The Breach News

Weekly Cybersecurity Update: Key Threats, Tools, and Best Practices (Nov 18 – Nov 24)

November 25, 2024 | Cybersecurity / Critical Updates

Terms like “state-sponsored attacks” and “critical vulnerabilities” frequently fill our news feeds, but what do they truly entail? This week’s cybersecurity highlights extend beyond mere headlines—they illuminate how digital risks impact our everyday lives more than we might realize. For example, breaches in telecom networks involve far more than data theft; they pose serious threats to our fundamental communications and business operations. Those technical CVEs aren’t just numbers; they represent potential vulnerabilities in your everyday tools, from smartphones to workplace software, functioning like ticking time bombs.

These issues matter to everyone, not just experts. They remind us how easily the digital landscape we depend on can become a threat—but they also underscore the importance of remaining informed and proactive. Join us as we dive into this week’s recap to explore these risks, uncover effective solutions, and discover actionable steps we can all take to enhance our security.

Cybersecurity Update: Key Threats and Trends for the Week of November 18 – November 24 Published on November 25, 2024 In recent weeks, discussions around cybersecurity have underscored pervasive themes such as “state-sponsored attacks” and “critical vulnerabilities.” However, the implications behind these phrases extend beyond mere headlines. This week’s cybersecurity…

Read More

Weekly Cybersecurity Update: Key Threats, Tools, and Best Practices (Nov 18 – Nov 24)

November 25, 2024 | Cybersecurity / Critical Updates

Terms like “state-sponsored attacks” and “critical vulnerabilities” frequently fill our news feeds, but what do they truly entail? This week’s cybersecurity highlights extend beyond mere headlines—they illuminate how digital risks impact our everyday lives more than we might realize. For example, breaches in telecom networks involve far more than data theft; they pose serious threats to our fundamental communications and business operations. Those technical CVEs aren’t just numbers; they represent potential vulnerabilities in your everyday tools, from smartphones to workplace software, functioning like ticking time bombs.

These issues matter to everyone, not just experts. They remind us how easily the digital landscape we depend on can become a threat—but they also underscore the importance of remaining informed and proactive. Join us as we dive into this week’s recap to explore these risks, uncover effective solutions, and discover actionable steps we can all take to enhance our security.

Nvidia Challenges Claims of Chinese ‘Kill-Switch’ ਰਹਿਤ

Artificial Intelligence & Machine Learning, Legislation, Next-Generation Technologies & Secure Development Chipmaker Argues Against Increasing US Pressure for New Security Requirements Chris Riotta (@chrisriotta) • August 7, 2025 Image: Stock All/Shutterstock Nvidia, a leader in AI chip manufacturing, has dismissed allegations from China’s cybersecurity agency asserting that its H20 chips…

Read MoreNvidia Challenges Claims of Chinese ‘Kill-Switch’ ਰਹਿਤ

Alera Group Alerts 155,000 Individuals Regarding July 2024 Cybersecurity Breach – The HIPAA Journal

Alera Group Alerts 155,000 Individuals Following July 2024 Cybersecurity Breach The Alera Group has recently informed approximately 155,000 individuals about a significant hacking incident that occurred in July 2024. This breach underscores the escalating threat landscape faced by organizations today, particularly in terms of safeguarding sensitive information. The company, known…

Read MoreAlera Group Alerts 155,000 Individuals Regarding July 2024 Cybersecurity Breach – The HIPAA Journal

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

UNC6148 Targets Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit On July 16, 2025, cybersecurity analysts from the Google Threat Intelligence Group (GTIG) disclosed a troubling trend involving UNC6148, a hacking group targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 Series appliances. The campaign, which began around October 2024,…

Read More

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

APT-C-60 Hackers Target Japanese Organization with SpyGlace Malware Campaign On November 27, 2024, cybersecurity experts at JPCERT/CC reported a sophisticated cyber attack tied to the APT-C-60 hacker group, which has gained notoriety for its ties to South Korean cyber espionage activities. This recent intrusion specifically targeted an unnamed organization based…

Read More

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

“IBM Report Reveals India’s Average Data Breach Cost Reaches ₹220 Million in 2025, Highlights AI Security Vulnerabilities” – Business Today

India’s Cybersecurity Landscape: Average Data Breach Costs Reach ₹220 Million by 2025, IBM Report Reveals A recent report released by IBM reveals alarming trends in the cybersecurity landscape of India, indicating that the average cost of data breaches is projected to escalate to ₹220 million by the year 2025. This…

Read More“IBM Report Reveals India’s Average Data Breach Cost Reaches ₹220 Million in 2025, Highlights AI Security Vulnerabilities” – Business Today