The Breach News

Major Vulnerability in Open VSX Registry Poses Supply Chain Risks for Millions of Developers

On June 26, 2025, cybersecurity analysts revealed a serious flaw in the Open VSX Registry (“open-vsx[.]org”), which, if exploited, could allow attackers to seize control of the entire Visual Studio Code extensions marketplace. This represents a significant supply chain threat. “This vulnerability gives attackers total authority over the extensions marketplace and, consequently, over millions of developer machines,” stated Oren Yomtov, a researcher at Koi Security. “By leveraging a CI issue, a malicious actor could release harmful updates to every extension available on Open VSX.” After responsibly disclosing the issue on May 4, 2025, the maintainers proposed several fixes, culminating in a final patch on June 25. The Open VSX Registry, an open-source alternative to the Visual Studio Marketplace, is maintained by the Eclipse Foundation and is used by various code editors, including Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod.

Critical Vulnerability in Open VSX Registry Poses Major Supply Chain Risk for Developers On June 26, 2025, cybersecurity researchers revealed a significant vulnerability in the Open VSX Registry, an open-source platform available at “open-vsx[.]org.” This flaw has the potential to allow attackers to gain control of the entire Visual Studio…

Read More

Major Vulnerability in Open VSX Registry Poses Supply Chain Risks for Millions of Developers

On June 26, 2025, cybersecurity analysts revealed a serious flaw in the Open VSX Registry (“open-vsx[.]org”), which, if exploited, could allow attackers to seize control of the entire Visual Studio Code extensions marketplace. This represents a significant supply chain threat. “This vulnerability gives attackers total authority over the extensions marketplace and, consequently, over millions of developer machines,” stated Oren Yomtov, a researcher at Koi Security. “By leveraging a CI issue, a malicious actor could release harmful updates to every extension available on Open VSX.” After responsibly disclosing the issue on May 4, 2025, the maintainers proposed several fixes, culminating in a final patch on June 25. The Open VSX Registry, an open-source alternative to the Visual Studio Marketplace, is maintained by the Eclipse Foundation and is used by various code editors, including Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod.

Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members

October 3, 2024
Cybercrime / Ransomware

A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”

LockBit Ransomware and Evil Corp Members Arrested in Global Law Enforcement Operation On October 3, 2024, a coordinated international law enforcement operation resulted in the arrest of four individuals and the dismantling of nine servers associated with the LockBit ransomware group, also known as Bitwise Spider. This initiative represents a…

Read More

Joint Global Operation Leads to Arrests and Sanctions Against LockBit Ransomware and Evil Corp Members

October 3, 2024
Cybercrime / Ransomware

A coordinated international law enforcement effort has resulted in four arrests and the shutdown of nine servers associated with the LockBit (also known as Bitwise Spider) ransomware operation, targeting a once-prominent financially motivated cybercriminal group. Key developments include the apprehension of a suspected LockBit developer in France while on vacation outside Russia, the arrest of two individuals in the UK linked to an affiliate, and the capture of an administrator of a bulletproof hosting service in Spain used by the gang, according to Europol. Additionally, authorities have identified a Russian national, Aleksandr Ryzhenkov (known by several aliases including Beverley and Corbyn_Dallas), as a high-ranking member of the Evil Corp cybercrime group and a LockBit affiliate. Sanctions have been imposed on seven individuals and two entities connected to the e-crime organization. “The United States, in collaboration with our allies…”

Digital Twins of AI Workers Create Emerging Insider Threats

Artificial Intelligence & Machine Learning, Black Hat, Events Researchers Highlight Risks of AI Bots in Cybersecurity Contexts Michael Novinson (@MichaelNovinson) • August 15, 2025 Matthew Canham, Executive Director, Cognitive Security Institute, and Ben Sawyer, Associate Professor, Industrial Engineering and Management Systems, University of Central Florida As generative artificial intelligence technologies…

Read MoreDigital Twins of AI Workers Create Emerging Insider Threats

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

New Vulnerabilities Uncovered in Linux Core Dump Handlers Could Lead to Password Hash Theft May 31, 2025 Recent findings from the Qualys Threat Research Unit (TRU) have revealed two significant vulnerabilities within core dump handlers in popular Linux distributions, including Ubuntu, Red Hat Enterprise Linux, and Fedora. Identified as CVE-2025-5054…

Read More

New Vulnerabilities in Linux Enable Password Hash Theft Through Core Dumps in Ubuntu, RHEL, and Fedora

May 31, 2025
Vulnerability / Linux

Two critical information disclosure vulnerabilities have been discovered in Apport and systemd-coredump, core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Labeled as CVE-2025-5054 and CVE-2025-4598, both are race condition bugs that could allow local attackers to access sensitive data. Tools like Apport and systemd-coredump are essential for handling crash reports and core dumps within Linux systems. Saeed Abbasi, product manager at Qualys TRU, noted, “These race conditions enable a local attacker to exploit a SUID program and gain read access to the resultant core dump.” Below is a brief overview of the two vulnerabilities:

  • CVE-2025-5054 (CVSS score: 4.7): A race condition in the Canonical Apport package, versions up to 2.32.0, allowing local attackers to leak sensitive information through PID-reuse by leveraging namespaces.
  • CVE-2025-4598 (CVSS score: 4.7): A race condition in…

How to Claim Your Portion of AT&T’s $177M Settlement for Data Breaches

AT&T Faces $177 Million Settlement Over Data Breaches In a significant development for customer data protection, AT&T has reached a tentative $177 million settlement connected to two data breaches disclosed in 2024. This settlement could see eligible customers receiving compensation of up to $7,500 as part of ongoing legal proceedings…

Read MoreHow to Claim Your Portion of AT&T’s $177M Settlement for Data Breaches

MOVEit Transfer Under Heightened Threat as Scanning Activity Surges and CVE Vulnerabilities Come Under Fire

Network security firm GreyNoise has reported a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025, indicating that cybercriminals may be gearing up for a new mass exploitation campaign or probing for unpatched vulnerabilities. MOVEit Transfer, widely utilized by businesses and government agencies for secure file sharing, is a prime target due to its handling of sensitive data.

“Prior to this date, scanning was minimal—typically fewer than 10 IP addresses were observed daily,” the firm stated. “However, on May 27, that number skyrocketed to over 100 unique IPs, followed by 319 on May 28.” Since then, the volume of scanning IPs has remained intermittently elevated, fluctuating between 200 and 300 daily, marking a “significant deviation” from normal patterns. GreyNoise reports that as many as 682 unique IPs have been flagged in connection with this increased activity.

Increased Threat Landscape for MOVEit Transfer Amidst Rising Scanning Activities June 27, 2025 In a recent update, cybersecurity firm GreyNoise has reported a significant surge in scanning activities targeting Progress MOVEit Transfer systems. This uptick, which began on May 27, 2025, raises concerns that cybercriminals may be gearing up for…

Read More

MOVEit Transfer Under Heightened Threat as Scanning Activity Surges and CVE Vulnerabilities Come Under Fire

Network security firm GreyNoise has reported a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems since May 27, 2025, indicating that cybercriminals may be gearing up for a new mass exploitation campaign or probing for unpatched vulnerabilities. MOVEit Transfer, widely utilized by businesses and government agencies for secure file sharing, is a prime target due to its handling of sensitive data.

“Prior to this date, scanning was minimal—typically fewer than 10 IP addresses were observed daily,” the firm stated. “However, on May 27, that number skyrocketed to over 100 unique IPs, followed by 319 on May 28.” Since then, the volume of scanning IPs has remained intermittently elevated, fluctuating between 200 and 300 daily, marking a “significant deviation” from normal patterns. GreyNoise reports that as many as 682 unique IPs have been flagged in connection with this increased activity.

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Microsoft Alerts on Increasing Use of File Hosting Services in Business Email Compromise Attacks October 9, 2024 Microsoft has issued a warning regarding a rise in cyber attack campaigns that exploit established file hosting services such as SharePoint, OneDrive, and Dropbox. These platforms, frequently utilized in corporate settings, are being…

Read More

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Hackers Compromise Canadian Government Using Microsoft Vulnerability

Government, Industry Specific Microsoft Issues Urgent Warning After SharePoint Vulnerability Breach Targeting State Actors Chris Riotta (@chrisriotta) • August 14, 2025 The Ottawa Parliament Building. (Image: Shutterstock) A significant security breach has occurred within Canada’s House of Commons, where hackers accessed a sensitive database containing confidential office locations and personal…

Read MoreHackers Compromise Canadian Government Using Microsoft Vulnerability