The Breach News

Türkiye-Based Hackers Exploit Zero-Day in Output Messenger to Deploy Golang Backdoors on Kurdish Servers

May 13, 2025
Category: Zero-Day / Vulnerability

A Türkiye-linked threat actor has exploited a zero-day vulnerability in the Indian enterprise communication tool Output Messenger as part of a cyber espionage campaign that began in April 2024. According to the Microsoft Threat Intelligence team, these exploits have led to the collection of sensitive user data from targets in Iraq. The focus of the attacks appears to align with the Kurdish military in Iraq, consistent with the previously documented objectives of the group known as Marbled Dust. This threat group, which has also been referred to as Silicon, Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, has been active since at least 2017. However, it wasn’t until 2019 that Cisco Talos documented their activities against both public and private entities in the Middle East and North Africa. Early last year, the group was also noted for targeting telecommunications and media sectors.

Turkish Hackers Exploit Zero-Day Vulnerability in Output Messenger to Deploy Golang Backdoors on Kurdish Servers Published: May 13, 2025 In a notable instance of cyber espionage, a Türkiye-affiliated threat actor has successfully leveraged a zero-day vulnerability in Output Messenger, an enterprise communication platform from India. This breach, which has been…

Read More

Türkiye-Based Hackers Exploit Zero-Day in Output Messenger to Deploy Golang Backdoors on Kurdish Servers

May 13, 2025
Category: Zero-Day / Vulnerability

A Türkiye-linked threat actor has exploited a zero-day vulnerability in the Indian enterprise communication tool Output Messenger as part of a cyber espionage campaign that began in April 2024. According to the Microsoft Threat Intelligence team, these exploits have led to the collection of sensitive user data from targets in Iraq. The focus of the attacks appears to align with the Kurdish military in Iraq, consistent with the previously documented objectives of the group known as Marbled Dust. This threat group, which has also been referred to as Silicon, Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, has been active since at least 2017. However, it wasn’t until 2019 that Cisco Talos documented their activities against both public and private entities in the Middle East and North Africa. Early last year, the group was also noted for targeting telecommunications and media sectors.

Cybercriminals Exploit Vibe Coding Service to Forge Malicious Websites – Dark Reading | Security

Cybercriminals have increasingly exploited the Vibe Coding Service to establish malicious websites aimed at unsuspecting users. This troubling trend has raised alarms within the cybersecurity community as it indicates a shift in the tactics employed by adversaries seeking to capitalize on popular tools. The target of these attacks includes various…

Read MoreCybercriminals Exploit Vibe Coding Service to Forge Malicious Websites – Dark Reading | Security

ConnectWise to Update ScreenConnect Code Signing Certificates Following Security Concerns

June 12, 2025
Vulnerability / Software Security

ConnectWise has announced plans to rotate the digital code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security risks. This decision follows concerns raised by a third-party researcher regarding the handling of specific configuration data in earlier versions of ScreenConnect. While the company has not publicly detailed the issue, additional information has been provided in a non-public FAQ for customers, which later surfaced on Reddit. The concern relates to ScreenConnect’s method of storing configuration data in an unsigned area of the installer, which is utilized for passing connection information (such as the callback URL for the agent) without compromising the signature.

ConnectWise to Update ScreenConnect Code Signing Certificates in Response to Security Concerns June 12, 2025 In a significant security development, ConnectWise has announced its intention to rotate the digital code signing certificates that are employed to authenticate ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables. This decision…

Read More

ConnectWise to Update ScreenConnect Code Signing Certificates Following Security Concerns

June 12, 2025
Vulnerability / Software Security

ConnectWise has announced plans to rotate the digital code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security risks. This decision follows concerns raised by a third-party researcher regarding the handling of specific configuration data in earlier versions of ScreenConnect. While the company has not publicly detailed the issue, additional information has been provided in a non-public FAQ for customers, which later surfaced on Reddit. The concern relates to ScreenConnect’s method of storing configuration data in an unsigned area of the installer, which is utilized for passing connection information (such as the callback URL for the agent) without compromising the signature.

Revolut Suffers $20 Million Loss After Security Flaw in Payment System is Exploited

Malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, leading to the theft of over $20 million in early 2022, as reported by the Financial Times. The breach, which has not been made public, originated from inconsistencies between Revolut’s U.S. and European operations, resulting in erroneous refunds using the company’s funds when certain transactions were declined. The issue was first identified in late 2021, but before it could be resolved, organized crime groups exploited the loophole by prompting individuals to initiate costly purchases that would be declined. These refunded amounts were subsequently withdrawn from ATMs. While the exact technical details of the vulnerability remain unclear, approximately $23 million was stolen in total, with some of the funds retrieved by tracking those who had withdrawn cash.

Revolut Reports $20 Million Loss Following Exploitation of Payment System Vulnerability July 10, 2023 In early 2022, Revolut fell victim to a significant security breach, leading to a loss exceeding $20 million due to exploitation of an undisclosed flaw within its payment systems. This incident was brought to light by…

Read More

Revolut Suffers $20 Million Loss After Security Flaw in Payment System is Exploited

Malicious actors took advantage of an undisclosed vulnerability in Revolut’s payment systems, leading to the theft of over $20 million in early 2022, as reported by the Financial Times. The breach, which has not been made public, originated from inconsistencies between Revolut’s U.S. and European operations, resulting in erroneous refunds using the company’s funds when certain transactions were declined. The issue was first identified in late 2021, but before it could be resolved, organized crime groups exploited the loophole by prompting individuals to initiate costly purchases that would be declined. These refunded amounts were subsequently withdrawn from ATMs. While the exact technical details of the vulnerability remain unclear, approximately $23 million was stolen in total, with some of the funds retrieved by tracking those who had withdrawn cash.

Russian Hackers Charged in Spate of Cyberattacks on Water Sector

Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Recent Breaches Heighten Concerns Over Operational Setbacks in the Water Sector Chris Riotta (@chrisriotta) • August 20, 2025 Image: Alex Stemmer/Shutterstock Recent reports indicate that Russia has instigated a series of cyberattacks on vulnerable water utilities throughout Europe, presenting…

Read MoreRussian Hackers Charged in Spate of Cyberattacks on Water Sector

Russian State Hackers Capitalize on Seven-Year-Old Cisco Router Flaw

The FBI and Cisco have issued urgent warnings about Russian hackers exploiting a seven-year-old vulnerability in Cisco Smart Install, impacting outdated routers and switches globally. A significant number of legacy Cisco devices, which no longer receive security updates, are currently being targeted as part of a sophisticated cyber espionage campaign,…

Read MoreRussian State Hackers Capitalize on Seven-Year-Old Cisco Router Flaw

Moldovan Police Detain Suspect Linked to €4.5 Million Ransomware Attack on Dutch Research Institution

May 13, 2025
Cybercrime / Ransomware

Authorities in Moldova have arrested a 45-year-old foreign national suspected of orchestrating multiple ransomware attacks against Dutch businesses in 2021. “He is wanted internationally for various cybercrimes, including ransomware attacks, blackmail, and money laundering targeting firms in the Netherlands,” officials stated on Monday. As part of the operation, police confiscated over €84,000 ($93,000) in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, two data storage devices, and six memory cards. While the suspect’s identity remains undisclosed, he was apprehended during a search of his residence in Moldova. Notably, he is accused of launching a ransomware attack on the Netherlands Organization for Scientific Research (NWO) in February 2021, resulting in damages estimated at €4.5 million. This incident also led to the leak of internal documents.

Moldovan Authorities Apprehend Suspect Linked to €4.5 Million Ransomware Assault on Dutch Research Agency On May 13, 2025, Moldovan law enforcement announced the arrest of a 45-year-old foreign national believed to be intricately involved in a series of ransomware attacks that targeted companies in the Netherlands during 2021. This individual,…

Read More

Moldovan Police Detain Suspect Linked to €4.5 Million Ransomware Attack on Dutch Research Institution

May 13, 2025
Cybercrime / Ransomware

Authorities in Moldova have arrested a 45-year-old foreign national suspected of orchestrating multiple ransomware attacks against Dutch businesses in 2021. “He is wanted internationally for various cybercrimes, including ransomware attacks, blackmail, and money laundering targeting firms in the Netherlands,” officials stated on Monday. As part of the operation, police confiscated over €84,000 ($93,000) in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, two data storage devices, and six memory cards. While the suspect’s identity remains undisclosed, he was apprehended during a search of his residence in Moldova. Notably, he is accused of launching a ransomware attack on the Netherlands Organization for Scientific Research (NWO) in February 2021, resulting in damages estimated at €4.5 million. This incident also led to the leak of internal documents.

Hackers Launch Social Engineering Attack on Workday

Workday has confirmed it suffered a significant data breach stemming from a comprehensive social engineering campaign that compromised a third-party vendor’s information. This breach allowed unauthorized individuals to infiltrate systems and potentially access sensitive data. The attackers employed deceptive tactics, impersonating IT and human resources personnel, ultimately tricking employees into…

Read MoreHackers Launch Social Engineering Attack on Workday

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction On June 12, 2025, cybersecurity experts disclosed a significant vulnerability known as EchoLeak, which has been classified as a “zero-click” artificial intelligence (AI) exploit. This flaw allows malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without…

Read More

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.