The Breach News

Sorry, Mr. Altman, But Passwords Aren’t Making a Comeback

AI-Based Attacks, Artificial Intelligence & Machine Learning, Fraud Management & Cybercrime OpenAI CEO Asserts AI Surpasses Voice Recognition, While Experts Remain Skeptical Suparna Goswami (gsuparna) • August 6, 2025 OpenAI CEO Sam Altman (Image: U.S. Senate) OpenAI’s CEO Sam Altman recently claimed that artificial intelligence has essentially “defeated” most current…

Read MoreSorry, Mr. Altman, But Passwords Aren’t Making a Comeback

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…

Read More

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

Crypto Wrench Attacks Soar 90% in 2025 Due to Data Breaches and Extortion Threats

The number of violent “wrench attacks” targeting cryptocurrency holders has escalated alarmingly in 2025, as reported by Alena Vranova, founder of SatoshiLabs, a hardware wallet manufacturer. During her address at the Baltic Honeybadger 2025 conference held in Riga, Latvia, she highlighted the alarming frequency of these attacks, which encompass kidnappings,…

Read MoreCrypto Wrench Attacks Soar 90% in 2025 Due to Data Breaches and Extortion Threats

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

Critical Vulnerability in mcp-remote Poses Serious Threat with Potential for Remote Code Execution July 10, 2025 In a significant development within the cybersecurity landscape, researchers have identified a critical vulnerability in the open-source mcp-remote project, a tool used widely in the integration of large language model (LLM) applications. This flaw,…

Read More

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait On November 7, 2024, cybersecurity experts from ESET reported a significant development in cyber espionage, revealing that the China-aligned hacking group known as MirrorFace has set its sights on a diplomatic organization within the European Union. This marks a…

Read More

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

A Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure

Streaming Service Vulnerabilities Exposed at Defcon Conference Recent revelations at the Defcon security conference in Las Vegas have shed light on critical vulnerabilities present in some streaming platforms, particularly those utilized for corporate broadcasts and sports live streams. Leading streaming services like Netflix and Disney+ have made significant investments to…

Read MoreA Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure

UnitedHealth Group Faces New Challenges After Recent Health Data Breach

Data Breach Notification, Data Privacy, Data Security Lawmakers Press UnitedHealth Group for Clarification Following New Breach Marianne Kolbasuk McGee (HealthInfoSec) • August 7, 2025 Recent developments have placed UnitedHealth Group (UHG) in a precarious position following the revelation of a significant breach involving its subsidiary, Episource, which reportedly affects 5.4…

Read MoreUnitedHealth Group Faces New Challenges After Recent Health Data Breach

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…

Read More

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Allianz Data Breach Reveals Widespread Vulnerabilities Impacting All Users

Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg © 2021 Bloomberg Finance LP Data breaches pose significant threats to individuals and businesses alike, often resulting in identity theft and associated financial damages. In 2023 alone, approximately 5.5 billion accounts were compromised due to data breaches worldwide, marking…

Read MoreAllianz Data Breach Reveals Widespread Vulnerabilities Impacting All Users