The Breach News

Sophos Releases Urgent Hotfixes for Critical Firewall Vulnerabilities: Essential Update to Prevent Exploitation

Sophos Issues Critical Security Hotfixes for Firewall Vulnerabilities Sophos has recently released crucial security hotfixes addressing three vulnerabilities within its Firewall products. These flaws could potentially be exploited to facilitate remote code execution, granting unauthorized privileged access to attackers under specific conditions, posing significant risks to organizations reliant on these…

Read MoreSophos Releases Urgent Hotfixes for Critical Firewall Vulnerabilities: Essential Update to Prevent Exploitation

FIN8 Hackers Detected Deploying New ‘White Rabbit’ Ransomware in Latest Attacks

A recently identified strain of ransomware, dubbed “White Rabbit,” has emerged, likely linked to the financially motivated threat actor known as FIN8. This malware was reportedly employed in an attack against a U.S.-based local bank in December 2021. According to research by Trend Micro, the technical characteristics of White Rabbit…

Read MoreFIN8 Hackers Detected Deploying New ‘White Rabbit’ Ransomware in Latest Attacks

NATO Chief Takes a Jibe at Russian Navy’s Red October Search: “They Need a Mechanic”

Russian Submarine Incident Off French Coast Raises Security Concerns Recently, Russia’s Kilo-class submarine, the Novorossiysk, surfaced near the French coast, prompting the Kremlin to maintain that there was no issue with the vessel. Russian officials asserted that the submarine was merely adhering to maritime rules for navigating the English Channel,…

Read MoreNATO Chief Takes a Jibe at Russian Navy’s Red October Search: “They Need a Mechanic”

Vulnerability in Google Workspace May Allow Unauthorized Access for Attackers

Recent vulnerability findings have unveiled a significant design flaw within Google Workspace’s domain-wide delegation (DWD) feature. Cybersecurity researchers have reported that this flaw could enable malicious actors to escalate privileges and gain unauthorized access to Google Workspace APIs, bypassing super admin requirements. The analysis highlights the seriousness of this vulnerability,…

Read MoreVulnerability in Google Workspace May Allow Unauthorized Access for Attackers

A Limited Set of Training Documents Can Enable a Backdoor in LLMs

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Study Reveals Minor Data Poisoning Can Compromise Large Language Models Rashmi Ramesh (rashmiramesh_) • October 14, 2025 Image: ArtemisDiana/Shutterstock Recent findings indicate that as few as a few hundred malicious training documents can lead a large language model (LLM) to…

Read MoreA Limited Set of Training Documents Can Enable a Backdoor in LLMs

Qantas and Collins Aerospace Incidents Highlight Necessity for Enhanced Assurance

Recent cyber incidents have underscored the vulnerabilities permeating the aviation sector. The latest episode, the significant data breach of Qantas, has put millions of personal records at risk, echoing previous security failures such as the breach involving Collins Aerospace. These incidents unveil a systemic fragility within a network of interlinked…

Read MoreQantas and Collins Aerospace Incidents Highlight Necessity for Enhanced Assurance

Apache Tomcat Vulnerability CVE-2024-56337 Poses RCE Risk to Servers

The Apache Software Foundation (ASF) has announced a critical security update for its Tomcat server software, addressing a significant vulnerability that could lead to remote code execution (RCE) under specific conditions. This update highlights vulnerabilities identified as CVE-2024-56337 and CVE-2024-50379, the latter of which has a CVSS score of 9.8,…

Read MoreApache Tomcat Vulnerability CVE-2024-56337 Poses RCE Risk to Servers

Hacking Team DoNot Targets Government and Military Entities in South Asia

A persistent threat actor, suspected to have ties to an Indian cybersecurity firm, has been actively attacking military organizations in South Asia since at least September 2020. The targeted nations include Bangladesh, Nepal, and Sri Lanka, with various iterations of their specialized malware framework used in each assault. According to…

Read MoreHacking Team DoNot Targets Government and Military Entities in South Asia

Hackers Develop New Method to Capture 2-Factor Authentication Codes from Android Devices

Recent reports reveal a concerning new attack method, identified as “Pixnapping,” that exposes vulnerabilities in Android devices, enabling attackers to surreptitiously acquire crucial information such as two-factor authentication codes, location data, and other sensitive details within a mere 30 seconds. The Pixnapping attack originates from a malicious app that must…

Read MoreHackers Develop New Method to Capture 2-Factor Authentication Codes from Android Devices