The Breach News

Adult Websites Hiding Exploit Code in Inappropriate .svg Files

Obfuscated Code Found in SVG Files from Pornography Sites Triggers Malicious Attacks Recent findings from cybersecurity firm Malwarebytes have revealed alarming vulnerabilities in the use of SVG file formats on various adult-themed websites. Researchers discovered that these sites were deploying obfuscated JavaScript within SVG files, which, when downloaded, initiate a…

Read MoreAdult Websites Hiding Exploit Code in Inappropriate .svg Files

French Company Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers

Data Breach at Bouygues Telecom Affects 6.4 Million Customers Pierluigi Paganini August 08, 2025 Bouygues Telecom Reports Cyberattack Compromising Customer Data Bouygues Telecom has confirmed that it experienced a significant cyberattack, resulting in the exposure of personal information of approximately 6.4 million of its customers. This French telecommunications provider, a…

Read MoreFrench Company Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Google AI “Big Sleep” Detects Critical SQLite Vulnerability Before Exploitation Could Occur On July 16, 2025, Google announced a significant achievement in cybersecurity through its AI-driven vulnerability assessment tool, known as Big Sleep. This large language model (LLM)-assisted framework successfully detected a critical security vulnerability in the widely used SQLite…

Read More

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Warning: Ongoing Attack Campaign Compromises Over 2,000 Palo Alto Networks Devices November 21, 2024 In a concerning development in cybersecurity, it has been reported that approximately 2,000 devices from Palo Alto Networks have been compromised as a result of an ongoing attack campaign leveraging recently uncovered security vulnerabilities. The Shadowserver…

Read More

Alert: Over 2,000 Palo Alto Networks Devices Compromised in Ongoing Cyber Attack Campaign

As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).

Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.

Ex-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry

The recent shifts in the United States’ cybersecurity landscape illustrate a tumultuous period marked by significant policy changes under the Trump administration. The alterations to fiscal policy and foreign relations, coupled with widespread dismissals of federal staff, have left crucial cybersecurity priorities shrouded in uncertainty. This concern was evident at…

Read MoreEx-NSA Chief Paul Nakasone Issues a Caution to the Tech Industry

Australian Privacy Regulator Takes Legal Action Against Optus Following 2022 Hack

Data Privacy, Data Security, Geo Focus: Australia Telecom Faces Potential Fines Up to $2.22 Million per Violation Akshaya Asokan (asokan_akshaya) • August 8, 2025 Image: Marlon Trottmann/Shutterstock The Australian Information Commissioner has initiated legal action against Optus, one of the country’s largest telecommunications companies, alleging the firm failed to adequately…

Read MoreAustralian Privacy Regulator Takes Legal Action Against Optus Following 2022 Hack

860K Affected in Columbia University Data Breach – Dark Reading | Cybersecurity News

860,000 Affected by Data Breach at Columbia University In a significant security incident, Columbia University has reported a data breach that has compromised the personal information of approximately 860,000 individuals. The university, based in the United States, has disclosed that sensitive data was potentially accessed by unauthorized actors, raising serious…

Read More860K Affected in Columbia University Data Breach – Dark Reading | Cybersecurity News

Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558

Jul 16, 2025
Browser Security / Zero-Day

On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.

Urgent: Critical Chrome Update Released by Google to Address CVE-2025-6558 Exploit On July 16, 2025, Google announced significant updates to its Chrome web browser, patching six security vulnerabilities, one of which is particularly concerning as it has already been exploited in the wild. This flaw, identified as CVE-2025-6558, has been…

Read More

Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558

Jul 16, 2025
Browser Security / Zero-Day

On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.