The Breach News

⚡ Weekly Roundup: NFC Scams, Curly COMrades, N-able Exploits, Docker Vulnerabilities & More

Aug 18, 2025
Cybersecurity / Hacking Insights

Power doesn’t vanish in a single breach; it gradually erodes through overlooked patches, misconfigured settings, and unmonitored systems. Security doesn’t fail in an instant; it declines slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about taking swift, decisive action before issues accumulate. Clarity fosters control, while hesitation breeds risk. Below are this week’s key developments—each highlighting where prompt action is essential.

⚡ Threat of the Week

Ghost Tap NFC Mobile Fraud on the Rise
— A new Android Trojan, PhantomCard, has emerged as the latest malware targeting near-field communication (NFC) to execute relay attacks aimed at defrauding banking customers in Brazil. Users who inadvertently install the malicious app are guided to place their credit/debit card on the back of their phone to initiate verification, only for their card information to be transmitted to an attacker-controlled NFC relay…

Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More In the ever-evolving landscape of cybersecurity, breaches and vulnerabilities often do not manifest in dramatic incidents but rather emerge in a series of overlooked details—missed patches, incorrect settings, or unmonitored systems. This gradual erosion of security often culminates…

Read More

⚡ Weekly Roundup: NFC Scams, Curly COMrades, N-able Exploits, Docker Vulnerabilities & More

Aug 18, 2025
Cybersecurity / Hacking Insights

Power doesn’t vanish in a single breach; it gradually erodes through overlooked patches, misconfigured settings, and unmonitored systems. Security doesn’t fail in an instant; it declines slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about taking swift, decisive action before issues accumulate. Clarity fosters control, while hesitation breeds risk. Below are this week’s key developments—each highlighting where prompt action is essential.

⚡ Threat of the Week

Ghost Tap NFC Mobile Fraud on the Rise
— A new Android Trojan, PhantomCard, has emerged as the latest malware targeting near-field communication (NFC) to execute relay attacks aimed at defrauding banking customers in Brazil. Users who inadvertently install the malicious app are guided to place their credit/debit card on the back of their phone to initiate verification, only for their card information to be transmitted to an attacker-controlled NFC relay…

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

New Chrome Zero-Day Vulnerability Under Active Exploitation—Update Your Browser Immediately March 3, 2021 In a critical update, Google has announced the release of patches for a newly identified zero-day vulnerability within its Chrome web browser, which is reportedly being actively targeted by attackers. This follows just a month after the…

Read More

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

Indian Cyber Army Breaches OGRA Website in Retaliation

On December 4, 2010, the Indian Cyber Army executed a hack on the Oil & Gas Regulatory Authority (OGRA) website [www.ogra.org.pk] as part of an escalating cycle of cyberattacks. The website was quickly restored by its administrators. The defacement message claimed the attack was a response to the compromise of over 200 Indian websites by a group known as the Pakistan Cyber Army. The displayed message read: “You Have Been Hacked By The ‘INDIAN CYBER ARMY’. This Is a Retaliation Of Hacking ‘CBI’.” This incident follows an earlier wave of cyberattacks by Pakistani hackers, calling themselves ‘Predators PK,’ in response to a cyber offensive launched by the Indian Cyber Army (ICA), which they framed as revenge for the 26/11 attacks. Unlike the ICA, the Pakistani hackers did not present an ideological motive behind their assault.

Indian Cyber Army Compromises OGRA Website in Retaliatory Attack On December 4, 2010, the Indian Cyber Army, a notable group of hackers, successfully targeted the Oil & Gas Regulatory Authority (OGRA) website, located at www.ogra.org.pk. This incident forms part of an ongoing trend of cyber retaliation between Indian and Pakistani…

Read More

Indian Cyber Army Breaches OGRA Website in Retaliation

On December 4, 2010, the Indian Cyber Army executed a hack on the Oil & Gas Regulatory Authority (OGRA) website [www.ogra.org.pk] as part of an escalating cycle of cyberattacks. The website was quickly restored by its administrators. The defacement message claimed the attack was a response to the compromise of over 200 Indian websites by a group known as the Pakistan Cyber Army. The displayed message read: “You Have Been Hacked By The ‘INDIAN CYBER ARMY’. This Is a Retaliation Of Hacking ‘CBI’.” This incident follows an earlier wave of cyberattacks by Pakistani hackers, calling themselves ‘Predators PK,’ in response to a cyber offensive launched by the Indian Cyber Army (ICA), which they framed as revenge for the 26/11 attacks. Unlike the ICA, the Pakistani hackers did not present an ideological motive behind their assault.

Microsoft Windows Flaw Used to Launch PipeMagic RansomExx Malware

Cybersecurity researchers have revealed that threat actors are exploiting a now-patched vulnerability in Microsoft Windows to deploy the PipeMagic malware during RansomExx ransomware attacks. This exploitation hinges on CVE-2025-29824, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS), which Microsoft addressed in April 2025, according to a report from Kaspersky and BI.ZONE. First identified in 2022, PipeMagic has been utilized in RansomExx attacks targeting industrial sectors in Southeast Asia, functioning as a backdoor that allows remote access and execution of various commands on compromised systems. Past incidents have shown attackers exploiting CVE-2017-0144, a remote code execution vulnerability in Windows SMB, to breach victim networks. Notably, infection chains observed in October 2024 in Saudi Arabia were linked to a fraudulent OpenAI ChatGPT application.

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware On August 18, 2025, cybersecurity experts revealed that threat actors exploited a recently patched vulnerability in Microsoft Windows to distribute the PipeMagic malware within RansomExx ransomware operations. This malicious activity specifically took advantage of CVE-2025-29824, a privilege escalation flaw affecting the…

Read More

Microsoft Windows Flaw Used to Launch PipeMagic RansomExx Malware

Cybersecurity researchers have revealed that threat actors are exploiting a now-patched vulnerability in Microsoft Windows to deploy the PipeMagic malware during RansomExx ransomware attacks. This exploitation hinges on CVE-2025-29824, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS), which Microsoft addressed in April 2025, according to a report from Kaspersky and BI.ZONE. First identified in 2022, PipeMagic has been utilized in RansomExx attacks targeting industrial sectors in Southeast Asia, functioning as a backdoor that allows remote access and execution of various commands on compromised systems. Past incidents have shown attackers exploiting CVE-2017-0144, a remote code execution vulnerability in Windows SMB, to breach victim networks. Notably, infection chains observed in October 2024 in Saudi Arabia were linked to a fraudulent OpenAI ChatGPT application.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Discovered in Microsoft Exchange On March 3, 2021, Microsoft announced emergency patches to address four critical security vulnerabilities in its Exchange Server. These vulnerabilities, which were previously undisclosed, are reportedly being exploited by a state-sponsored threat actor from China, leading to significant concerns regarding…

Read More

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

CBI Website Breach: Pakistani Group Takes Credit

Dec 05, 2010

The Central Bureau of Investigation (CBI) has confirmed that its official website was hacked, leading to a case being filed under the Information Technology Act. An official spokesperson revealed that unauthorized access and defacement occurred during the night of December 3-4. Law enforcement is actively working with the National Informatics Centre and CBI cybersecurity experts to restore the site. Reports surfaced on Friday about the breach, which has rendered the CBI website inaccessible. Allegedly, the attack was carried out by a group identifying itself as the Pakistan Cyber Army, which claimed to have retaliated for the hacking of 40 Pakistani sites.

CBI Website Compromised: Responsibility Claimed by Pakistani Hacker Group On December 5, 2010, the Central Bureau of Investigation (CBI) confirmed that its official website had been compromised over the weekend. A spokesperson for the agency disclosed that unauthorized access and defacement occurred between the nights of December 3 and 4,…

Read More

CBI Website Breach: Pakistani Group Takes Credit

Dec 05, 2010

The Central Bureau of Investigation (CBI) has confirmed that its official website was hacked, leading to a case being filed under the Information Technology Act. An official spokesperson revealed that unauthorized access and defacement occurred during the night of December 3-4. Law enforcement is actively working with the National Informatics Centre and CBI cybersecurity experts to restore the site. Reports surfaced on Friday about the breach, which has rendered the CBI website inaccessible. Allegedly, the attack was carried out by a group identifying itself as the Pakistan Cyber Army, which claimed to have retaliated for the hacking of 40 Pakistani sites.

Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics

Aug 18, 2025
Malware / Enterprise Security

The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.

Noodlophile Malware Campaign Broadens Its Global Impact Through Copyright Phishing Tactics As of August 18, 2025, the Noodlophile malware campaign has intensified its operations, targeting businesses across the U.S., Europe, the Baltic nations, and the Asia-Pacific region. The cybercriminals orchestrating this campaign are employing sophisticated spear-phishing tactics, utilizing emails that…

Read More

Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics

Aug 18, 2025
Malware / Enterprise Security

The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.

Exploring the Threats Posed by Stuxnet to Industrial Control Systems

Dec 09, 2010

Stuxnet is a highly advanced virus tailored to penetrate supervisory control and data acquisition (SCADA) systems created by Siemens, a major industrial corporation in Germany. These systems play a critical role in managing essential services like water supply and power generation, making Stuxnet a significant threat to national security.

Who Developed This Malware?
Cybersecurity experts suggest that Stuxnet was likely developed by a government entity or a well-funded organization, as its complex design exceeds the capabilities of an individual hacker. With much of the damage traced back to Iran, many theorize that the malware was aimed at sabotaging the country’s nuclear infrastructure.

A New Era of Cyber Threats
Regardless of whether Stuxnet was directed at U.S. infrastructures, its emergence signals a troubling evolution in cyber warfare. This development opens the door to increasingly sophisticated threats targeting critical infrastructure like power plants, forcing us to confront a new level of cyber risk.

Examining the Threat of Stuxnet in Industrial Control Systems Published: December 9, 2010 Stuxnet has emerged as a highly sophisticated malware specifically engineered to infiltrate supervisory control and data acquisition (SCADA) systems manufactured by Siemens, a prominent player in the industrial sector. These systems are integral to the management of…

Read More

Exploring the Threats Posed by Stuxnet to Industrial Control Systems

Dec 09, 2010

Stuxnet is a highly advanced virus tailored to penetrate supervisory control and data acquisition (SCADA) systems created by Siemens, a major industrial corporation in Germany. These systems play a critical role in managing essential services like water supply and power generation, making Stuxnet a significant threat to national security.

Who Developed This Malware?
Cybersecurity experts suggest that Stuxnet was likely developed by a government entity or a well-funded organization, as its complex design exceeds the capabilities of an individual hacker. With much of the damage traced back to Iran, many theorize that the malware was aimed at sabotaging the country’s nuclear infrastructure.

A New Era of Cyber Threats
Regardless of whether Stuxnet was directed at U.S. infrastructures, its emergence signals a troubling evolution in cyber warfare. This development opens the door to increasingly sophisticated threats targeting critical infrastructure like power plants, forcing us to confront a new level of cyber risk.