The Breach News

CISA Includes Acclaim USAHERDS Vulnerability in KEV Catalog Due to Ongoing Exploitation

On December 23, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability affecting Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows verifiable evidence that the flaw has been actively exploited. The vulnerability, identified as CVE-2021-44207, has a CVSS…

Read MoreCISA Includes Acclaim USAHERDS Vulnerability in KEV Catalog Due to Ongoing Exploitation

Interpol Arrests 11 Members of Nigerian BEC Cybercrime Syndicate

A recent coordinated operation by law enforcement officials has led to the apprehension of 11 alleged members of a Nigerian cybercrime syndicate involved in numerous business email compromise (BEC) attacks. This group’s activities have reportedly targeted over 50,000 victims globally in recent years. The crackdown, termed Operation Falcon II, stemmed…

Read MoreInterpol Arrests 11 Members of Nigerian BEC Cybercrime Syndicate

Hackers Can Access 2FA Codes and Private Messages on Android Devices

New Android Vulnerability Exposes User Data to Attackers Recent research has unveiled a serious vulnerability affecting Android devices, enabling the covert theft of sensitive information, including two-factor authentication codes and user location histories, all within a mere 30 seconds. This attack, termed “Pixnapping,” was developed by a team of academic…

Read MoreHackers Can Access 2FA Codes and Private Messages on Android Devices

Okta Reveals Wider Implications Following October 2023 Support System Breach

Identity services provider Okta has reported discovering “additional threat actor activity” related to a breach affecting its support case management system that occurred in October 2023. The breach reportedly involved unauthorized access to the names and email addresses of all users within Okta’s customer support system, a significant concern for…

Read MoreOkta Reveals Wider Implications Following October 2023 Support System Breach

Chinese Owners Excluded from Dutch Chip Manufacturer Nexperia

Critical Infrastructure Security Dutch Ministry Implements National Security Law to Assume Control of Domestic Semiconductor Firm Anviksha More (AnvikshaMore), David Perera (@daveperera) • October 13, 2025 Image: Shutterstock The Dutch government has invoked a national security law to sever control of the semiconductor manufacturer Nexperia from its Chinese parent company,…

Read MoreChinese Owners Excluded from Dutch Chip Manufacturer Nexperia

SonicWall VPNs Experience a Breach Following September Cloud Backup Incident

New Discovery Unveils Credential-Driven Campaign Targeting SonicWall Devices Recent findings by cybersecurity firm Huntress reveal a new and concerning trend in cyberattacks, indicating a credential-based campaign aimed at SonicWall SSLVPN devices. The investigation, which began around October 4, detected significant login activity from IP addresses linked to attackers, including one…

Read MoreSonicWall VPNs Experience a Breach Following September Cloud Backup Incident

Severe SQL Injection Vulnerability in Apache Traffic Control Scores 9.9 CVSS — Immediate Patch Recommended

The Apache Software Foundation (ASF) has recently issued critical security updates to address a significant vulnerability in Apache Traffic Control. This flaw presents an opportunity for attackers to execute unauthorized Structured Query Language (SQL) commands against the database, should the exploit be successful. The vulnerability, identified as CVE-2024-45387, has been…

Read MoreSevere SQL Injection Vulnerability in Apache Traffic Control Scores 9.9 CVSS — Immediate Patch Recommended

Molerat Hackers Conceal New Espionage Attacks Within Public Cloud Infrastructure

An ongoing espionage initiative attributed to the threat group known as Molerats has been leveraging widely used cloud services, including Google Drive and Dropbox, as a method for distributing malware and facilitating command-and-control operations. This cyber offensive is reportedly focused on targets across the Middle East and has been active…

Read MoreMolerat Hackers Conceal New Espionage Attacks Within Public Cloud Infrastructure

Satellites Exposing Global Secrets: Intercepted Calls, Texts, and Sensitive Military and Corporate Information

Recent findings indicate that individuals around the globe could replicate a sensitive data collection operation, utilizing readily available satellite hardware. Researchers conducted an experiment employing standard satellite technology: a $185 satellite dish, a $140 roof mount, a $195 motor, and a $230 tuner card, all totaling under $800. This highlights…

Read MoreSatellites Exposing Global Secrets: Intercepted Calls, Texts, and Sensitive Military and Corporate Information