data breach | Breaking Cybersecurity News | The Hacker News

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions. Its security benefits stem from its decentralized nature: this distributed ledger can be accessed by participants across various nodes , and is unalterable. All users retain control as a group, meaning no single person can change the ledger. How could this provide security benefits? One advantage is the ability to create a 'self-sovereign ID' that alters the way that a user identifies themselves online. Essentially, it creates a private ID for a user that they control, rather than relying on a centralized institution : they can logon to a particular website or service using their identity on...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access ( SMA ) 100 Series gateways to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution. "Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution," SonicWall said in an advisory released in September 2021. The flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices running the following versions - 10.2.1.0-17sv and earlier (Fixed in 10.2.1.1-19sv and higher) 10.2.0.7-34sv and earlier (Fixed in 10.2.0.8-37sv and higher) 9.0...

Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025 , This report is the first and only report to merge public extension marketplace statistics with real-world enterprise usage telemetry. By doing so, it sheds light on one of the most underestimated threat surfaces in modern cybersecurity: browser extensions. The report reveals several findings that IT and security leaders will find interesting, as they build their plans for H2 2025. This includes information and analysis on how many extensions have risky permissions, which kinds of permissions are given, if extension developers are to be trusted, and more. Below, we bring key statistics from the report. Highlights from the Enterprise Browse...

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected security gaps, attackers can establish a foothold, leveraging these weaknesses to penetrate the primary business partners' network. From there, they move laterally through critical systems, ultimately gaining access to sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile breaches like the 2024 ransomware attack that hit Change Healthcare, one of the world's largest health payment processing companies, demonstrate how attackers disrupted supply chain operations stealing up to 6TB of millions of patients' protected health information (PHI)....

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Mercês said in a technical report published earlier in the week. "This could allow lateral movement, enabling attackers to enter deeper into compromised networks, allowing them to control more systems or gain access to sensitive data. The campaign has been attributed with medium confidence to a threat group it tracks as Earth Bluecrow, which is also known as DecisiveArchitect, Red Dev 18, and Red Menshen. The lower confidence level boils down to the fact that the BPFDoor malware source code was leaked in 2022 , meaning it could also have bee adopted by other hacking groups. BPFDoor is a Linux backdoor that first came to light in...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks. It has been addressed in CentreStack version 16.4.10315.56368 released on April 3, 2025. The vulnerability is said to have been exploited as a zero-day in March 2025, although the exact nature of the attacks is unknown. Now, according to Huntress, the weakness also affects Gladinet Triofox up to version 16.4.10317.56372. "By default, previous versions of the Triofox software have the same hardcoded cryptographic keys in their configuration file, and can be easily abused for remote code execution," John Hammond, principal cybersecurity researcher at Huntress, said in a report...

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world where AI tools can be used against you and ransomware hits faster than ever, real protection means planning for things to go wrong — and still staying in control. Check out this week's update to find important threat news, helpful webinars, useful tools, and tips you can start using right away. ⚡ Threat of the Week Windows 0-Day Exploited for Ransomware Attacks — A security affecting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets, Microsoft revealed. The flaw, CVE-2025-29824, is a privilege escalation vulnerabilit...

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 . "A threat actor used a known vulnerability to implement read-only access to vulnerable FortiGate devices," the network security company said in an advisory released Thursday. "This was achieved via creating a symbolic link connecting the user file system and the root file system in a folder used to serve language files for the SSL-VPN." Fortinet said the modifications took place in the user file system and managed to evade detection, causing the symbolic link (aka symlink) to be left behind even after the security holes responsible for the initial access were plugged. This, in turn, enabled the threa...

What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks.  By selling access, they significantly mitigate the risks associated with directly executing ransomware attacks or other complex operations. Instead, they capitalize on their skill in breaching networks, effectively streamlining the attack process for their clients. This business model enables IABs to operate with a lower profile and reduced risk, while still profiting from their technical skills. Operating primarily on dark web forums and underground markets, IABs can function independently or as part of larger organizations like Ransomware-as-a-Service (RaaS) gangs.  They act as a crucial link in the cybercrime ecosystem, providing the i...