The Breach News

Cisco Alerts Users to Critical ISE Vulnerability Allowing Unauthenticated Root Access

On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.

According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.

Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially cataloged as CVE-2025-20337, this flaw allows unauthenticated attackers to execute…

Read More

Cisco Alerts Users to Critical ISE Vulnerability Allowing Unauthenticated Root Access

On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.

According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.

Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses

December 3, 2024
Threat Intelligence / Email Security

The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.

Kimsuky Hackers Leverage Russian Email Domains in Credential Theft Operations December 3, 2024 Threat Intelligence / Email Security Recent investigations have revealed that Kimsuky, a North Korea-affiliated hacking group, has shifted its phishing tactics, now utilizing email addresses registered in Russia to facilitate credential theft. This intelligence, reported by South…

Read More

Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses

December 3, 2024
Threat Intelligence / Email Security

The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.

Google Verifies Salesforce Data Breach Caused by ShinyHunters Through Vishing Scam

In a significant security incident, Google has acknowledged that one of its internal databases was compromised by the notorious cybercriminal group known as ShinyHunters (also identified as UNC6040). The Google Threat Intelligence Group (GTIC) reported that the unauthorized access to its Salesforce database occurred in June and involved the exposure…

Read MoreGoogle Verifies Salesforce Data Breach Caused by ShinyHunters Through Vishing Scam

Microsoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

Governance & Risk Management, Legacy Infrastructure Security CISA Issues Emergency Directive Mandating Federal Agencies Address Vulnerability Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • August 7, 2025 Image: Microsoft/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive urging federal agencies to address a critical vulnerability affecting Microsoft…

Read MoreMicrosoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

Payback: ‘ShinyHunters’ Targets Google Through Salesforce – Dark Reading | Security

Payback: ‘ShinyHunters’ Hacks Google via Salesforce In a recent cybersecurity incident, the notorious hacking group known as ‘ShinyHunters’ has reportedly executed a significant breach targeting Google by leveraging vulnerabilities in Salesforce. This breach adds another chapter to the ongoing saga of cyber threats plaguing major tech entities, highlighting the persistent…

Read MorePayback: ‘ShinyHunters’ Targets Google Through Salesforce – Dark Reading | Security

Cyber Attackers Leverage Apache HTTP Server Vulnerability to Install Linuxsys Cryptocurrency Miner

July 17, 2025
Cryptocurrency / Security Threats

Recent findings by cybersecurity experts reveal a new campaign that targets a known vulnerability in the Apache HTTP Server to deploy a cryptocurrency miner named Linuxsys. This vulnerability, identified as CVE-2021-41773, carries a high severity rating (CVSS score: 7.5) and involves a path traversal issue in Apache HTTP Server version 2.4.49, which allows for remote code execution. According to Jacob Baines from VulnCheck, “Attackers exploit compromised legitimate websites to disseminate malware, facilitating hidden delivery and evasion of detection.” The infection process, traced back to an Indonesian IP address (103.193.177[.]152), aims to transfer a subsequent payload from “repositorylinux[.]org” using tools like curl or wget. This payload, a shell script, is tasked with downloading the Linuxsys cryptocurrency miner from five separate legitimate sites, indicating that the threat actors…

Hackers Target Apache HTTP Server Vulnerability to Deploy Linuxsys Cryptocurrency Miner On July 17, 2025, cybersecurity experts reported a dangerous campaign exploiting a vulnerability in the Apache HTTP Server, enabling attackers to deploy a cryptocurrency miner known as Linuxsys. This specific flaw, identified as CVE-2021-41773, carries a high severity rating…

Read More

Cyber Attackers Leverage Apache HTTP Server Vulnerability to Install Linuxsys Cryptocurrency Miner

July 17, 2025
Cryptocurrency / Security Threats

Recent findings by cybersecurity experts reveal a new campaign that targets a known vulnerability in the Apache HTTP Server to deploy a cryptocurrency miner named Linuxsys. This vulnerability, identified as CVE-2021-41773, carries a high severity rating (CVSS score: 7.5) and involves a path traversal issue in Apache HTTP Server version 2.4.49, which allows for remote code execution. According to Jacob Baines from VulnCheck, “Attackers exploit compromised legitimate websites to disseminate malware, facilitating hidden delivery and evasion of detection.” The infection process, traced back to an Indonesian IP address (103.193.177[.]152), aims to transfer a subsequent payload from “repositorylinux[.]org” using tools like curl or wget. This payload, a shell script, is tasked with downloading the Linuxsys cryptocurrency miner from five separate legitimate sites, indicating that the threat actors…

Understanding Deepfake Vishing Attacks: How They Operate and Why Detection is Challenging

In recent developments, instances of fraudulent calls utilizing artificial intelligence to replicate familiar voices have surfaced with alarming frequency. These scams often manipulate the voice of a grandchild, colleague, or executive to convey urgent messages, compelling victims to rapidly wire money, share sensitive information, or visit harmful websites. The deceptive…

Read MoreUnderstanding Deepfake Vishing Attacks: How They Operate and Why Detection is Challenging

Dialysis Company Breach Impacts 1 Million People, Incurred Costs of $13.5 Million So Far

Data Breach Notification, Data Security, Fraud Management & Cybercrime Interlock Claims to Possess 1.5TB of DaVita’s Data Amid Rising Costs Marianne Kolbasuk McGee (HealthInfoSec) • August 6, 2025 Image: DaVita Inc. DaVita Inc., a leading provider in kidney dialysis services globally, recently reported to regulators that a cyberattack occurring in…

Read MoreDialysis Company Breach Impacts 1 Million People, Incurred Costs of $13.5 Million So Far

Air France and KLM Confirm Theft of Customer Data in Third-Party Breach

Cybersecurity has suffered another blow as hackers have reportedly accessed personal information belonging to potentially hundreds of customers of KLM and Air France through a supply chain attack. This alarming breach was first unveiled in a report on KLM’s Dutch website, with a spokesperson from Air France-KLM confirming that the…

Read MoreAir France and KLM Confirm Theft of Customer Data in Third-Party Breach