The Breach News

New “DoubleClickjacking” Exploit Circumvents Clickjacking Safeguards on Leading Websites

Cybersecurity experts have recently unveiled a new campaign characterized by a “widespread timing-based vulnerability class,” which utilizes a double-click sequence to enable clickjacking attacks and unauthorized account access across prominent websites. This technique, termed DoubleClickjacking by researcher Paulos Yibelo, marks a significant evolution in traditional clickjacking methods. Yibelo emphasizes that…

Read MoreNew “DoubleClickjacking” Exploit Circumvents Clickjacking Safeguards on Leading Websites

AI Security Gains Traction as Vendors Ramp Up M&A Investments

Rising Threats in AI Security: Major Acquisitions Signal Industry Response Recent months have witnessed a significant surge in artificial intelligence security acquisitions as leading vendors vie to solidify their foothold in safeguarding AI-driven systems, applications, and workflows. This escalation in activity reflects the industry’s heightened awareness of AI’s vulnerabilities and…

Read MoreAI Security Gains Traction as Vendors Ramp Up M&A Investments

New Hacker Group ‘GambleForce’ Targets APAC Firms with SQL Injection Attacks

Recent cybersecurity reports have surfaced detailing a series of SQL injection attacks attributed to a newly identified hacker group named GambleForce. This group has predominantly targeted organizations across the Asia-Pacific (APAC) region since September 2023, raising significant concerns regarding the vulnerabilities in web application security practices. According to Group-IB, a…

Read MoreNew Hacker Group ‘GambleForce’ Targets APAC Firms with SQL Injection Attacks

Major Security Vulnerabilities Resolved in Microsoft Dynamics 365 and Power Apps Web API

Recent reports have highlighted three critical security vulnerabilities within the Microsoft Dynamics 365 and Power Apps Web API. These exploits, which could lead to unauthorized data exposure, have been addressed as of May 2024, following detection by Stratus Security, a cybersecurity firm based in Melbourne. The vulnerabilities identified reflect significant…

Read MoreMajor Security Vulnerabilities Resolved in Microsoft Dynamics 365 and Power Apps Web API

Ukraine Remains Under Cyber Espionage Attacks from Russian Hackers

Recent cybersecurity investigations have revealed a series of infiltration attempts by a Russian-affiliated hacking group known as Gamaredon, targeting Ukrainian entities as early as July 2021. Broadcom subsidiary Symantec released findings on Monday highlighting the group’s consistent activity in cyberespionage, a pattern they’ve maintained since at least 2013. Ukrainian intelligence…

Read MoreUkraine Remains Under Cyber Espionage Attacks from Russian Hackers

Emerging KV-Botnet Targets Cisco, DrayTek, and Fortinet Devices for Covert Attacks

A sophisticated botnet identified as the KV-botnet is exploiting vulnerabilities in devices from well-known manufacturers—specifically Cisco, DrayTek, Fortinet, and NETGEAR—to create a covert data transfer network. This network is being utilized by advanced persistent threat (APT) actors, including the China-linked group known as Volt Typhoon. According to Black Lotus Labs…

Read MoreEmerging KV-Botnet Targets Cisco, DrayTek, and Fortinet Devices for Covert Attacks