The Breach News

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Iranian Hackers Launch Destructive Attacks Disguised as Ransomware Operations April 8, 2023 — Cyber Threats A notable development in the realm of cybersecurity has emerged, as the Iranian cyber group known as MuddyWater has been detected executing destructive attacks in hybrid environments while masquerading as a ransomware operation. Recent investigations…

Read More

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Small US Agency to Implement Substance Abuse Regulations

Data Privacy, Data Security, Healthcare HHS Transfers 42 CFR Enforcement Responsibilities to Office of Civil Rights Amid Significant Restructuring Marianne Kolbasuk McGee (HealthInfoSec) • August 27, 2025 HHS shifts the regulatory oversight of substance abuse disorder record confidentiality from SAMHSA to HHS OCR, which also manages HIPAA enforcement. (Image: HHS)…

Read MoreSmall US Agency to Implement Substance Abuse Regulations

The Age of AI-Driven Ransomware Is Here

Recent findings indicate a concerning shift in the ransomware landscape, signaling potential dangers for businesses. While the use of artificial intelligence (AI) in ransomware development has not yet become widespread, instances of this trend serve as a stark reminder of evolving cyber threats. Allan Liska, a ransomware analyst at Recorded…

Read MoreThe Age of AI-Driven Ransomware Is Here

Critical RCE Vulnerability in Gladinet’s Triofox and CentreStack Actively Exploited

A recent security flaw in Gladinet CentreStack is also affecting its Triofox remote access solution, as revealed by Huntress. To date, seven organizations have been compromised due to this issue, tracked as CVE-2025-30406 (CVSS score: 9.0). The vulnerability stems from a hard-coded cryptographic key that exposes internet-accessible servers to remote code execution (RCE) attacks. It has been patched in CentreStack version 16.4.10315.56368, released on April 3, 2025. Although the exact nature of the attacks remains unclear, they reportedly exploited a zero-day variant in March 2025. According to Huntress, the flaw also affects Triofox up to version 16.4.10317.56372, as its previous versions contain the same hard-coded cryptographic keys, making them susceptible to RCE exploits, as noted by John Hammond, principal cybersecurity researcher at Huntress.

Gladinet’s Triofox and CentreStack Exploited Through a Critical RCE Vulnerability A critical security vulnerability affecting Gladinet’s CentreStack has also been found to compromise its Triofox remote access and collaboration solution, as revealed by Huntress. To date, seven distinct organizations have reported breaches linked to this issue. The vulnerability, designated as…

Read More

Critical RCE Vulnerability in Gladinet’s Triofox and CentreStack Actively Exploited

A recent security flaw in Gladinet CentreStack is also affecting its Triofox remote access solution, as revealed by Huntress. To date, seven organizations have been compromised due to this issue, tracked as CVE-2025-30406 (CVSS score: 9.0). The vulnerability stems from a hard-coded cryptographic key that exposes internet-accessible servers to remote code execution (RCE) attacks. It has been patched in CentreStack version 16.4.10315.56368, released on April 3, 2025. Although the exact nature of the attacks remains unclear, they reportedly exploited a zero-day variant in March 2025. According to Huntress, the flaw also affects Triofox up to version 16.4.10317.56372, as its previous versions contain the same hard-coded cryptographic keys, making them susceptible to RCE exploits, as noted by John Hammond, principal cybersecurity researcher at Huntress.

PayPal Rejects Data Breach Allegations Amidst Reports of Passwords for Sale – Class Action Lawsuits Filed

PayPal Addresses Data Breach Speculations Following Password Sale Claims In a recent development that has sent shockwaves through the cybersecurity community, PayPal has firmly denied allegations of a data breach after reports surfaced suggesting that user passwords were being offered for sale online. The company stated that it has not…

Read MorePayPal Rejects Data Breach Allegations Amidst Reports of Passwords for Sale – Class Action Lawsuits Filed

New Intel CPU Vulnerabilities Uncovered: Memory Leaks and Spectre v2 Exploits Persist

May 16, 2025
Hardware Security / Vulnerability

Researchers at ETH Zürich have identified a critical new security flaw that affects all modern Intel CPUs, allowing the leakage of sensitive data from memory. This latest vulnerability, dubbed Branch Privilege Injection (BPI), showcases that the Spectre threat continues to impact computer systems over seven years after its initial discovery. According to ETH Zürich, BPI can be exploited to manipulate the CPU’s prediction calculations, granting unauthorized access to information from other users on the same processor. Kaveh Razavi, head of the Computer Security Group (COMSEC) and a co-author of the study, noted that this flaw affects all Intel processors, potentially allowing malicious actors to access the cache contents and working memory of different users sharing the CPU. The attack exploits Branch Predictor Race Conditions (BPRC), which arise when a processor alternates between prediction calculations for multiple users.

New Vulnerabilities in Intel CPUs Expose Risks of Memory Leaks and Spectre Attacks May 16, 2025 In a significant development for cybersecurity, researchers from ETH Zürich have identified a critical security flaw affecting all modern Intel processors. This vulnerability, dubbed Branch Privilege Injection (BPI), can lead to unauthorized access to…

Read More

New Intel CPU Vulnerabilities Uncovered: Memory Leaks and Spectre v2 Exploits Persist

May 16, 2025
Hardware Security / Vulnerability

Researchers at ETH Zürich have identified a critical new security flaw that affects all modern Intel CPUs, allowing the leakage of sensitive data from memory. This latest vulnerability, dubbed Branch Privilege Injection (BPI), showcases that the Spectre threat continues to impact computer systems over seven years after its initial discovery. According to ETH Zürich, BPI can be exploited to manipulate the CPU’s prediction calculations, granting unauthorized access to information from other users on the same processor. Kaveh Razavi, head of the Computer Security Group (COMSEC) and a co-author of the study, noted that this flaw affects all Intel processors, potentially allowing malicious actors to access the cache contents and working memory of different users sharing the CPU. The attack exploits Branch Predictor Race Conditions (BPRC), which arise when a processor alternates between prediction calculations for multiple users.

MSI Confirms Ransomware Attack, Initiates Recovery Measures

In an official statement, Taiwanese PC manufacturer MSI (Micro-Star International) acknowledged being targeted by a cyber attack. The company quickly began implementing incident response and recovery protocols after observing “network anomalies.” MSI has informed law enforcement but did not provide details regarding the timing of the attack or whether any proprietary information, like source code, was compromised. The company reported that affected systems are gradually returning to normal operations with no major impact on its financial activities. In a regulatory filing with the Taiwan Stock Exchange, MSI announced plans to enhance its network and infrastructure security and advised users to obtain firmware and BIOS updates exclusively from its official website to ensure their data’s safety.

MSI, Taiwanese PC Manufacturer, Confirms Ransomware Attack In a significant cybersecurity incident, Taiwanese personal computer manufacturer Micro-Star International (MSI) has publicly acknowledged that it has suffered a ransomware attack. This confirmation follows the detection of “network anomalies,” prompting the company to swiftly activate its incident response and recovery protocols. Additionally,…

Read More

MSI Confirms Ransomware Attack, Initiates Recovery Measures

In an official statement, Taiwanese PC manufacturer MSI (Micro-Star International) acknowledged being targeted by a cyber attack. The company quickly began implementing incident response and recovery protocols after observing “network anomalies.” MSI has informed law enforcement but did not provide details regarding the timing of the attack or whether any proprietary information, like source code, was compromised. The company reported that affected systems are gradually returning to normal operations with no major impact on its financial activities. In a regulatory filing with the Taiwan Stock Exchange, MSI announced plans to enhance its network and infrastructure security and advised users to obtain firmware and BIOS updates exclusively from its official website to ensure their data’s safety.

NY Health System Agrees to $5.3M Settlement Over Web Tracker Privacy Lawsuit

Data Privacy, Data Security, Fraud Management & Cybercrime Mount Sinai Health System Settles Class Action Over Patient Data Misuse Marianne Kolbasuk McGee ( HealthInfoSec) • August 27, 2025 A settlement of nearly $5.3 million by Mount Sinai Health Systems highlights ongoing issues surrounding the unauthorized use of online tracking on…

Read MoreNY Health System Agrees to $5.3M Settlement Over Web Tracker Privacy Lawsuit

ShinyHunters and Scattered Spider Tied to Data Breach at Farmers Insurance

Farmers Insurance has announced a data breach affecting approximately 1.1 million customers. This incident, linked to the hacker groups ShinyHunters and Scattered Spider, reflects a troubling trend of cyberattacks targeting organizations using Salesforce’s platform. Farmers Insurance has recently revealed a significant data breach impacting over 1.1 million customers. The company…

Read MoreShinyHunters and Scattered Spider Tied to Data Breach at Farmers Insurance