The Breach News

Protecting Your Python Supply Chain: A Practical Webinar on Defending Against Malicious PyPI Packages

Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.

Surge in Malicious PyPI Packages Poses Threat to Python Supply Chain Security As of July 24, 2025, the Python ecosystem is facing an escalating wave of supply chain attacks that exploit vulnerabilities in packages available on the Python Package Index (PyPI). This alarming trend highlights the urgent need for businesses…

Read More

Protecting Your Python Supply Chain: A Practical Webinar on Defending Against Malicious PyPI Packages

Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.

CISA Includes PaperCut NG/MF CSRF Vulnerability in KEV Catalog Due to Ongoing Exploits

 
Date: July 29, 2025
Category: Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.

CISA Adds High-Severity PaperCut NG/MF Vulnerability to KEV Catalog Amid Rising Exploits On July 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a critical vulnerability affecting the PaperCut NG/MF print management software in its Known Exploited Vulnerabilities (KEV) catalog. This addition comes in response to confirmed…

Read More

CISA Includes PaperCut NG/MF CSRF Vulnerability in KEV Catalog Due to Ongoing Exploits

 
Date: July 29, 2025
Category: Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.

E.U. Imposes Sanctions on 3 Russian Nationals for Cyberattacks Against Estonia’s Key Government Ministries

Jan 28, 2025 – Cybersecurity / Cyber Espionage

The Council of the European Union has sanctioned three Russian nationals for their involvement in “malicious cyber activities” targeting Estonia. The individuals—Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov—are identified as officers of the Russian Armed Forces’ GRU Unit 29155. According to the council’s decision, these individuals are responsible for cyberattacks aimed at compromising the computer systems of various Estonian institutions to gather intelligence on the country’s cyber security policies.

These cyber intrusions provided unauthorized access to classified and sensitive information within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs, resulting in the theft of thousands of confidential documents, including business secrets and proprietary data.

E.U. Imposes Sanctions on Three Russian Nationals Over Cyber Attacks on Estonian Ministries January 28, 2025 Cybersecurity / Cyber Espionage In a significant move against cyber threats, the Council of the European Union has sanctioned three Russian nationals for their alleged involvement in targeted cyber activities against Estonia. The individuals…

Read More

E.U. Imposes Sanctions on 3 Russian Nationals for Cyberattacks Against Estonia’s Key Government Ministries

Jan 28, 2025 – Cybersecurity / Cyber Espionage

The Council of the European Union has sanctioned three Russian nationals for their involvement in “malicious cyber activities” targeting Estonia. The individuals—Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov—are identified as officers of the Russian Armed Forces’ GRU Unit 29155. According to the council’s decision, these individuals are responsible for cyberattacks aimed at compromising the computer systems of various Estonian institutions to gather intelligence on the country’s cyber security policies.

These cyber intrusions provided unauthorized access to classified and sensitive information within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs, resulting in the theft of thousands of confidential documents, including business secrets and proprietary data.

Genomics Equipment Company Settles False Cyber Claims for $9.8M

Governance & Risk Management, Government, Healthcare US Allegations Against Illumina: Knowingly Selling Vulnerable Systems to Federal Agencies Marianne Kolbasuk McGee (HealthInfoSec) • August 1, 2025 Image: Illumina Illumina Inc., a prominent firm in genomics sequencing, has reached a $9.8 million settlement to resolve allegations under the False Claims Act. The…

Read MoreGenomics Equipment Company Settles False Cyber Claims for $9.8M

Tea App Data Breach Highlights Risks Facing Women – The New York Times

Data Breach of Tea App Highlights Cybersecurity Risks for Women In a significant development, the Tea app, designed primarily for women, experienced a data breach that has raised critical concerns about the security of personal information online. This incident underscores the vulnerabilities associated with applications that cater to specific demographics,…

Read MoreTea App Data Breach Highlights Risks Facing Women – The New York Times

Wiz Identifies Critical Access Bypass Vulnerability in AI-Driven Base44 Coding Platform

July 29, 2025
LLM Security / Vulnerability

Cybersecurity researchers have revealed a recently patched critical security vulnerability in the popular AI-driven coding platform Base44. This flaw could enable unauthorized access to private applications created by its users. According to a report from cloud security firm Wiz, the vulnerability was alarmingly easy to exploit; an attacker merely needed to provide a non-secret ‘app_id’ at undocumented registration and email verification endpoints to create a verified account for private applications. This breach effectively bypassed all authentication mechanisms, including Single Sign-On (SSO) protections, granting full access to sensitive applications and data. Following responsible disclosure on July 9, 2025, Wix, the company that owns Base44, implemented an official fix within 24 hours. Fortunately, there is no evidence that this vulnerability was ever maliciously exploited in practice.

Wiz Discovers Major Access Bypass Vulnerability in Base44’s AI-Driven Coding Platform July 29, 2025 In a significant security revelation, cybersecurity experts from Wiz have exposed a critical vulnerability in Base44, a widely-used coding platform featuring AI capabilities. This flaw poses serious risks, as it enables unauthorized users to access private…

Read More

Wiz Identifies Critical Access Bypass Vulnerability in AI-Driven Base44 Coding Platform

July 29, 2025
LLM Security / Vulnerability

Cybersecurity researchers have revealed a recently patched critical security vulnerability in the popular AI-driven coding platform Base44. This flaw could enable unauthorized access to private applications created by its users. According to a report from cloud security firm Wiz, the vulnerability was alarmingly easy to exploit; an attacker merely needed to provide a non-secret ‘app_id’ at undocumented registration and email verification endpoints to create a verified account for private applications. This breach effectively bypassed all authentication mechanisms, including Single Sign-On (SSO) protections, granting full access to sensitive applications and data. Following responsible disclosure on July 9, 2025, Wix, the company that owns Base44, implemented an official fix within 24 hours. Fortunately, there is no evidence that this vulnerability was ever maliciously exploited in practice.

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Phony Google Chrome Sites Spread ValleyRAT Malware via DLL Hijacking In a concerning development for cybersecurity, fake websites purporting to offer Google Chrome are being utilized to distribute a remote access trojan known as ValleyRAT. This malware, first identified in 2023, has been linked to a cyber threat actor referred…

Read More

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.