Data Breach

CISA details threat actors exploiting CVE-2024-36401 in GeoServer for initial access to a U.S. federal network on July 11, 2024, using webshells, dirtycow escalation, and lateral movement—undetected until July 31. Key lessons: Immediate KEV patching, enhanced IR plans, and continuous EDR monitoring.

Average breakout time drops to 18 minutes (June-August 2025, per ReliaQuest), fueled by automation and Oyster malware's abuse of rundll32.exe for DLL loading via scheduled tasks. Learn about Gamarue USB attacks, AI-driven malvertising, and defenses like behavioral monitoring.

The npm package "fezbox" (alias janedu) disguises as a JS/TS utility library but hides credential-stealing code in a Cloudinary QR image. Discovered by Socket Threat Research, it uses reversed strings and obfuscation to evade detection—learn risks and defenses like CI/CD scanning and zero-trust dependencies.

Malicious fake online speedtest tools, uncovered September 21, 2025, use obfuscated JavaScript, Node.js, and Inno Setup to exfiltrate system data to C2 servers like cloud.appusagestats[.]com. Learn about XOR-encoded commands, execution risks, and key mitigations like EDR and app whitelisting.

Attackers abuse Oracle Database Scheduler's External Jobs via extjobo.exe to execute commands, tunnel RDP with Ngrok, escalate privileges, and deploy ransomware. Learn about the breach tactics, cleanup methods, and key mitigations to secure database environments.

Kawa4096 ransomware, active since June 2025, attacks multinational firms using double extortion by stealing data before encryption and threatening public leaks. It employs partial encryption and deletes shadow copies to prevent recovery.

The Everest ransomware group alleges stealing 600,000 lines of BMW’s internal documents, including audit reports and engineering files, and threatens public release. BMW has yet to confirm the breach or respond.

Insight Partners suffered a data breach from a social engineering attack that exposed personal data from HR and finance systems. The breach went undetected for nearly three months before ransomware deployment. Affected users receive identity protection.

The Pixie Dust attack targets vulnerabilities in Wi-Fi Protected Setup (WPS) to recover router PINs offline, allowing attackers to access wireless networks. Disabling WPS or updating firmware is essential to prevent this exploit.

Qantas penalizes CEO Vanessa Hudson and top executives nearly A$800,000 (₹44.8 crore) in pay cuts following a cyberattack affecting 5.7 million customers. Learn about the breach, response, and governance reforms.