The Breach News

Hackers Launch Social Engineering Attack on Workday

Workday has confirmed it suffered a significant data breach stemming from a comprehensive social engineering campaign that compromised a third-party vendor’s information. This breach allowed unauthorized individuals to infiltrate systems and potentially access sensitive data. The attackers employed deceptive tactics, impersonating IT and human resources personnel, ultimately tricking employees into…

Read MoreHackers Launch Social Engineering Attack on Workday

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction On June 12, 2025, cybersecurity experts disclosed a significant vulnerability known as EchoLeak, which has been classified as a “zero-click” artificial intelligence (AI) exploit. This flaw allows malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without…

Read More

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Caution: Big Head Ransomware on the Rise—Disguised as Phony Windows Updates

July 11, 2023
Ransomware / Windows Security

A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…

Warning: Big Head Ransomware on the Rise via Fake Windows Updates July 11, 2023 – BreachSpot.com A new strain of ransomware known as Big Head is gaining traction, being distributed through a targeted malvertising campaign that masquerades as counterfeit Microsoft Windows updates and Word installers. This ransomware was first identified…

Read More

Caution: Big Head Ransomware on the Rise—Disguised as Phony Windows Updates

July 11, 2023
Ransomware / Windows Security

A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…

Feds Take Down Notorious DDoS-for-Hire Operation ‘Rapper Botnet’

Cybercrime, Fraud Management & Cybercrime Oregon Man Charged for Operating DDoS Attack Service Mathew J. Schwartz (@euroinfosec) • August 20, 2025 Image: Shutterstock Federal authorities have charged a 22-year-old from Oregon for operating a sophisticated, on-demand distributed denial-of-service (DDoS) attack service known as “Rapper Bot.” Prosecutors allege that the service…

Read MoreFeds Take Down Notorious DDoS-for-Hire Operation ‘Rapper Botnet’

Mastering Hacking Skills: The Value of Offensive Security Training for Your Entire Security Team

May 14, 2025
Cybersecurity / Ethical Hacking

Organizations across various sectors are witnessing a sharp rise in cyberattacks, with critical infrastructure and cloud-based enterprises being particularly vulnerable. According to Verizon’s 2025 Data Breach Investigations Report, confirmed breaches surged by 18% year-over-year, and the exploitation of vulnerabilities for initial access grew by 34%. As the frequency and severity of attacks increase, many organizations rely on security tools and compliance standards as their primary defenses. While these elements are vital for reducing cyber risk, they are not foolproof solutions. Effective security hinges on the combination of people, processes, and technology, with the emphasis placed on skilled practitioners. Therefore, investing in offensive security training for all roles within the security team becomes crucial. Too often, the potential of offensive operations is underutilized…

Mastering Offensive Security: The Essential Training for Cybersecurity Teams As cyberattacks surge across various sectors, organizations are increasingly vulnerable to threats, especially those targeting critical infrastructure and cloud-based services. The recently published 2025 Data Breach Investigations Report by Verizon highlights a profound 18% year-over-year increase in confirmed breaches, with a…

Read More

Mastering Hacking Skills: The Value of Offensive Security Training for Your Entire Security Team

May 14, 2025
Cybersecurity / Ethical Hacking

Organizations across various sectors are witnessing a sharp rise in cyberattacks, with critical infrastructure and cloud-based enterprises being particularly vulnerable. According to Verizon’s 2025 Data Breach Investigations Report, confirmed breaches surged by 18% year-over-year, and the exploitation of vulnerabilities for initial access grew by 34%. As the frequency and severity of attacks increase, many organizations rely on security tools and compliance standards as their primary defenses. While these elements are vital for reducing cyber risk, they are not foolproof solutions. Effective security hinges on the combination of people, processes, and technology, with the emphasis placed on skilled practitioners. Therefore, investing in offensive security training for all roles within the security team becomes crucial. Too often, the potential of offensive operations is underutilized…

The Allianz Life Data Breach Has Undergone a Significant Escalation

A significant data breach at Allianz Life has been exposed, with the credential notification site Have I Been Pwned reporting that approximately 1.1 million accounts have been compromised. This figure represents a substantial proportion of Allianz Life’s 1.4 million North American customers, alongside data from financial professionals and specific Allianz…

Read MoreThe Allianz Life Data Breach Has Undergone a Significant Escalation

Apple Fixes Zero-Click Vulnerability in Messages App Used for Targeted Spyware Attacks on Journalists

June 13, 2025
Spyware / Vulnerability

Apple has revealed that a recently patched security flaw in its Messages app was actively exploited to carry out sophisticated cyber attacks on civil society members. Identified as CVE-2025-43200, the vulnerability was remedied on February 10, 2025, through updates to iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. According to the company, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” which was resolved with improved security checks. Apple also acknowledged awareness that this vulnerability may have been exploited in “extremely sophisticated” attacks targeting specific individuals. Notably, the updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 also fixed another actively exploited zero-day vulnerability, CVE-2025-24200.

Apple Addresses Exploited Zero-Click Flaw in Messages, Targeting Journalists with Spyware On June 13, 2025, Apple confirmed that a previously undisclosed security vulnerability in its Messages application had been actively exploited in targeted cyberattacks, particularly against members of civil society, including journalists. The flaw, identified as CVE-2025-43200, allowed for the…

Read More

Apple Fixes Zero-Click Vulnerability in Messages App Used for Targeted Spyware Attacks on Journalists

June 13, 2025
Spyware / Vulnerability

Apple has revealed that a recently patched security flaw in its Messages app was actively exploited to carry out sophisticated cyber attacks on civil society members. Identified as CVE-2025-43200, the vulnerability was remedied on February 10, 2025, through updates to iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. According to the company, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” which was resolved with improved security checks. Apple also acknowledged awareness that this vulnerability may have been exploited in “extremely sophisticated” attacks targeting specific individuals. Notably, the updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 also fixed another actively exploited zero-day vulnerability, CVE-2025-24200.

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.

Microsoft Averts Chinese Cyber Espionage Targeting Western European Governments On July 11, 2023, Microsoft disclosed its successful defense against a sophisticated cyber attack orchestrated by a Chinese state-sponsored group. This operation targeted approximately two dozen organizations, including several governmental entities across Western Europe, in an effort to extract confidential information.…

Read More

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.