The Breach News

Citrix Issues Urgent Patches for Actively Exploited Vulnerability CVE-2025-6543 in NetScaler ADC

June 25, 2025
Vulnerability / Network Security

Citrix has launched critical security updates to address a significant vulnerability in NetScaler ADC, which is currently being exploited in the wild. This vulnerability, identified as CVE-2025-6543, has a CVSS score of 9.2 out of 10. It involves a memory overflow issue that could lead to unintended control flow and potential denial-of-service attacks. Successful exploitation requires the appliance to be set up as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The affected versions include:

  • NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
  • NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
  • NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
  • NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP

Citrix has indicated that vulnerabilities also impact “Secure Private Access on-prem or Secure Private Access Hybrid” deployments utilizing NetScaler instances.

Citrix Issues Urgent Security Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC On June 25, 2025, Citrix took decisive action in response to a critical vulnerability identified as CVE-2025-6543 affecting its NetScaler ADC products. This flaw has been reportedly exploited in active cyber attacks, prompting Citrix to roll out emergency…

Read More

Citrix Issues Urgent Patches for Actively Exploited Vulnerability CVE-2025-6543 in NetScaler ADC

June 25, 2025
Vulnerability / Network Security

Citrix has launched critical security updates to address a significant vulnerability in NetScaler ADC, which is currently being exploited in the wild. This vulnerability, identified as CVE-2025-6543, has a CVSS score of 9.2 out of 10. It involves a memory overflow issue that could lead to unintended control flow and potential denial-of-service attacks. Successful exploitation requires the appliance to be set up as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The affected versions include:

  • NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46
  • NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19
  • NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life)
  • NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP

Citrix has indicated that vulnerabilities also impact “Secure Private Access on-prem or Secure Private Access Hybrid” deployments utilizing NetScaler instances.

Ukraine Prohibits Telegram Use Among Government and Military Staff

September 21, 2024
National Security / Cybersecurity

Ukraine has banned the use of the Telegram messaging app by government officials, military staff, and personnel involved in defense and critical infrastructure, citing national security reasons. The announcement was made by the National Coordination Centre for Cybersecurity (NCCC) via a Facebook post. Kyrylo Budanov, head of Ukraine’s GUR military intelligence agency, emphasized, “While I support freedom of speech, the issue regarding Telegram transcends that; it is fundamentally a matter of national security.” The National Security and Defense Council (NSDC) noted that Telegram is “actively exploited by adversaries” for cyber attacks, disseminating phishing messages and malware, monitoring users’ locations, and collecting intelligence to assist Russian military operations against Ukrainian targets. Consequently, the use of Telegram is now prohibited on official devices for government employees.

Ukraine Prohibits Telegram for Government and Military Personnel Amid Security Concerns September 21, 2024 In a decisive move aimed at bolstering national security, Ukraine has enacted a ban on the use of the Telegram messaging platform among government officials, military personnel, and workers involved in defense and critical infrastructure. The…

Read More

Ukraine Prohibits Telegram Use Among Government and Military Staff

September 21, 2024
National Security / Cybersecurity

Ukraine has banned the use of the Telegram messaging app by government officials, military staff, and personnel involved in defense and critical infrastructure, citing national security reasons. The announcement was made by the National Coordination Centre for Cybersecurity (NCCC) via a Facebook post. Kyrylo Budanov, head of Ukraine’s GUR military intelligence agency, emphasized, “While I support freedom of speech, the issue regarding Telegram transcends that; it is fundamentally a matter of national security.” The National Security and Defense Council (NSDC) noted that Telegram is “actively exploited by adversaries” for cyber attacks, disseminating phishing messages and malware, monitoring users’ locations, and collecting intelligence to assist Russian military operations against Ukrainian targets. Consequently, the use of Telegram is now prohibited on official devices for government employees.

Fortifying the Cloud: Developing Robust, Cross-Platform Network Protections for Hybrid and Multi-Cloud Environments Webinar.

Welcome to ISMG Registration Enhance your profile to remain informed Select Your Title LevelAnalytics/Architecture/EngineeringAttorney / General Counsel / CounselAssistant Vice President (AVP)Board MemberC-suite ExecutiveC-suite – OtherChief Communications Officer (CCO)Chief Executive Officer (CEO)Chief Financial Officer (CFO)ChairpersonChief Information Officer (CIO)Chief Information Security Officer (CISO)CISO/CIOChief Operating Officer (COO)Chief Risk Officer (CRO)Chief Technology Officer…

Read MoreFortifying the Cloud: Developing Robust, Cross-Platform Network Protections for Hybrid and Multi-Cloud Environments Webinar.

FBI Warns Law Firms of Luna Moth’s Stealthy Phishing Campaign

May 27, 2025
Data Breach / Social Engineering

The FBI has issued a warning regarding a series of social engineering attacks targeting law firms, attributed to a criminal group known as Luna Moth. This campaign has been ongoing for the past two years, utilizing IT-themed social engineering calls and callback phishing emails to gain remote access to devices and steal sensitive information for extortion purposes. Also referred to as Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, Luna Moth has been active since at least 2022, primarily employing a tactic called callback phishing, or Telephone-Oriented Attack Delivery (TOAD), to deceive users into calling phone numbers found in seemingly innocuous phishing emails related to invoices and subscription payments. Notably, Luna Moth is the same hacking group responsible for the previous BazarCall campaigns that deployed ransomware such as Conti.

FBI Warns Law Firms of Luna Moth’s Covert Phishing Operations May 27, 2025 Data Breach / Social Engineering The Federal Bureau of Investigation (FBI) has issued a significant alert regarding a series of sophisticated social engineering attacks orchestrated by a criminal group known as Luna Moth. This group has specifically…

Read More

FBI Warns Law Firms of Luna Moth’s Stealthy Phishing Campaign

May 27, 2025
Data Breach / Social Engineering

The FBI has issued a warning regarding a series of social engineering attacks targeting law firms, attributed to a criminal group known as Luna Moth. This campaign has been ongoing for the past two years, utilizing IT-themed social engineering calls and callback phishing emails to gain remote access to devices and steal sensitive information for extortion purposes. Also referred to as Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, Luna Moth has been active since at least 2022, primarily employing a tactic called callback phishing, or Telephone-Oriented Attack Delivery (TOAD), to deceive users into calling phone numbers found in seemingly innocuous phishing emails related to invoices and subscription payments. Notably, Luna Moth is the same hacking group responsible for the previous BazarCall campaigns that deployed ransomware such as Conti.

AT&T’s $17 Million Data Breach Settlement: Claim Up to $7,500 with These Steps

AT&T Inc. (NYSE: T) has proposed a settlement of up to $177 million for its customers, potentially providing affected individuals up to $7,500 each. This announcement is the result of two major data breaches that compromised sensitive information for millions of AT&T users. Incident Overview: The settlement under discussion allocates…

Read MoreAT&T’s $17 Million Data Breach Settlement: Claim Up to $7,500 with These Steps

9% of Microsoft Entra SaaS Apps Still Vulnerable to nOAuth Exploits Two Years Post-Discovery

June 25, 2025
SaaS Security / Vulnerability

Recent findings highlight ongoing risks associated with a known security flaw in Microsoft Entra ID, which may allow malicious actors to execute account takeovers in certain software-as-a-service (SaaS) applications. Identity security firm Semperis analyzed 104 SaaS applications and discovered that nine remain vulnerable to Entra ID cross-tenant nOAuth abuse. Initially revealed by Descope in June 2023, nOAuth pertains to a flaw in the implementation of OpenID Connect (OIDC) by SaaS applications, which is an authentication layer built on OAuth for verifying user identities. This implementation flaw allows attackers to alter the mail attribute in an Entra ID account to that of a target, leveraging the app’s “Log in with Microsoft” feature to hijack the account. The attack is straightforward, exacerbated by Entra ID’s allowance for unverified email addresses, paving the way for user impersonation.

nOAuth Vulnerability Persists in 9% of Microsoft Entra SaaS Applications Two Years After Initial Identification June 25, 2025 Recent findings have revealed that a previously identified security vulnerability within Microsoft Entra ID continues to pose risks for certain software-as-a-service (SaaS) applications, potentially allowing malicious entities to exploit these weaknesses and…

Read More

9% of Microsoft Entra SaaS Apps Still Vulnerable to nOAuth Exploits Two Years Post-Discovery

June 25, 2025
SaaS Security / Vulnerability

Recent findings highlight ongoing risks associated with a known security flaw in Microsoft Entra ID, which may allow malicious actors to execute account takeovers in certain software-as-a-service (SaaS) applications. Identity security firm Semperis analyzed 104 SaaS applications and discovered that nine remain vulnerable to Entra ID cross-tenant nOAuth abuse. Initially revealed by Descope in June 2023, nOAuth pertains to a flaw in the implementation of OpenID Connect (OIDC) by SaaS applications, which is an authentication layer built on OAuth for verifying user identities. This implementation flaw allows attackers to alter the mail attribute in an Entra ID account to that of a target, leveraging the app’s “Log in with Microsoft” feature to hijack the account. The attack is straightforward, exacerbated by Entra ID’s allowance for unverified email addresses, paving the way for user impersonation.

North Korean Hackers Unleash New KLogEXE and FPSpy Malware in Targeted Assaults

Date: Sep 26, 2024
Category: Cyber Attack / Malware

Cybercriminals linked to North Korea have been detected deploying two new malware variants, KLogEXE and FPSpy. These activities have been connected to the threat group known as Kimsuky, also referred to as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These new samples expand Sparkling Pisces’ already extensive toolkit and highlight the group’s ongoing evolution and enhanced capabilities,” stated Palo Alto Networks Unit 42 researchers Daniel Frank and Lior Rochberger. Active since at least 2012, this group has earned the moniker “king of spear-phishing” for its skill in deceiving victims into downloading malware via emails that appear to originate from trusted sources. Unit 42’s investigation into Sparkling Pisces’ infrastructure has revealed the emergence of two new portable executables, KLogEXE and FPSpy. “These malware strains are known to be…

N. Korean Hackers Unleash New KLogEXE and FPSpy Malware in Targeted Campaigns On September 26, 2024, cybersecurity experts revealed that threat actors associated with North Korea have introduced two new malware strains, KLogEXE and FPSpy, into their cyber offensive toolkit. This initiative is linked to a group known as Kimsuky,…

Read More

North Korean Hackers Unleash New KLogEXE and FPSpy Malware in Targeted Assaults

Date: Sep 26, 2024
Category: Cyber Attack / Malware

Cybercriminals linked to North Korea have been detected deploying two new malware variants, KLogEXE and FPSpy. These activities have been connected to the threat group known as Kimsuky, also referred to as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These new samples expand Sparkling Pisces’ already extensive toolkit and highlight the group’s ongoing evolution and enhanced capabilities,” stated Palo Alto Networks Unit 42 researchers Daniel Frank and Lior Rochberger. Active since at least 2012, this group has earned the moniker “king of spear-phishing” for its skill in deceiving victims into downloading malware via emails that appear to originate from trusted sources. Unit 42’s investigation into Sparkling Pisces’ infrastructure has revealed the emergence of two new portable executables, KLogEXE and FPSpy. “These malware strains are known to be…

Navigating Diverse State AI Regulations Amid US Deregulation

Agentic AI, Artificial Intelligence & Machine Learning, Government Schellman CEO Avani Desai Discusses Balancing Innovation and Compliance Amid Market Changes Anna Delaney (annamadeline) • August 15, 2025 Avani Desai, CEO, Schellman The recent AI action plan initiated by the Trump administration marks a significant shift towards deregulation, effectively lifting a…

Read MoreNavigating Diverse State AI Regulations Amid US Deregulation

Czech Republic Accuses China-Linked APT31 Hackers in 2022 Cyberattack on Foreign Ministry

May 28, 2025
Cybersecurity / Cyber Espionage

On Wednesday, the Czech Republic officially charged a threat actor connected to the People’s Republic of China (PRC) with a cyber intrusion targeting its Ministry of Foreign Affairs. In a public announcement, the government revealed that it identified China as responsible for a malicious campaign affecting one of the Ministry’s unclassified networks. The full scope of the breach remains unclear. “The malicious activity […] began in 2022 and impacted an institution designated as critical infrastructure in the Czech Republic,” the statement said. The attack has been linked to the state-sponsored group APT31, which overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium). This hacking group, publicly associated with the Ministry of State Security (MSS) and the Hubei State Security Department, has been active since at least 2010, according to the U.S. Department of…

Czech Republic Accuses China-Linked APT31 of 2022 Cyberattack On May 28, 2025, the Czech Republic’s government officially attributed a cyberattack that took place in 2022 to a state-sponsored actor linked to the People’s Republic of China (PRC). The targeted entity was the Czech Ministry of Foreign Affairs, specifically its unclassified…

Read More

Czech Republic Accuses China-Linked APT31 Hackers in 2022 Cyberattack on Foreign Ministry

May 28, 2025
Cybersecurity / Cyber Espionage

On Wednesday, the Czech Republic officially charged a threat actor connected to the People’s Republic of China (PRC) with a cyber intrusion targeting its Ministry of Foreign Affairs. In a public announcement, the government revealed that it identified China as responsible for a malicious campaign affecting one of the Ministry’s unclassified networks. The full scope of the breach remains unclear. “The malicious activity […] began in 2022 and impacted an institution designated as critical infrastructure in the Czech Republic,” the statement said. The attack has been linked to the state-sponsored group APT31, which overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium). This hacking group, publicly associated with the Ministry of State Security (MSS) and the Hubei State Security Department, has been active since at least 2010, according to the U.S. Department of…