine (ISE). This flaw, identified as CVE-2025-20286 and rated 9.9 out of 10 on the CVSS scale, could be exploited by unauthenticated attackers to perform harmful actions on vulnerable systems. The vulnerability, categorized as a static credential issue, affects cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). Cisco warned that attackers could potentially access sensitive data, perform limited administrative tasks, alter system configurations, or disrupt services in the affected environments. The networking company credited Kentaro Kawane from GMO Cybersecurity for reporting the flaw and acknowledged the presence of a proof-of-concept (PoC) exploit, although no active exploitation has been confirmed.

Advanced DownEx Malware Campaign Targets Central Asian Governments

May 10, 2023
Malware / Cyber Attack

Central Asian government entities are under threat from a sophisticated espionage operation utilizing a previously unidentified strain of malware known as DownEx. In a report shared with The Hacker News, cybersecurity firm Bitdefender indicated that the malicious activities are ongoing, with indications pointing towards involvement from Russia-based threat actors. The malware was first detected in a highly targeted assault on foreign government institutions in Kazakhstan in late 2022, followed by an attack in Afghanistan. The use of a diplomat-themed lure document and the campaign’s emphasis on data exfiltration imply the actions of a state-sponsored group, although the exact identity of the hacking organization remains unclear. The campaign’s initial breach method appears to involve spear-phishing emails containing a malicious payload disguised as a Microsoft Word file.

Sophisticated DownEx Malware Campaign Targets Central Asian Governments A newly identified malware campaign, known as DownEx, is targeting government institutions in Central Asia, raising significant concerns within the cybersecurity community. According to a recent report by Bitdefender, the ongoing campaign indicates strong ties to threat actors operating from Russia. This…

Read More

Advanced DownEx Malware Campaign Targets Central Asian Governments

May 10, 2023
Malware / Cyber Attack

Central Asian government entities are under threat from a sophisticated espionage operation utilizing a previously unidentified strain of malware known as DownEx. In a report shared with The Hacker News, cybersecurity firm Bitdefender indicated that the malicious activities are ongoing, with indications pointing towards involvement from Russia-based threat actors. The malware was first detected in a highly targeted assault on foreign government institutions in Kazakhstan in late 2022, followed by an attack in Afghanistan. The use of a diplomat-themed lure document and the campaign’s emphasis on data exfiltration imply the actions of a state-sponsored group, although the exact identity of the hacking organization remains unclear. The campaign’s initial breach method appears to involve spear-phishing emails containing a malicious payload disguised as a Microsoft Word file.