The Breach News

State Settles for $2M with Dental Insurer Over Cybersecurity Breaches – Crain’s New York Business

State Settles for $2 Million with Dental Insurer Over Cybersecurity Breaches In a significant development within the realm of cybersecurity compliance, a settlement has been reached between state authorities and a dental insurance provider concerning serious violations of data security protocols. The agreement, totaling $2 million, highlights the legal and…

Read MoreState Settles for $2M with Dental Insurer Over Cybersecurity Breaches – Crain’s New York Business

CISA Alerts on Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw Jun 18, 2025 Linux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security vulnerability affecting the Linux kernel, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild. This vulnerability, designated CVE-2023-0386 (CVSS score: 7.8), involves improper ownership management that could allow attackers to escalate privileges on vulnerable systems. A patch was released in early 2023. CISA explained that the flaw arises from unauthorized access to the execution of setuid files with capabilities within the Linux kernel’s OverlayFS subsystem, specifically when users copy capable files from a nosuid mount to another mount. This UID mapping issue enables local users to elevate their privileges on the system. The specific methods of exploitation in current scenarios remain unclear. A report from Datadog in May 2023 highlighted this vulnerability…

CISA Alerts About Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw On June 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding a significant security vulnerability affecting the Linux kernel, now listed in its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2023-0386, boasts…

Read MoreCISA Alerts on Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw Jun 18, 2025 Linux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security vulnerability affecting the Linux kernel, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild. This vulnerability, designated CVE-2023-0386 (CVSS score: 7.8), involves improper ownership management that could allow attackers to escalate privileges on vulnerable systems. A patch was released in early 2023. CISA explained that the flaw arises from unauthorized access to the execution of setuid files with capabilities within the Linux kernel’s OverlayFS subsystem, specifically when users copy capable files from a nosuid mount to another mount. This UID mapping issue enables local users to elevate their privileges on the system. The specific methods of exploitation in current scenarios remain unclear. A report from Datadog in May 2023 highlighted this vulnerability…

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.

Chinese Cyber Actors Target Global Enterprises Through Ivanti EPMM Vulnerabilities May 22, 2025 – Enterprise Security / Malware Recent developments in the cybersecurity landscape have revealed that a pair of vulnerabilities within Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428, have been exploited by a China-based threat…

Read More

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.

Customer Data from Pandora and Chanel Exposed in Third-Party Breaches

Data Breaches Affect Luxury Retailers: Pandora and Chanel Experience Cybersecurity Incidents In recent reports, luxury retailers Pandora and Chanel have fallen victim to significant data breaches, raising concerns over the vulnerabilities that affect even high-profile brands in the retail sector. Both companies are grappling with the implications of third-party data…

Read MoreCustomer Data from Pandora and Chanel Exposed in Third-Party Breaches

Critical Linux Vulnerabilities Grant Full Root Access via PAM and Udisks Across Major Distributions

June 19, 2025
Linux / Vulnerability

Cybersecurity researchers have identified two local privilege escalation (LPE) vulnerabilities that could potentially provide root access on various major Linux distributions. The issues, revealed by Qualys, are detailed below:

  • CVE-2025-6018: LPE from unprivileged to allow_active in Pluggable Authentication Modules (PAM) for SUSE 15
  • CVE-2025-6019: LPE from allow_active to root in libblockdev through the udisks daemon

“These modern ‘local-to-root’ vulnerabilities have bridged the divide between a regular user and complete system control,” stated Saeed Abbasi, Senior Manager at Qualys Threat Research Unit (TRU). “By leveraging legitimate services like udisks loop-mounts and PAM/environment intricacies, attackers with any active GUI or SSH session can bypass polkit’s allow_active trust zone and gain root access within seconds.”

Qualys noted that CVE-2025-6018 is found in the PAM configuration of openSUSE Leap…

Critical Linux Vulnerabilities Expose Root Access Risks Across Major Distributions June 19, 2025 In a significant cybersecurity development, researchers from Qualys have identified two local privilege escalation vulnerabilities that could be exploited to attain root access on systems using prominent Linux distributions. These security flaws, tagged as CVE-2025-6018 and CVE-2025-6019,…

Read More

Critical Linux Vulnerabilities Grant Full Root Access via PAM and Udisks Across Major Distributions

June 19, 2025
Linux / Vulnerability

Cybersecurity researchers have identified two local privilege escalation (LPE) vulnerabilities that could potentially provide root access on various major Linux distributions. The issues, revealed by Qualys, are detailed below:

  • CVE-2025-6018: LPE from unprivileged to allow_active in Pluggable Authentication Modules (PAM) for SUSE 15
  • CVE-2025-6019: LPE from allow_active to root in libblockdev through the udisks daemon

“These modern ‘local-to-root’ vulnerabilities have bridged the divide between a regular user and complete system control,” stated Saeed Abbasi, Senior Manager at Qualys Threat Research Unit (TRU). “By leveraging legitimate services like udisks loop-mounts and PAM/environment intricacies, attackers with any active GUI or SSH session can bypass polkit’s allow_active trust zone and gain root access within seconds.”

Qualys noted that CVE-2025-6018 is found in the PAM configuration of openSUSE Leap…

AT&T to Distribute $177 Million Settlement: Find Out If You Qualify for a $7,500 Payment

AT&T Settles Class Action Lawsuits Following Major Cyber Breaches In a significant development for data security, telecommunications leader AT&T has reached settlements for two class action lawsuits triggered by dual data breaches that unfolded in 2024. These incidents were notable not only for their scale but also for the sensitive…

Read MoreAT&T to Distribute $177 Million Settlement: Find Out If You Qualify for a $7,500 Payment

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

Google Enhances Security Measures to Protect GenAI from Prompt Injection Threats On June 23, 2025, Google announced strategic enhancements to the security of its generative artificial intelligence (AI) systems, aimed at countering sophisticated attack vectors such as indirect prompt injection. This development comes amid rising concerns about vulnerabilities in AI…

Read More

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

Ransomware Claims Emerge Amid Ongoing Colt Outages

Fraud Management & Cybercrime, Ransomware Colt Technology Services Faces Major Disruption Following Ransomware Attack Prajeet Nair (@prajeetspeaks) • August 17, 2025 Image: aileenchik/Shutterstock Colt Technology Services, a multinational telecommunications company based in the UK, has reported widespread disruptions to its customer portal and support services, citing a “cyber incident” as…

Read MoreRansomware Claims Emerge Amid Ongoing Colt Outages