The Breach News

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

đź“… Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

Weekly Cybersecurity Recap: Airline Breaches, Citrix Vulnerabilities, and Malware Threats June 30, 2025 Cybersecurity | BreachSpot In the ever-evolving landscape of cybersecurity threats, recent events serve as a stark reminder that vulnerabilities often lie in systemic operations rather than overt faults. This week, we explore incidents that challenge our assumptions…

Read More

⚡ Weekly Update: Airline Threats, Citrix Vulnerabilities, Outlook Malware, Banking Trojans, and More

đź“… Jun 30, 2025
Cybersecurity / Hacking News

Curious about what happens when attackers play by the rules—only better? This week, we explore stories that challenge our understanding of security control. It’s not always a broken firewall or an unpatched system; sometimes, it’s the seemingly innocuous choices, default settings, and shortcuts we take that introduce risk. The true shock is that threats can stem from the very design of our systems. Join us as we delve into the underlying factors influencing today’s security landscape.

⚡ Threat of the Week

FBI Alerts on Scattered Spider’s Airlines Attacks — The FBI has issued warnings about a new wave of sophisticated attacks by the cybercrime group Scattered Spider, specifically targeting the airline industry through advanced social engineering tactics. Cybersecurity experts from Palo Alto Networks Unit 4…

Data Breach Warning: Edelson Lechtzin LLP Investigates Claims for Customers of The Manpower of Lansing, MI Inc. Affected by Potential Data Compromise

Data Breach Investigation: Edelson Lechtzin LLP Looks Into Compromise of Manpower of Lansing, MI Inc. Customer Information LANSING, Mich., Aug. 12, 2025 — Edelson Lechtzin LLP, based in suburban Philadelphia, has initiated an investigation into a data privacy incident involving Manpower of Lansing, MI Inc. This breach was identified around…

Read More

Data Breach Warning: Edelson Lechtzin LLP Investigates Claims for Customers of The Manpower of Lansing, MI Inc. Affected by Potential Data Compromise

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

Critical Cisco Flaw in Unified Communications Manager Enables Root Access via Static Credentials On July 3, 2025, Cisco issued critical security updates aimed at addressing a significant vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, designated CVE-2025-20309, boasts a…

Read More

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

⚡ Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

THN Cybersecurity Recap: Overview of Threats, Tools, and Developments (Oct 14 – Oct 20) Published on October 21, 2024 In recent developments in cybersecurity, the landscape continues to evolve as hackers deploy increasingly sophisticated methods to infiltrate systems previously considered secure. Security professionals have revealed that known vulnerabilities are being…

Read More

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

⚡ Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.

Connex Credit Union Data Breach Impacts 172,000 Members

Connex Credit Union has experienced a significant data breach, impacting the personal information of 172,000 members. A legal investigation is underway, with experts advising victims to closely monitor accounts for potential fraud and identity theft. In a recent security incident, Connex Credit Union, one of Connecticut’s largest financial institutions, revealed…

Read MoreConnex Credit Union Data Breach Impacts 172,000 Members

AI Companies Compete to Provide Affordable Contracts to Federal Agencies

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development OpenAI and Anthropic Unveil $1 Annual Offers Amidst Vendor Lock-in Concerns Chris Riotta ( @chrisriotta) • August 12, 2025 Image: Shutterstock In a significant move, artificial intelligence firms are aggressively targeting federal contracts by offering access to premium AI models…

Read MoreAI Companies Compete to Provide Affordable Contracts to Federal Agencies

Hackers Expose Allianz Life Data Stolen in Salesforce Breach

In a significant cybersecurity breach, Allianz Life, a major US insurance firm, has had 2.8 million sensitive records exposed following a data leak linked to ongoing Salesforce attacks. These stolen records contain critical information pertaining to both business partners and customers, highlighting a troubling trend in the escalating sophistication of…

Read MoreHackers Expose Allianz Life Data Stolen in Salesforce Breach

Chinese Hackers Exploit Ivanti CSA Zero-Days to Target French Government and Telecoms

On July 3, 2025, France’s cybersecurity agency disclosed that multiple sectors—including government, telecommunications, media, finance, and transport—were affected by a cyber campaign led by a Chinese hacking group. This group exploited several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, identified in early September 2024, has been linked to an intrusion set known as Houken, which reportedly shares characteristics with the threat cluster tracked by Google Mandiant as UNC5174 (also referred to as Uteus or Uetus). According to the French National Agency for the Security of Information Systems (ANSSI), “Houken’s operators use both zero-day vulnerabilities and sophisticated rootkits, alongside a variety of open-source tools primarily developed by Chinese-speaking programmers.” The attack infrastructure utilized by Houken features a mix of components, including commercial VPNs and other tools.

Chinese Hackers Target French Government and Telecoms Using Ivanti CSA Zero-Days On July 3, 2025, the French cybersecurity agency disclosed a significant cyberattack that has affected various sectors, including government, telecommunications, media, finance, and transport. The assault has been attributed to a Chinese hacking collective that exploited multiple zero-day vulnerabilities…

Read More

Chinese Hackers Exploit Ivanti CSA Zero-Days to Target French Government and Telecoms

On July 3, 2025, France’s cybersecurity agency disclosed that multiple sectors—including government, telecommunications, media, finance, and transport—were affected by a cyber campaign led by a Chinese hacking group. This group exploited several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, identified in early September 2024, has been linked to an intrusion set known as Houken, which reportedly shares characteristics with the threat cluster tracked by Google Mandiant as UNC5174 (also referred to as Uteus or Uetus). According to the French National Agency for the Security of Information Systems (ANSSI), “Houken’s operators use both zero-day vulnerabilities and sophisticated rootkits, alongside a variety of open-source tools primarily developed by Chinese-speaking programmers.” The attack infrastructure utilized by Houken features a mix of components, including commercial VPNs and other tools.

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.

Lazarus Group Exploits Google Chrome Vulnerability to Compromise Targeted Devices On October 24, 2024, cybersecurity experts revealed that the Lazarus Group, a notorious North Korean cyber threat actor, has exploited a recently patched zero-day vulnerability in Google Chrome to gain control over infected devices. The findings were reported by Kaspersky,…

Read More

Lazarus Group Leverages Google Chrome Vulnerability to Take Control of Compromised Devices

Oct 24, 2024
Vulnerability / Cyber Attack

The Lazarus Group, a North Korean cyber threat actor, has been linked to the exploitation of a zero-day vulnerability in Google Chrome, allowing them to control infected devices. Cybersecurity firm Kaspersky reported this discovery, which stemmed from a new attack chain identified in May 2024. The attack targeted the personal computer of an unnamed Russian individual using the Manuscrypt backdoor. This involved triggering the zero-day exploit simply by visiting a counterfeit gaming website, “detankzone[.]com,” which aimed at cryptocurrency users. It is believed this campaign began in February 2024. Kaspersky researchers Boris Larin and Vasily Berdnikov noted that the website masqueraded as a professionally designed page for a decentralized finance (DeFi) NFT-based multiplayer online battle arena (MOBA) tank game, enticing users to download a trial version. However, this was merely a façade.