The Breach News

Title: The Rise of Weak Passwords and Account Breaches: Insights from the 2025 Blue Report

August 21, 2025
Password Security / Identity Protection

Security professionals often focus on countering advanced adversary techniques, yet many impactful attacks stem from compromised credentials. The latest Picus Security’s Blue Report 2025 reveals that organizations still struggle to prevent password cracking and detect the misuse of compromised accounts. As we reach the midpoint of 2025, it’s evident that compromised accounts remain a significant vulnerability, emphasizing the urgent need for a proactive stance against these threats.

A Wake-Up Call: The Alarming Increase in Successful Password Cracking

The Picus Blue Report offers an annual analysis of how effectively organizations are preventing and detecting genuine cyber threats, going beyond traditional measures to highlight critical areas for improvement.

Weak Passwords and Compromised Accounts: Insights from the 2025 Blue Report August 21, 2025 Password Security / Identity Protection In an evolving landscape of cybersecurity threats, organizations often prioritize advanced adversary tactics, yet the most significant vulnerabilities frequently arise from simpler failures, namely weak passwords and compromised accounts. The latest…

Read More

Title: The Rise of Weak Passwords and Account Breaches: Insights from the 2025 Blue Report

August 21, 2025
Password Security / Identity Protection

Security professionals often focus on countering advanced adversary techniques, yet many impactful attacks stem from compromised credentials. The latest Picus Security’s Blue Report 2025 reveals that organizations still struggle to prevent password cracking and detect the misuse of compromised accounts. As we reach the midpoint of 2025, it’s evident that compromised accounts remain a significant vulnerability, emphasizing the urgent need for a proactive stance against these threats.

A Wake-Up Call: The Alarming Increase in Successful Password Cracking

The Picus Blue Report offers an annual analysis of how effectively organizations are preventing and detecting genuine cyber threats, going beyond traditional measures to highlight critical areas for improvement.

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

NSA Uncovers New Vulnerabilities Impacting Microsoft Exchange Servers April 14, 2021 In a recent wave of updates, Microsoft addressed a total of 114 security vulnerabilities, prominent among them being a zero-day exploit and multiple remote code execution issues affecting Microsoft Exchange Servers. This April patch release is significant, as it…

Read More

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

Swedish Authorities’ PRQ Raid Sparks Cyber Attack from Anonymous

On October 3, 2012, hackers identifying as members of the Anonymous network seized control of the official website for Sweden’s National Board of Health and Welfare. This development followed a police raid on PRQ, a Stockholm-based web hosting company, just days prior. A video allegedly created by Anonymous appeared on YouTube, warning Swedish authorities of potential consequences. The hacktivist group announced that a cyber attack on Sweden’s Riksbank was planned for Wednesday night, stating: “It has come to our attention that the Swedish government raided PRQ servers to shut down various file-sharing and torrent websites. This has gone too far. This is unacceptable. Anonymous says this stops right now. You don’t mess with The Internet… Today we hit their wallets hard.” The Riksbank is taking these threats seriously, acknowledging them as a public security concern and committing to maintaining the safety of their online presence.

Swedish Authorities’ Raid on PRQ Incites Cyber Response from Anonymous October 3, 2012 In a recent escalation of digital conflict, hackers identifying themselves as part of the Anonymous collective have launched a cyber-attack targeting the official website of Sweden’s National Board of Health and Welfare. This offensive follows a police…

Read More

Swedish Authorities’ PRQ Raid Sparks Cyber Attack from Anonymous

On October 3, 2012, hackers identifying as members of the Anonymous network seized control of the official website for Sweden’s National Board of Health and Welfare. This development followed a police raid on PRQ, a Stockholm-based web hosting company, just days prior. A video allegedly created by Anonymous appeared on YouTube, warning Swedish authorities of potential consequences. The hacktivist group announced that a cyber attack on Sweden’s Riksbank was planned for Wednesday night, stating: “It has come to our attention that the Swedish government raided PRQ servers to shut down various file-sharing and torrent websites. This has gone too far. This is unacceptable. Anonymous says this stops right now. You don’t mess with The Internet… Today we hit their wallets hard.” The Riksbank is taking these threats seriously, acknowledging them as a public security concern and committing to maintaining the safety of their online presence.

TeamPCP Compromises Bitwarden CLI, Deploys Shai-Hulud Malware via Dependabot

On April 20, 2026, around 5:00 PM CET, the cybersecurity community was alerted to a significant compromise involving the widely utilized tool @bitwarden This open-source password manager, developed by Bitwarden, is instrumental for developers, allowing secure storage of sensitive information such as passwords and API keys within an encrypted vault…

Read MoreTeamPCP Compromises Bitwarden CLI, Deploys Shai-Hulud Malware via Dependabot

Urgent: Update Your Chrome Browser Immediately to Fix Recently Discovered Vulnerability

Google has released a critical update for the Chrome web browser across Windows, Mac, and Linux, addressing seven security issues, including one actively exploited flaw. Identified as CVE-2021-21224, this vulnerability arises from a type confusion problem in the V8 JavaScript engine, reported by security researcher Jose Martinez on April 5. Security expert Lei Cao explains that the bug occurs during integer type conversion, leading to an out-of-bounds condition that could allow arbitrary memory read/write access. “Google is aware of reports indicating that exploits for CVE-2021-21224 are in the wild,” stated Chrome’s Technical Program Manager, Srinivas Sista, in a recent blog post. This update follows the release of proof-of-concept code by a researcher named “frust” on April 14, highlighting the urgency of addressing this issue.

Urgent Update: Chrome Browser Patch Addresses Active Exploit On April 20, 2021, Google released a critical update for its Chrome web browser, applicable to Windows, Mac, and Linux systems, which addresses seven security vulnerabilities, including one that has been actively exploited in the wild. This particular flaw, identified as CVE-2021-21224,…

Read More

Urgent: Update Your Chrome Browser Immediately to Fix Recently Discovered Vulnerability

Google has released a critical update for the Chrome web browser across Windows, Mac, and Linux, addressing seven security issues, including one actively exploited flaw. Identified as CVE-2021-21224, this vulnerability arises from a type confusion problem in the V8 JavaScript engine, reported by security researcher Jose Martinez on April 5. Security expert Lei Cao explains that the bug occurs during integer type conversion, leading to an out-of-bounds condition that could allow arbitrary memory read/write access. “Google is aware of reports indicating that exploits for CVE-2021-21224 are in the wild,” stated Chrome’s Technical Program Manager, Srinivas Sista, in a recent blog post. This update follows the release of proof-of-concept code by a researcher named “frust” on April 14, highlighting the urgency of addressing this issue.

Anonymous Threatens Estonian Government with Impending Cyber Attack

Oct 10, 2012

On October 8, the hacker collective Anonymous, through its AnonSwedenOp account, released a video on YouTube warning the Estonian government of a potential cyber attack. The video accused the government of neglecting its citizens, claiming, “The Estonian government sacrificed its own people rather than providing support. Instead of helping its own, it has funneled money to Greece, which is in a better financial position.” They highlighted the irony of Estonia’s financial struggles while simultaneously donating €357 million to Greece.

The group’s video indicated that the attack, dubbed Operation #OpEstonia, is likely scheduled for Friday, October 12. It concluded with a message of solidarity towards the Estonian people: “This must end. Estonian people, we haven’t forgotten you.”

Recently, Anonymous also targeted the website of the Swedish central bank, raising concerns about the potential scale and intensity of the forthcoming attack.

Stay updated—subscribe to our daily newsletter for the latest developments.

Anonymous Threatens Estonian Government with Cyber Attack On October 8, the hacker collective Anonymous, through its AnonSwedenOp channel, released a video on YouTube, issuing a warning to the Estonian government about a potential cyber attack. The video criticizes the government’s priorities, claiming that it has failed to adequately support its…

Read More

Anonymous Threatens Estonian Government with Impending Cyber Attack

Oct 10, 2012

On October 8, the hacker collective Anonymous, through its AnonSwedenOp account, released a video on YouTube warning the Estonian government of a potential cyber attack. The video accused the government of neglecting its citizens, claiming, “The Estonian government sacrificed its own people rather than providing support. Instead of helping its own, it has funneled money to Greece, which is in a better financial position.” They highlighted the irony of Estonia’s financial struggles while simultaneously donating €357 million to Greece.

The group’s video indicated that the attack, dubbed Operation #OpEstonia, is likely scheduled for Friday, October 12. It concluded with a message of solidarity towards the Estonian people: “This must end. Estonian people, we haven’t forgotten you.”

Recently, Anonymous also targeted the website of the Swedish central bank, raising concerns about the potential scale and intensity of the forthcoming attack.

Stay updated—subscribe to our daily newsletter for the latest developments.

Microsoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…

Read MoreMicrosoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…

Read More

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability

On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.

F5 BIG-IP Vulnerability Exposed to Kerberos KDC Spoofing Threat April 28, 2021 Cybersecurity experts have uncovered a significant vulnerability in F5’s BIG-IP application delivery services that affects its Kerberos Key Distribution Center (KDC) security feature. Identified as CVE-2021-23008, this bypass vulnerability poses a serious risk, as it allows attackers to…

Read More

F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability

On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.