The Breach News

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Researchers Disclose PoC Exploit for Critical Windows RCE Vulnerability On June 30, 2021, news emerged regarding the brief online availability of a proof-of-concept (PoC) exploit linked to a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service. This vulnerability, cataloged as CVE-2021-1675, was identified as potentially allowing…

Read More

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Title: Cyber Attack Disrupts Pakistan Government Servers Following Security Breach

Date: March 11, 2013

Today, a cyber attack targeted Pakistan’s government servers, causing significant disruptions to various official websites, including those of the Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs and Statistics, and several others. The hacker, known as ‘Godzilla’, claimed responsibility for the breach, citing the government’s alleged support for terrorist activities as the motivation behind the attack. “I’ve gone after all network infrastructure because they deserve it; my focus is solely on government sites, not innocent ones,” he stated.

Despite Pakistani officials being aware of the threats posed by new viruses and malware, their reliance on a proxy server (http://202.83.164.6/) to protect their systems fell short due to inadequate cybersecurity measures, ultimately leading to a successful breach.

Pakistan Government Servers Compromised Following Cyber Attack March 11, 2013 In a significant cybersecurity incident, several official websites of Pakistan’s government have experienced outages due to a cyberattack. Key ministries, including the Ministry of Information Technology, the Ministry of Railways, the Ministry of Economic Affairs and Statistics, the Ministry of…

Read More

Title: Cyber Attack Disrupts Pakistan Government Servers Following Security Breach

Date: March 11, 2013

Today, a cyber attack targeted Pakistan’s government servers, causing significant disruptions to various official websites, including those of the Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs and Statistics, and several others. The hacker, known as ‘Godzilla’, claimed responsibility for the breach, citing the government’s alleged support for terrorist activities as the motivation behind the attack. “I’ve gone after all network infrastructure because they deserve it; my focus is solely on government sites, not innocent ones,” he stated.

Despite Pakistani officials being aware of the threats posed by new viruses and malware, their reliance on a proxy server (http://202.83.164.6/) to protect their systems fell short due to inadequate cybersecurity measures, ultimately leading to a successful breach.

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

ShadowSilk Launches Targeted Cyber Assaults on 35 Organizations Across Central Asia and APAC In a concerning development within the cybersecurity landscape, a threat activity cluster identified as ShadowSilk has executed a series of targeted cyberattacks against government organizations in Central Asia and the Asia-Pacific (APAC) region. The security firm Group-IB…

Read More

ShadowSilk Targets 35 Organizations Across Central Asia and APAC via Telegram Bots

August 27, 2025
Malware / Spyware

A threat cluster known as ShadowSilk is responsible for a new wave of attacks aimed at government entities in Central Asia and the Asia-Pacific region. Group-IB has identified nearly 35 victims, primarily focused on data exfiltration. This hacking group shares tools and infrastructure with other threat actors, including YoroTrooper, SturgeonPhisher, and Silent Lynx. The affected organizations are predominantly government bodies, with some incidents involving the energy, manufacturing, retail, and transportation sectors across Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan. “The operation is executed by a bilingual team—Russian-speaking developers linked to older YoroTrooper code and Chinese-speaking operatives leading the intrusions—creating a versatile, multi-regional threat,” state researchers Nikita Rostovcev and Sergei Turner.

Microsoft Alerts Users to Critical “PrintNightmare” Vulnerability Under Active Exploitation

On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.

Microsoft Alerts on Critical Vulnerability Exploited in the Wild On July 2, 2021, Microsoft confirmed a severe vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler. Unlike a previous issue resolved in its Patch Tuesday update, this vulnerability is distinct and currently under active exploitation attempts. Microsoft has designated this flaw…

Read More

Microsoft Alerts Users to Critical “PrintNightmare” Vulnerability Under Active Exploitation

On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.

Chinese Malware Breaches Reserve Bank of Australia

March 11, 2013

When it comes to computer network security, determined hackers will always find a way in. The Australian Financial Review reported on Monday that the Reserve Bank of Australia (RBA) experienced a breach wherein hackers infiltrated its systems and reportedly stole information using malware linked to China.

Investigations revealed multiple computers were compromised by malicious software aimed at gathering intelligence. Over two days, various RBA staff members, including department heads, received malicious emails. It remains unclear whether the malware was successful in extracting data from the affected systems. This malware included a web link to a compressed file containing a Trojan that previously evaded detection by the RBA’s antivirus software. A spokesperson from the Defence Department remarked, “The government does not discuss specific cyber incidents, activities, or capabilities…”

Reserve Bank of Australia Targeted by Chinese Malware Attack March 11, 2013 In a notable cybersecurity incident, the Reserve Bank of Australia (RBA) has reportedly been compromised by cybercriminals utilizing sophisticated Chinese malware. The attack highlights the vulnerabilities inherent in even the most secure networks, demonstrating that, while organizations can…

Read More

Chinese Malware Breaches Reserve Bank of Australia

March 11, 2013

When it comes to computer network security, determined hackers will always find a way in. The Australian Financial Review reported on Monday that the Reserve Bank of Australia (RBA) experienced a breach wherein hackers infiltrated its systems and reportedly stole information using malware linked to China.

Investigations revealed multiple computers were compromised by malicious software aimed at gathering intelligence. Over two days, various RBA staff members, including department heads, received malicious emails. It remains unclear whether the malware was successful in extracting data from the affected systems. This malware included a web link to a compressed file containing a Trojan that previously evaded detection by the RBA’s antivirus software. A spokesperson from the Defence Department remarked, “The government does not discuss specific cyber incidents, activities, or capabilities…”

Anthropic Unveils Disruption of AI-Driven Cyberattacks Targeting Key Sectors for Data Theft and Extortion

Date: August 27, 2025
Categories: Cybersecurity / Artificial Intelligence

On Wednesday, Anthropic announced the successful disruption of a sophisticated cyber operation that leveraged its AI-powered chatbot, Claude, for extensive data theft and extortion activities in July 2025. “The perpetrator targeted at least 17 distinct organizations, including those in healthcare, emergency services, government, and religious sectors,” the company reported. Instead of using traditional ransomware to encrypt stolen information, the actor threatened to publicly disclose the data, attempting to coerce victims into paying hefty ransoms—sometimes exceeding $500,000. The attacker reportedly utilized Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that maintained ongoing context for each interaction. This unknown threat actor is said to have employed AI with an “unprecedented degree,” utilizing Claude Code, Anthropic’s agentic coding tool, to automate various aspects of the attack.

Anthropic Disrupts AI-Driven Cybercrime Targeting Critical Sectors August 27, 2025 — Cybersecurity On Wednesday, Anthropic disclosed a major disruption of a sophisticated cyber operation that misused its AI-powered chatbot, Claude, to facilitate large-scale data theft and extortion in July 2025. This incident involved an attack on at least 17 distinct…

Read More

Anthropic Unveils Disruption of AI-Driven Cyberattacks Targeting Key Sectors for Data Theft and Extortion

Date: August 27, 2025
Categories: Cybersecurity / Artificial Intelligence

On Wednesday, Anthropic announced the successful disruption of a sophisticated cyber operation that leveraged its AI-powered chatbot, Claude, for extensive data theft and extortion activities in July 2025. “The perpetrator targeted at least 17 distinct organizations, including those in healthcare, emergency services, government, and religious sectors,” the company reported. Instead of using traditional ransomware to encrypt stolen information, the actor threatened to publicly disclose the data, attempting to coerce victims into paying hefty ransoms—sometimes exceeding $500,000. The attacker reportedly utilized Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that maintained ongoing context for each interaction. This unknown threat actor is said to have employed AI with an “unprecedented degree,” utilizing Claude Code, Anthropic’s agentic coding tool, to automate various aspects of the attack.

Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows

Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.

Microsoft Releases Critical Emergency Patch for PrintNightmare Vulnerability July 7, 2021 Microsoft has announced the urgent deployment of an out-of-band security update aimed at addressing a severe zero-day vulnerability identified as “PrintNightmare.” This flaw, which impacts the Windows Print Spooler service, enables remote threat actors to execute arbitrary code, potentially…

Read More

Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows

Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.

Iran Intensifies Internet Control by Blocking Most VPN Services

March 11, 2013

For years, Iran has been fortifying its defenses against cyber threats while shielded from the global internet. Many citizens turned to virtual private networks (VPNs) to securely access sites like YouTube and Facebook by evading the country’s stringent internet filters. However, Iranian authorities have recently escalated their crackdown, blocking the majority of VPN services to prevent citizens from bypassing governmental restrictions on online content. Officially, the extensive internet filter aims to protect against what the government deems offensive or criminal material. Ramezanali Sobhani-Fard, chairman of the parliament’s information and communications technology committee, announced, “In recent days, illegal VPN ports have been blocked. From now on, only legal and registered VPNs may be used.” While registered VPN access is still available for purchase, typical usage conditions remain stringent.

Iran Intensifies Crackdown on VPN Access Amid Cybersecurity Concerns March 11, 2013 Iran has escalated its efforts to fortify its internet boundaries by restricting access to most virtual private network (VPN) services, a move that directly impacts citizens seeking to bypass government-imposed internet filters. For years, Iranians have relied on…

Read More

Iran Intensifies Internet Control by Blocking Most VPN Services

March 11, 2013

For years, Iran has been fortifying its defenses against cyber threats while shielded from the global internet. Many citizens turned to virtual private networks (VPNs) to securely access sites like YouTube and Facebook by evading the country’s stringent internet filters. However, Iranian authorities have recently escalated their crackdown, blocking the majority of VPN services to prevent citizens from bypassing governmental restrictions on online content. Officially, the extensive internet filter aims to protect against what the government deems offensive or criminal material. Ramezanali Sobhani-Fard, chairman of the parliament’s information and communications technology committee, announced, “In recent days, illegal VPN ports have been blocked. From now on, only legal and registered VPNs may be used.” While registered VPN access is still available for purchase, typical usage conditions remain stringent.