The Breach News

Nation-State Actors Exploit Ivanti VPN Zero-Days to Deploy Five Families of Malware

Recent reports have detailed a sophisticated cybersecurity incident affecting Ivanti Connect Secure (ICS) VPN appliances, where suspected nation-state actors have exploited two critical zero-day vulnerabilities since early December 2023. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have enabled attackers to deploy multiple malware families, allowing them to bypass authentication mechanisms…

Read MoreNation-State Actors Exploit Ivanti VPN Zero-Days to Deploy Five Families of Malware

New Linux Malware Extracts Call Data from VoIP Softswitch Systems

New Linux Malware Targets VoIP Systems to Steal Call Metadata Cybersecurity experts have identified a novel strain of Linux malware named “CDRThief,” specifically engineered to exploit vulnerabilities in voice over IP (VoIP) softswitches. This malware aims to extract sensitive phone call metadata from compromised systems, raising significant concerns for businesses…

Read MoreNew Linux Malware Extracts Call Data from VoIP Softswitch Systems

Microsoft to Retire Decades-Old Obsolete Cipher That Has Caused Widespread Issues

Microsoft has disclosed its ongoing efforts to phase out the RC4 cryptographic algorithm, a challenge that has persisted for over a decade. According to Steve Syfuhs, who leads the Windows Authentication team at Microsoft, eliminating an algorithm that has been a part of operating systems for the last 25 years…

Read MoreMicrosoft to Retire Decades-Old Obsolete Cipher That Has Caused Widespread Issues

T-Mobile Data Breach: 2 Million Customers’ Personal Information Compromised

T-Mobile Confirms Data Breach Affecting Up to 2 Million Customers T-Mobile has announced a significant security breach on its U.S. servers, revealing that sensitive personal information for nearly 2 million customers may have been compromised. The incident occurred on August 20, and T-Mobile disclosed that the exposed data includes names,…

Read MoreT-Mobile Data Breach: 2 Million Customers’ Personal Information Compromised

16TB MongoDB Database Leaks 4.3 Billion Lead Generation Records – Hackread – Cybersecurity News, Data Breaches, AI, and More

In a significant revelation that raises alarms for professionals regarding online privacy, cybersecurity researcher Bob Diachenko, in collaboration with nexos.ai, uncovered an unsecured MongoDB database on November 23, 2025. This massive dataset, consisting of approximately 16 terabytes (TB) of information, was left exposed on the internet, revealing an astonishing 4.3…

Read More16TB MongoDB Database Leaks 4.3 Billion Lead Generation Records – Hackread – Cybersecurity News, Data Breaches, AI, and More

GitHub Scanner for React2Shell (CVE-2025-55182) Revealed as Malware – Hackread: Cybersecurity News, Data Breaches, AI, and More

Malicious GitHub Repository Impersonating CVE-2025-55182 Scanner Exposed A GitHub repository masquerading as a vulnerability scanner for CVE-2025-55182, commonly known as “React2Shell,” was recently uncovered as a source of malware. The project, titled React2shell-scanner, was associated with the GitHub user niha0wa but has been removed from the platform after community alerts…

Read MoreGitHub Scanner for React2Shell (CVE-2025-55182) Revealed as Malware – Hackread: Cybersecurity News, Data Breaches, AI, and More

New Report Analyzes COVID-19’s Effect on Cybersecurity

Cybersecurity professionals have been well aware that cybercriminals would exploit the uncertainty surrounding the COVID-19 pandemic to enhance their cyberattacks. Malicious communications have frequently incorporated COVID-19 themes, leveraging public fear to increase their effectiveness. Though anecdotal evidence has suggested various forms of pandemic-related cyberattacks, concrete data regarding their true impact…

Read MoreNew Report Analyzes COVID-19’s Effect on Cybersecurity

Elastic Offers On-Demand Free Training for Open Source

Elastic Expands Security Training with Modular, Accessible Learning Elastic, a company rooted in open-source technology, has recently unveiled enhancements to its training offerings, emphasizing modular learning and practical skill development. This initiative aligns with Elastic’s commitment to transparency and free access to knowledge, reinforcing its foundational principles as it makes…

Read MoreElastic Offers On-Demand Free Training for Open Source