The Breach News

Insufficient AI Oversight Heightens Data Breach Threats

Cybersecurity Update: AI-Induced Breaches on the Rise The landscape of cybersecurity is shifting as organizations increasingly adopt artificial intelligence (AI) without adequate oversight, significantly heightening their security risks. According to IBM’s recent annual report on data breaches, approximately 16% of breaches in the past year have involved the use of…

Read MoreInsufficient AI Oversight Heightens Data Breach Threats

Microsoft Issues Critical Patch for SharePoint RCE Vulnerability Targeted in Ongoing Cyber Attacks

July 21, 2025
Server Security / Vulnerability

On Sunday, Microsoft released vital security updates to address an actively exploited vulnerability in SharePoint and provided details on another flaw that now has “more robust protections.” The company acknowledged it is “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” The exploited vulnerability, tracked as CVE-2025-53770 (CVSS score: 9.8), involves remote code execution due to the deserialization of untrusted data in on-premises versions of Microsoft SharePoint Server. The newly identified issue is a spoofing vulnerability (CVE-2025-53771, CVSS score: 7.1), discovered and reported by Viettel Cyber Security and an anonymous researcher. The flaw is linked to inadequate restrictions on pathnames, leading to potential path traversal in Microsoft Office SharePoint…

Microsoft Issues Urgent Security Patch for Critical SharePoint Vulnerability Amid Ongoing Cyber Attacks On July 21, 2025, Microsoft released critical security updates aimed at addressing a serious vulnerability in SharePoint that is currently being exploited in ongoing cyber attacks targeting on-premises customers. The company revealed that it is aware of…

Read More

Microsoft Issues Critical Patch for SharePoint RCE Vulnerability Targeted in Ongoing Cyber Attacks

July 21, 2025
Server Security / Vulnerability

On Sunday, Microsoft released vital security updates to address an actively exploited vulnerability in SharePoint and provided details on another flaw that now has “more robust protections.” The company acknowledged it is “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” The exploited vulnerability, tracked as CVE-2025-53770 (CVSS score: 9.8), involves remote code execution due to the deserialization of untrusted data in on-premises versions of Microsoft SharePoint Server. The newly identified issue is a spoofing vulnerability (CVE-2025-53771, CVSS score: 7.1), discovered and reported by Viettel Cyber Security and an anonymous researcher. The flaw is linked to inadequate restrictions on pathnames, leading to potential path traversal in Microsoft Office SharePoint…

Old D-Link Vulnerabilities Fuel Global Attacks by FICORA and Kaiten Botnets

Dec 27, 2024
Botnet / DDoS Attack

Cybersecurity experts are alerting to a rise in malicious activity that leverages outdated D-Link routers, involving two distinct botnets: a Mirai variant known as FICORA and a Kaiten variant referred to as CAPSAICIN. “These botnets are often propagated through well-documented vulnerabilities in D-Link devices, enabling remote attackers to execute harmful commands via GetDeviceSettings on the HNAP (Home Network Administration Protocol) interface,” noted Vincent Li, a researcher at Fortinet FortiGuard Labs, in a Thursday analysis. “This HNAP flaw was first revealed nearly ten years ago, affecting multiple devices across various CVE identifiers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.” According to telemetry data from the cybersecurity firm, attacks linked to FICORA have been globally dispersed, while those involving CAPSAICIN have predominantly targeted East Asian countries like Japan and Taiwan.

FICORA and Kaiten Botnets Target D-Link Vulnerabilities for Global Cyber Assaults On December 27, 2024, cybersecurity experts issued a cautionary update regarding a surge in cybercriminal activities leveraging outdated vulnerabilities in D-Link routers. These exploits have led to the formation of two distinct botnets: the Mirai variant identified as FICORA…

Read More

Old D-Link Vulnerabilities Fuel Global Attacks by FICORA and Kaiten Botnets

Dec 27, 2024
Botnet / DDoS Attack

Cybersecurity experts are alerting to a rise in malicious activity that leverages outdated D-Link routers, involving two distinct botnets: a Mirai variant known as FICORA and a Kaiten variant referred to as CAPSAICIN. “These botnets are often propagated through well-documented vulnerabilities in D-Link devices, enabling remote attackers to execute harmful commands via GetDeviceSettings on the HNAP (Home Network Administration Protocol) interface,” noted Vincent Li, a researcher at Fortinet FortiGuard Labs, in a Thursday analysis. “This HNAP flaw was first revealed nearly ten years ago, affecting multiple devices across various CVE identifiers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.” According to telemetry data from the cybersecurity firm, attacks linked to FICORA have been globally dispersed, while those involving CAPSAICIN have predominantly targeted East Asian countries like Japan and Taiwan.

Cloudflare: Perplexity’s Bots Bypass No-Crawl Directives

Artificial Intelligence & Machine Learning, Data Security, Next-Generation Technologies & Secure Development Allegations of Improper Data Collection Aren’t New for Perplexity Rashmi Ramesh (rashmiramesh_) • August 5, 2025 Image: Shutterstock Perplexity, an artificial intelligence firm, is embroiled in allegations of circumventing established internet protocols for data acquisition. Cloudflare has accused…

Read MoreCloudflare: Perplexity’s Bots Bypass No-Crawl Directives

Strategic Investment Prospects Following the Columbia Breach

Columbia University recently experienced a significant data breach that exposed the personal information of 1.8 million individuals, including Social Security numbers. This incident not only disrupted critical IT operations for several days but also serves as a pivotal moment for cybersecurity within higher education. The ramifications of the breach are…

Read MoreStrategic Investment Prospects Following the Columbia Breach

⚡ Weekly Summary: Critical SharePoint Zero-Day, Chrome Vulnerability, macOS Spyware, NVIDIA Toolkit RCE, and More

Published: July 21, 2025
Category: Enterprise Security / Zero Day

Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.

The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.

⚡ Threat of the Week: Critical SharePoint Zero-Day Under Active Exploitation (Patch Issued Today)

Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…

Weekly Security Brief: SharePoint Vulnerability, Chrome Exploit, macOS Spyware, and NVIDIA Toolkit RCE July 21, 2025 In the realm of cybersecurity, recent developments indicate that attackers are increasingly circumventing traditional defenses by exploiting seemingly benign vulnerabilities. These intrusions often rely on outdated security configurations, weak encryption, and unprotected trusted tools…

Read More

⚡ Weekly Summary: Critical SharePoint Zero-Day, Chrome Vulnerability, macOS Spyware, NVIDIA Toolkit RCE, and More

Published: July 21, 2025
Category: Enterprise Security / Zero Day

Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.

The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.

⚡ Threat of the Week: Critical SharePoint Zero-Day Under Active Exploitation (Patch Issued Today)

Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Cloud Atlas Unleashes VBCloud Malware: Majority of Targets Located in Russia December 27, 2024 Cyber Attack / Data Theft Recent observations have revealed that the cyber threat group known as Cloud Atlas has deployed an emerging malware variant referred to as VBCloud in a series of targeted attacks throughout 2024.…

Read More

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Is IT-OT Integration Essential?

Governance & Risk Management, Operational Technology (OT) Security Experts Advocate for Coordinated Autonomy Instead of Complete Integration Suparna Goswami (gsuparna) • August 4, 2025 Image: Shutterstock The divide between IT and OT teams can be likened to two groups speaking entirely different languages. While IT departments focus on data integrity…

Read MoreIs IT-OT Integration Essential?