Dissent@DataBreaches.Net
//
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, raising concerns about the future of its extensive genetic database. The move comes after years of financial struggles, exacerbated by a significant data breach in 2023 that affected almost seven million users. The company will try to find a buyer in a court-supervised sale of its assets, leaving the fate of millions of customers' DNA data uncertain. CEO Anne Wojcicki has stepped down but intends to independently bid for the firm, adding another layer of complexity to the situation.
The bankruptcy has ignited a debate about who owns users' genetic data and how it will be used. With over 15 million people entrusting their DNA to 23andMe, privacy advocates are urging customers to delete their data before it potentially falls into the wrong hands. The company's privacy policy indicates that personal information may be accessed, sold, or transferred during bankruptcy, mergers, or acquisitions, raising concerns about potential misuse. California Attorney General Rob Bonta has reminded customers of their right to request data deletion under state laws, offering a glimmer of control in this evolving situation.
Recommended read:
References :
- The Register - Security: 23andMe's genes not strong enough to avoid Chapter 11
- techcrunch.com: 23andMe faces an uncertain future — so does your genetic data
- www.it-daily.net: Gene testing company 23andme files for insolvency
- Latest News | KTVU: Bay Area-based 23andMe files for bankruptcy, raising concerns over genetic data
- Us - CBSNews.com: 23andMe files for bankruptcy and will try to find a buyer
- Siladitya Ray: 23andMe Files For Chapter 11 Bankruptcy—CEO Anne Wojcicki Exits
- The Verge: 23andMe files for bankruptcy as CEO steps down
- Reclaim The Net: Who Owns Your DNA Now?
- 404 Media: DNA of 15 Million People for Sale in 23andMe Bankruptcy
- WIRED: DNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown.
- The DefendOps Diaries: 23andMe Bankruptcy: Navigating the Complexities of Genetic Data Privacy
- www.bleepingcomputer.com: 23andMe files for bankruptcy, customers advised to delete DNA data
- bsky.app: If you're in the market for the DNA of 15 million people, you're in luck https://www.404media.co/dna-of-15-million-people-for-sale-in-23andme-bankruptcy/
- DataBreaches.Net: DataBreaches.net urges users to delete their DNA data from 23andMe after the bankruptcy.
- www.theguardian.com: The Guardian covers the company's bankruptcy and its implications for customer data.
- www.zdnet.com: Details on filing for bankruptcy and what users should do.
- techcrunch.com: 23andMe files for bankruptcy: How to delete your data
- www.healthcaredive.com: 23andMe files for bankruptcy; CEO Anne Wojcicki resigns
- bsky.app: DNA data of millions of users is up for sale with the 23andMe bankruptcy
- Malwarebytes: Malwarebytes reports on 23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach
- MSSP feed for Latest: MSSP Alert reports 23andMe's Bankruptcy Filing Fuels Privacy Concerns
- SiliconANGLE: 23andMe files for Chapter 11 bankruptcy
- The Next Web: 23andMe bankruptcy: Can EU and UK laws protect DNA data? Here’s what you need to know
- SecureWorld News: 23andMe's Collapse Sparks Urgent Data Privacy Reckoning
- Check Point Blog: Protecting the Unchangeable – 23andMe Bankruptcy and What It Means for Data Privacy
- www.itpro.com: Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare
- CyberScoop: As 23andMe declares bankruptcy, privacy advocates sound alarm about DNA data
- iHLS: Is Your Genetic Information at Risk? 23andMe Files for Bankruptcy
- The Proton Blog: If you used 23andMe, your data could soon be for sale. Here's how to delete your data from 23andMe — and why you might want to do so sooner than later.
- aboutdfir.com: California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing
- techxplore.com: Over the past decade, 23andMe has collected genetic data from millions of people—and now that the company has filed for bankruptcy, that information could be sold to the highest bidder, a Northeastern University data scientist warns.
- Quartz: Officials think you should delete your 23andMe data. Here's how
- www.scientificamerican.com: 23andMe Bankruptcy Leaves Troves of Genetic Data at Risk
- Centraleyes: ​23andMe, the prominent consumer genetic testing company, filed for Chapter 11 bankruptcy on March 23, 2025, due to declining demand for its services and a significant data breach affecting millions of users. Co-founder Anne Wojcicki resigned as CEO but remains on the company’s board. Implications for Customer Genetic Data The bankruptcy raises concerns about the […] The post appeared first on .
- IPVanish: DNA Testing Privacy: the Hidden Dangers of Genetic Data
- PCMag UK security: 23andMe says any buyer must comply with its consumer privacy policy, but there's no telling who will buy the company and the DNA data it's collected on 15 million people.
info@thehackernews.com (The@The Hacker News
//
Multiple critical security vulnerabilities, collectively named IngressNightmare, have been discovered in the Ingress NGINX Controller for Kubernetes. These flaws could lead to unauthenticated remote code execution (RCE), potentially exposing over 6,500 clusters to the public internet. The vulnerabilities, identified as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, have a CVSS score of 9.8. Cloud security firm Wiz discovered these flaws and reported that approximately 43% of cloud environments are susceptible to these vulnerabilities.
Specifically, IngressNightmare affects the admission controller component of the Ingress NGINX Controller, which utilizes NGINX as a reverse proxy and load balancer. Attackers can exploit the unrestricted network accessibility of admission controllers by injecting malicious NGINX configurations, gaining unauthorized access to cluster secrets and potentially leading to a complete cluster takeover. Kubernetes users are urged to update to versions v1.11.5, v1.12.1, or later to mitigate these risks.
Recommended read:
References :
- Open Source Security: Multiple vulnerabilities in ingress-nginx
- The Hacker News: Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
- Wiz Blog | RSS feed: IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
- The Register - Software: Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
- Open Source Security: [kubernetes] Multiple vulnerabilities in ingress-nginx
- ciso2ciso.com: Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw – Source: go.theregister.com
- securityonline.info: CVE-2025-1974 (CVSS 9.8): Ingress NGINX Flaws Threaten Mass Kubernetes Compromise
- dragosr: "CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required." ingress-nginx is deployed in 40% of k8s clusters.
- research.kudelskisecurity.com: Critical Unauthenticated Remote Code Execution Vulnerabilities inIngress NGINX
- securityboulevard.com: Security Boulevard answers FAQs about IngressNightmare.
- : Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes
- Resources-2: IngressNightmare: Ingress NGINX Remote Code Execution Vulnerability Explained
- www.csoonline.com: Critical RCE flaws put Kubernetes clusters at risk of takeover
- www.cybersecuritydive.com: Critical vulnerabilities put Kubernetes environments in jeopardy
- Arctic Wolf: CVE-2025-1974: Critical Unauthenticated RCE Vulnerability in Ingress NGINX for Kubernetes
- Tenable Blog: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
- open-appsec: On March 24, 2025, WIZ Research disclosed critical vulnerabilities in the Kubernetes Ingress NGINX Controller that allow unsanitized user...
- Threats | CyberScoop: String of defects in popular Kubernetes component puts 40% of cloud environments at risk
- Blog: Ingress NGINX Kubernetes Controller vulnerabilities a ‘nightmare’ for impacted users
- circl: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514 🔗 For more details about Ingress NGINX Controller for Kubernetes release
- Sysdig: Detecting and Mitigating IngressNightmare – CVE-2025-1974
- thecyberexpress.com: Multiple CVEs Found in Ingress-NGINX—Patch Now to Prevent Cluster Compromise
- Datadog Security Labs: The "IngressNightmare" vulnerabilities in the Kubernetes Ingress NGINX Controller: Overview, detection, and remediation
- Information Security Buzz: Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code execution. This exposure puts over 6,500 clusters at immediate risk by making the component accessible via the public internet.
- MSSP feed for Latest: Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.
- Latest Bulletins: Addresses issues with Kubernetes ingress-nginx controller
- nsfocusglobal.com: Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)
- Dynatrace news: NGINX vulnerability: Quickly detect and mitigate IngressNightmare vulnerabilities with Dynatrace
- securityonline.info: ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters.
- Delinea Blog: Discusses vulnerabilities enabling access to Kubernetes clusters’ secrets.
@cyberalerts.io
//
A critical vulnerability has been discovered in the widely-used Next.js framework, identified as CVE-2025-29927. This flaw allows attackers to bypass authorization checks within the framework's middleware system. Middleware is commonly used to enforce authentication, authorization, path rewriting, and security-related headers, making this vulnerability particularly severe. Vercel, the company behind Next.js, disclosed the issue on March 21st, 2025, highlighting its potential impact on services relying on vulnerable versions of the framework.
To mitigate the risk, developers using Next.js version 11 or higher are urged to update to the patched versions: 15.2.3, 14.2.25, 13.5.9, or 12.3.5. For those unable to immediately update, a temporary workaround involves blocking user requests with the 'x-middleware-subrequest' header. Some hosting platforms, like Vercel and Netlify, have already implemented this measure to protect their users. The vulnerability allows login screens to be bypassed without proper credentials, potentially compromising user data and sensitive information.
Recommended read:
References :
- securityonline.info: Urgent: Patch Your Next.js for Authorization Bypass (CVE-2025-29927)
- Open Source Security: Re: CVE-2025-29927: Authorization Bypass in Next.js Middleware
- isc.sans.edu: ISC SANS posting on the Next.js vulnerability
- bsky.app: It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.
- Lobsters: How to find Next.js on your network
- Strobes Security: When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with a newly discovered Next.js vulnerability, one of the most widely used...
- securityaffairs.com: Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
- Open Source Security: CVE-2025-29927: Authorization Bypass in Next.js Middleware
- socradar.io: Next.js Middleware Vulnerability (CVE-2025-29927): What You Need to Know and How to Respond
- thehackernews.com: Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
- securityboulevard.com: CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability
- BleepingComputer: Critical flaw in Next.js lets hackers bypass authorization
- Help Net Security: Help Net Security reports on the critical Next.js authentication bypass vulnerability.
- cyberscoop.com: Researchers raise alarm about critical Next.js vulnerability
- Legit Security Blog: Next.js Vulnerability: What You Need to Know
- Resources-2: Discovered a critical vulnerability affecting Next.js middleware, tracked as CVE-2025-29927.
- The DefendOps Diaries: Understanding and mitigating CVE-2025-29927: a critical Next.js vulnerability
- Developer Tech News: Critical security flaw uncovered in Next.js framework
- nsfocusglobal.com: Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)
- www.techradar.com: Critical security flaw in Next.js could spell big trouble for JavaScript users
- infosec.exchange: : Critical in NextJS (CVE-2025-29927) impacts all NextJS versions before 15.2.3, 14.2.25, 13.5.9, 12.3.5 allowing attackers to bypass authorisation checks. Great explanation and a Proof-of-Concept demonstration by @_JohnHammond 👇
- SOC Prime Blog: CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability
- Kali Linux Tutorials: CVE-2025-29927 : Next.js Middleware Authorization Bypass – Technical Analysis
- DEVCLASS: Next.js team fixes vuln that allows authorization bypass when middleware is used, revises documentation recommending this method
- Rescana: Executive Summary The discovery of CVE-2025-29927 , a critical vulnerability in Next.js , has raised significant cybersecurity concerns...
- Stormshield: A critical authentication bypass vulnerability impacting the Next.js middleware has been reported. It has been assigned the reference CVE-2025-29927 and a CVSS 3.1 score of 9.1. It should be noted that proof of concept are publicly available about this CVE-2025-29927 vulnerability.
- Fastly Security Blog: CVE-2025-29927: Authorization Bypass in Next.js
- hackread.com: Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.
- NCSC News Feed: The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.
Vasu Jakkal@Microsoft Security Blog
//
Microsoft has unveiled a significant expansion of its Security Copilot platform, integrating AI agents designed to automate security operations tasks and alleviate the workload on cybersecurity professionals. This move aims to address the increasing volume and complexity of cyberattacks, which are overwhelming security teams that rely on manual processes. The AI-powered agents will handle routine tasks, freeing up IT and security staff to tackle more complex issues and proactive security measures. Microsoft detected over 30 billion phishing emails targeting customers between January and December 2024 highlighting the urgent need for automated solutions.
The expansion includes eleven AI agents, six developed by Microsoft and five by security partners, set for preview in April 2025. Microsoft's agents include the Phishing Triage Agent in Microsoft Defender, Alert Triage Agents in Microsoft Purview, Conditional Access Optimization Agent in Microsoft Entra, Vulnerability Remediation Agent in Microsoft Intune, and Threat Intelligence Briefing Agent in Security Copilot. These agents are purpose-built for security, designed to learn from feedback, adapt to workflows, and operate securely within Microsoft’s Zero Trust framework, ensuring that security teams retain full control over their actions and responses.
Recommended read:
References :
- The Register - Software: AI agents swarm Microsoft Security Copilot
- Microsoft Security Blog: Microsoft unveils Microsoft Security Copilot agents and new protections for AI
- .NET Blog: Learn how the Xbox services team leveraged .NET Aspire to boost their team's productivity.
- Ken Yeung: Microsoft’s First CTO Says AI Is ‘Three to Five Miracles’ Away From Human-Level Intelligence
- SecureWorld News: Microsoft Expands Security Copilot with AI Agents
- www.zdnet.com: Microsoft's new AI agents aim to help security pros combat the latest threats
- www.itpro.com: Microsoft launches new security AI agents to help overworked cyber professionals
- www.techrepublic.com: After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot
- eSecurity Planet: esecurityplanet.com covers Fortifying Cybersecurity: Agentic Solutions by Microsoft and Partners
- Microsoft Security Blog: AI innovation requires AI security: Hear what’s new at Microsoft Secure
- www.csoonline.com: Microsoft has introduced a new set of AI agents for its Security Copilot platform, designed to automate key cybersecurity functions as organizations face increasingly complex and fast-moving digital threats.
- SiliconANGLE: Microsoft introduces AI agents for Security Copilot
- SiliconANGLE: Microsoft Corp. is enhancing the capabilities of its popular artificial intelligence-powered Copilot tool with the launch late today of its first “deep reasoning” agents, which can solve complex problems in the way a highly skilled professional might do.
- Ken Yeung: Microsoft is introducing a new way for developers to create smarter Copilots.
- Source Asia: Microsoft Security Copilot agents and more security innovations
- www.computerworld.com: Microsoft’s Newest AI Agents Can Detail How They Reason
@cyberalerts.io
//
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.
The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets.
The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams.
Recommended read:
References :
- Talkback Resources: FBI warns of malware-laden websites posing as free file converters, leading to ransomware attacks and data theft.
- gbhackers.com: Beware! Malware Hidden in Free Word-to-PDF Converters
- www.bitdefender.com: Free file converter malware scam “rampant� claims FBI
- Malwarebytes: Warning over free online file converters that actually install malware
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- bsky.app: @bushidotoken.net has dug up some IOCs for the FBI's recent warning about online file format converters being used to distribute malware
- Help Net Security: FBI: Free file converter sites and tools deliver malware
- www.techradar.com: Free online file converters could infect your PC with malware, FBI warns
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- Security | TechRepublic: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
- securityaffairs.com: The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
- The DefendOps Diaries: FBI warns against fake file converters spreading malware and stealing data. Learn how to protect yourself from these cyber threats.
- PCMag UK security: PSA: Be Careful Around Free File Converters, They Might Contain Malware
- www.bleepingcomputer.com: FBI warnings are true—fake file converters do push malware
- www.techradar.com: FBI warns some web-based file management services are not as well-intentioned as they seem.
- www.csoonline.com: Improvements Microsoft has made to Office document security that disable macros and other embedded malware by default has forced criminals to up their innovation game, a security expert said Monday.
- www.itpro.com: Fake file converter tools are on the rise – here’s what you need to know
- Cyber Security News: The FBI Denver Field Office has warned sternly about the rising threat of malicious online file converter tools. These seemingly harmless services, often advertised as free tools to convert or merge files, are being weaponized by cybercriminals to install malware on users’ computers. This malware can have devastating consequences, including ransomware attacks and identity theft. […]
Julian Tuin@Arctic Wolf
//
A critical vulnerability, identified as CVE-2025-23120, has been discovered in Veeam Backup & Replication software. This flaw allows authenticated domain users to execute remote code, potentially leading to the compromise of enterprise backup infrastructures. The vulnerability affects versions 12, 12.1, 12.2, and 12.3 of Veeam Backup & Replication and has been assigned a CVSS score of 9.9, indicating a critical severity. The issue was reported by Piotr Bazydlo of watchTowr and highlights the importance of community engagement in addressing security issues.
Veeam has addressed this vulnerability in version 12.3.1 (build 12.3.1.1139), and users are strongly urged to apply the patch immediately. The vulnerability specifically impacts domain-joined backup servers, which goes against Security & Compliance Best Practices. It is imperative for organizations to prioritize updates to ensure their systems remain secure. The company also emphasizes its commitment to customer security through a Vulnerability Disclosure Program and rigorous internal code audits.
Recommended read:
References :
- gbhackers.com: Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code
- securityonline.info: CVE-2025-23120 (CVSS 9.9): Critical RCE Vulnerability Discovered in Veeam Backup & Replication
- Help Net Security: Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
- www.redhotcyber.com: Vulnerabilità critica da 9.9 di Score in Veeam Backup & Replication che consente RCE
- borncity.com: Warning for users of Veeam Backup & Replication. Vendor Veeam has informed it's customers on March 19, 2025 about a Remote Code Execution (RCE) vulnerability CVE-2025-23120 in various versions of the mentioned product. It can be abused in domain joined
- Vulnerability-Lookup: You can now share your thoughts on vulnerability CVE-2025-23120 in Vulnerability-Lookup: Veeam - Backup and Recovery
- Rescana: Urgent Alert: CVE-2025-23120 Vulnerability in Veeam Backup & Replication Risks RCE Exploitation
- The DefendOps Diaries: Understanding and Mitigating the CVE-2025-23120 Vulnerability in Veeam Backup & Replication
- Security Affairs: Veeam fixed critical Backup & Replication flaw CVE-2025-23120
- socradar.io: Critical Veeam Vulnerability (CVE-2025-23120) Enables Remote Code Execution by Domain Users
- Arctic Wolf: CVE-2025-23120: Critical Remote Code Execution Vulnerability in Veeam Backup & Replication
- Blog: Another critical deserialization flaw found in Veeam backup
- www.bleepingcomputer.com: Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. [...]
- Christoffer S.: By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) By Executive Order I hereby BAN deserialization issues. I don't know how many god damned times I've read about how critical software vulnerabilities have been rooted in deserialization issues, and here we go again. Thanks watchTowr for an entertaining read. Summary This research details two Remote Code Execution (RCE) vulnerabilities in Veeam Backup & Replication (CVE-2025-23120) discovered by watchTowr Labs. The vulnerabilities exploit deserialization flaws in Veeam's codebase, specifically targeting the product's reliance on blacklist-based security mechanisms rather than proper whitelisting. The researchers demonstrate how any domain user can exploit these vulnerabilities when the Veeam server is joined to an Active Directory domain, potentially allowing complete system compromise. The vulnerabilities were responsibly disclosed to Veeam, who patched them by simply adding the discovered gadget classes to their blacklist, a solution the researchers criticize as inadequate and likely to lead to similar vulnerabilities in the future.
- MSSP feed for Latest: Veeam patches critical Backup & Replication flaw CVE-2025-23120
- www.techradar.com: Researchers criticize the way Veeam handled deserialization flaws.
- Christoffer S.: By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
- bsky.app: Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations.
- Security Risk Advisors: Critical RCE in #Veeam Backup & Replication (CVE-2025-23120) lets domain users run rogue code.
- research.kudelskisecurity.com: A newly discovered vulnerability in Veeam Backup & Replication, tracked as CVE-2025-23120, has emerged as a critical threat for enterprise environments. This flaw enables authenticated domain users to execute arbitrary code remotely, exposing a direct path to compromising backup infrastructure.
- www.sentinelone.com: A newly disclosed vulnerability, tracked as CVE-2025-23120, affecting Veeam Backup & Replication, enables authenticated domain users to execute arbitrary code remotely, exposing a direct path to compromising backup infrastructure.
- Cyber Security News: CyberPress : Veeam RCE Vulnerability Allows Domain Users to Compromise Backup Servers
- www.scworld.com: Veeam patches critical 9.9 flaw in backup and replication product
- www.csoonline.com: A critical remote code execution flaw patched in Veeam backup servers
- Arctic Wolf: On March 19, 2025, Veeam published a security advisory for a critical severity vulnerability impacting their Backup & Replication software.
- Help Net Security: Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware
@The DefendOps Diaries
//
Mozilla has issued an urgent security update for its Firefox browser on Windows to address a critical sandbox escape vulnerability, identified as CVE-2025-2857. This flaw allows attackers to bypass the browser's security sandbox, posing significant risks to Windows users. Mozilla is releasing security updates for Firefox versions 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1 to patch this vulnerability.
The vulnerability, reported by Mozilla developer Andrew McCreight, involves an incorrect handle that could lead to sandbox escapes, potentially enabling attackers to execute arbitrary code on affected systems. This comes after a similar exploit, CVE-2025-2783, was identified in Google Chrome. Windows users are advised to update their browsers to the latest version as soon as possible to mitigate this risk.
Recommended read:
References :
- securityonline.info: Mozilla releases urgent security patch for Windows users as researchers uncover another IPC vulnerability echoing a recently exploited
- The DefendOps Diaries: Mozilla warns of a critical Firefox vulnerability allowing sandbox escapes, posing significant security risks to Windows users.
- The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
- BleepingComputer: Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems.
- CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
- The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
- Security Affairs: Mozilla fixed critical Firefox vulnerability CVE-2025-2857
- PCMag UK security: Chrome Zero-Day Flaw Also Affects Firefox
- gbhackers.com: Mozilla is working to patch the vulnerability, tracked as CVE-2025-2857, with security updates for Firefox 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1.
- MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
- thecyberexpress.com: Mozilla has issued an urgent update for Firefox on Windows to patch a critical security vulnerability.
- Blog: Critical sandbox escape flaws in Firefox and Chrome patched
- techcrunch.com: Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
- www.scworld.com: Firefox patches flaw similar to exploited Chrome zero-day
jane.mccallion@futurenet.com (Jane@itpro.com
//
Security expert Troy Hunt, the creator of the data breach notification site Have I Been Pwned, has fallen victim to a sophisticated phishing attack. The incident, which occurred on March 25, 2025, resulted in the compromise of his email subscriber list, affecting approximately 16,000 current and past subscribers to his personal blog. The attackers gained access to Hunt's Mailchimp account after he clicked on a malicious link in an email disguised as a legitimate notice from the email marketing provider.
Hunt immediately disclosed the breach, emphasizing the importance of transparency and acknowledging his frustration with falling for the scam. The phishing email exploited a sense of urgency by claiming a spam complaint had triggered a temporary suspension of his account, prompting him to enter his credentials and one-time passcode. While 2FA was enabled on his Mailchimp account, the phish still managed to get the one time passcode. Industry experts have said the incident underscores how even seasoned cybersecurity professionals can be vulnerable to social engineering tactics that prey on human weaknesses, such as tiredness and a sense of urgency.
Recommended read:
References :
- bsky.app: Have I Been Pwned creator Troy Hunt says the data of over 16,000 newsletter subscribers has been stolen after he fell for a Mailchimp phishing attack
- cyberinsider.com: Details the phishing attack on Troy Hunt's Mailchimp account, exposing subscriber data.
- The Register - Security: Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish
- DataBreaches.Net: Troy Hunt, owner of HaveIBeenPwned.com, writes: You know when you’re really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That’s me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the...
- PCMag UK security: Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email.
- Information Security Buzz: Security consultant and founder of the popular Troy Hunt, a security consultant who runs the popular data-breach search service Have I Been Pwned?, has disclosed that he has become a victim of a phishing attack that exposed the email addresses of 16,000 subscribers to his blog troyhunt.com.  “Every active subscriber on my list will shortly [...]
- www.itpro.com: Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
- www.csoonline.com: Even anti-scammers get scammed: security expert Troy Hunt pwned by phishing email
- www.techradar.com: HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
- haveibeenpwned.com: In March 2025, . The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
- Malwarebytes: Security expert Troy Hunt hit by phishing attack
- heise Security: Have I Been Pwned: Projektbetreiber Troy Hunt gepwned Der Betreiber von Have I Been Pwned wurde selbst Opfer eines Phishing-Angriffs. Die E-Mails der Newsletter-Mailingliste wurden gestohlen.
- bsky.app: Troy Hunt's mailing list got phished. Commiserations to him. If it can happen to Troy, it can probably happen to you.
Pierluigi Paganini@Security Affairs
//
Broadcom has issued security updates to address a high-severity authentication bypass vulnerability affecting VMware Tools for Windows. Tracked as CVE-2025-22230, the flaw stems from improper access control, potentially allowing a malicious actor with non-administrative privileges on a guest virtual machine to perform high-privilege operations. Discovered by Sergey Bliznyuk of Positive Technologies, the vulnerability impacts VMware Tools versions 11.x.x and 12.x.x.
Security experts are urging users to apply the updates promptly, as there are currently no known workarounds besides patching. The vulnerability has been assigned a CVSS score of 7.8 out of 10, highlighting its severity. It exclusively affects VMware Tools running on Windows operating systems, emphasizing the importance of immediate action for affected users.
Recommended read:
References :
- Security Affairs: Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows.
- securityonline.info: VMware Tools for Windows Hit by CVE-2025-22230 Auth Bypass Flaw
- The DefendOps Diaries: Understanding the VMware Tools Authentication Bypass Vulnerability
- thehackernews.com: New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
- www.csoonline.com: VMware plugs a high-risk vulnerability affecting its Windows-based virtualization
- BleepingComputer: Broadcom Warns of Authentication Bypass in VMware Windows Tools
- www.techradar.com: Broadcom warns of worrying security flaws affecting VMware tools
- Security Risk Advisors: New VMware Tools vulnerability (CVE-2025-22230) allows non-admin Windows guest users to perform privileged operations.
- Security | TechRepublic: Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
- securityaffairs.com: Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows.
@itpro.com
//
Advanced Computer Software Group, an NHS software supplier, has been fined £3 million by the Information Commissioner's Office (ICO) for security failures that led to a disruptive ransomware attack in 2022. The ICO determined that Advanced Computer Software Group failed to implement appropriate security measures prior to the attack, which compromised the personal information of tens of thousands of NHS patients. The LockBit ransomware group was identified as the perpetrator, gaining access through a customer account lacking multi-factor authentication (MFA).
Personal information belonging to 79,404 people was taken in the attack, including instructions for carers on how to gain entry into the properties of 890 people who were receiving care at home. The stolen data included checklists for medics on how to get into vulnerable people's homes. The ICO cited gaps in applying MFA policies across the organization, a lack of vulnerability scanning, and inadequate patch management as the primary facilitators of the attack.
Recommended read:
References :
- bsky.app: NHS provider Advanced has been fined £3m by ICO for security failures that led to the hugely disruptive ransomware hack in 2022. One shocking new detail - not only was personal info of 79k people taken - it included instructions for carers on how to gain entry into 890 patient's homes.
- The Register - Security: Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.
- techcrunch.com: NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed.
- www.itpro.com: The Information Commissioner's Office (ICO) said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.
- DataBreaches.Net: The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a ransomware attack affecting NHS care. This is nearly half the fine the Information Commissioner’s Office provisionally floated...
- www.cybersecurity-insiders.com: NHS LockBit ransomware attack yields £3.07 million penalty on tech provider
- www.bleepingcomputer.com: UK fines software provider £3.07 million for 2022 ransomware breach
- The DefendOps Diaries: Understanding the 2022 NHS Ransomware Attack: Lessons and Future Preparedness
- Tech Monitor: UK ICO fines Advanced Computer Software £3m after NHS data breach
- www.scworld.com: Advanced slapped with almost $4M fine after LockBit hack
Megan Crouse@eWEEK
//
Cloudflare has launched AI Labyrinth, a new tool designed to combat web scraping bots that steal website content for AI training. Instead of simply blocking these crawlers, AI Labyrinth lures them into a maze of AI-generated content. This approach aims to waste the bots' time and resources, providing a more effective defense than traditional blocking methods which can trigger attackers to adapt their tactics. The AI Labyrinth is available as a free, opt-in tool for all Cloudflare customers, even those on the free tier.
The system works by embedding hidden links within a protected website. When suspicious bot behavior is detected, such as ignoring robots.txt rules, the crawler is redirected to a series of AI-generated pages. This content is "real looking" and based on scientific facts, diverting the bot from the original website's content. Because no human would deliberately explore deep into a maze of AI-generated nonsense, anyone who does can be identified as a bot with high confidence. Cloudflare emphasizes that AI Labyrinth also functions as a honeypot, allowing them to identify new bot patterns and improve their overall bot detection capabilities, all while increasing the cost for unauthorized web scraping.
Recommended read:
References :
- The Register - Software: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content
- eWEEK: Crowdflare’s Free AI Labyrinth Distracts Crawlers That Could Steal Website Content to Feed AI
- The Verge: Cloudflare, one of the biggest network internet infrastructure companies in the world, has announced AI Labyrinth, a new tool to fight web-crawling bots that scrape sites for AI training data without permission. The company says in a blog post that when it detects “inappropriate bot behavior,� the free, opt-in tool lures crawlers down a path
- OODAloop: Trapping misbehaving bots in an AI Labyrinth
- THE DECODER: Instead of simply blocking unwanted AI crawlers, Cloudflare has introduced a new defense method that lures them into a maze of AI-generated content, designed to waste their time and resources.
- Digital Information World: Cloudflare’s Latest AI Labyrinth Feature Combats Unauthorized AI Data Scraping By Giving Bots Fake AI Content
- Ars OpenForum: Cloudflare turns AI against itself with endless maze of irrelevant facts
- Cyber Security News: Cloudflare Introduces AI Labyrinth to Thwart AI Crawlers and Malicious Bots
- poliverso.org: Cloudflare’s AI Labyrinth Wants Bad Bots To Get Endlessly Lost
- aboutdfir.com: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content Cloudflare has created a bot-busting AI to make life hell for AI crawlers.
John Engates@The Cloudflare Blog
//
Cloudflare has announced an expansion of its Zero Trust platform to protect organizations against emerging quantum computing threats. The upgrade focuses on enabling post-quantum cryptography for corporate network traffic, allowing secure routing of communications from web browsers to corporate web applications. This provides immediate, end-to-end quantum-safe connectivity, addressing the increasing vulnerability of conventional cryptography to quantum computer attacks. Cloudflare has been actively developing and implementing post-quantum cryptography since 2017 and are already making post-quantum security free, by default, for all of its customers.
Organizations can tunnel their corporate network traffic through Cloudflare’s Zero Trust platform, thereby shielding sensitive data from potential quantum breaches. Over 35% of non-bot HTTPS traffic that touches Cloudflare is already post-quantum secure, with the expectation that this percentage will grow as more browsers and clients support post-quantum cryptography. The National Institute of Standards and Technology (NIST) is also encouraging this transition, setting a timeline to phase out conventional cryptographic algorithms like RSA and Elliptic Curve Cryptography (ECC) by 2030 and completely disallowing them by 2035.
Cloudflare's CEO Matthew Prince states "Cloudflare has long committed to making post-quantum security the new baseline for Internet security, delivering it to all customers so we can bolster defenses against future quantum threats. Now, we’re offering that protection built directly into our Zero Trust solutions". He continues "We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.”
Recommended read:
References :
- The Cloudflare Blog: Conventional cryptography is under threat. Upgrade to post-quantum cryptography with Cloudflare Zero Trust
- Quartz: Cloudflare is already selling security tools for the quantum computing era
- Help Net Security: Cloudflare boosts defenses against future quantum threats
- www.infosecurity-magazine.com: Cloudflare introduces E2E post-quantum cryptography, enhancing security against quantum threats
@itpro.com
//
Qualys security researchers have uncovered three bypasses in Ubuntu Linux's unprivileged user namespace restrictions, a security feature intended to reduce the attack surface. These bypasses, present in Ubuntu versions 23.10 and 24.04, could enable a local attacker to gain full administrative capabilities. The unprivileged user namespace restrictions were designed to provide security isolation for applications, however, the newly discovered flaws create a weak spot that attackers can exploit.
The bypasses allow a local attacker to create user namespaces with full administrator capabilities. One method involves exploiting the aa-exec tool, while another utilizes Busybox. A third involves LD_PRELOADing a shell into programs with AppArmor profiles. Successful exploitation could allow attackers to bypass security measures, exploit vulnerabilities in kernel components, and potentially gain full system access. Ubuntu was notified of the vulnerabilities on January 15, 2025.
Recommended read:
References :
- Full Disclosure: Qualys Security Advisory Three bypasses of Ubuntu's unprivileged user namespace restrictions.
- The DefendOps Diaries: Understanding Security Bypasses in Ubuntu's Unprivileged User Namespaces
- www.itpro.com: Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
- www.networkworld.com: Ubuntu namespace vulnerability should be addressed quickly: Expert
- BleepingComputer: New Ubuntu Linux security bypasses require manual mitigations
Matthias Bastian@THE DECODER
//
ChatGPT is under fire after falsely accusing a Norwegian man, Arve Hjalmar Holmen, of murdering his two children. Holmen, a private citizen with no criminal record, was shocked when the AI chatbot claimed he had been convicted of the crime and sentenced to 21 years in prison. The response to the prompt "Who is Arve Hjalmar Holmen?" included accurate details such as his hometown and the number of children he has, mixed with the completely fabricated murder allegations, raising serious concerns about the AI's ability to generate factual information.
The incident has prompted a privacy complaint filed by Holmen and the digital rights group Noyb with the Norwegian Data Protection Authority, citing violations of the GDPR, European data law. They argue that the false and defamatory information breaches accuracy provisions, and are requesting that OpenAI, the company behind ChatGPT, correct its model to prevent future inaccuracies about Holmen and face a fine. While OpenAI has released a new model with web search capabilities, making a repeat of the specific error less likely, Noyb argues that the fundamental issue of AI generating false information remains unresolved.
Recommended read:
References :
- The Register - Software: Privacy warriors whip out GDPR after ChatGPT wrongly accuses dad of child murder
- THE DECODER: ChatGPT's bizarre child murder claims about Arve Hjalmar Holmen leave some questions unresolved
- The Tech Basic: ChatGPT Accused of Inventing Fake Crimes in Latest Privacy Complaint
- www.theguardian.com: Norwegian files complaint after ChatGPT falsely said he had murdered his children
Michael Nuñez@AI News | VentureBeat
//
AI security startup Hakimo has secured $10.5 million in Series A funding to expand its autonomous security monitoring platform. The funding round was led by Vertex Ventures and Zigg Capital, with participation from RXR Arden Digital Ventures, Defy.vc, and Gokul Rajaram. This brings the company’s total funding to $20.5 million. Hakimo's platform addresses the challenges of rising crime rates, understaffed security teams, and overwhelming false alarms in traditional security systems.
The company’s flagship product, AI Operator, monitors existing security systems, detects threats in real-time, and executes response protocols with minimal human intervention. Hakimo's AI Operator utilizes computer vision and generative AI to detect any anomaly or threat that can be described in words. Companies using Hakimo can save approximately $125,000 per year compared to using traditional security guards.
Recommended read:
References :
- AiThority: Hakimo Secures $10.5Million to Transform Physical Security With Human-Like Autonomous Security Agent
- AI News | VentureBeat: The watchful AI that never sleeps: Hakimo’s $10.5M bet on autonomous security
- Unite.AI: Hakimo Raises $10.5M to Revolutionize Physical Security with Autonomous AI Agent
Mandvi@Cyber Security News
//
The FishMonger APT, a Chinese cyber-espionage group with ties to the cybersecurity contractor I-SOON, has been implicated in a global espionage operation known as Operation FishMedley. This campaign, active in 2022, targeted a diverse range of entities, including governments, non-governmental organizations (NGOs), and think tanks across Asia, Europe, and the United States. These findings come as the US Department of Justice unsealed an indictment against I-SOON employees for their alleged involvement in espionage campaigns spanning from 2016 to 2023.
The attacks involved sophisticated malware implants such as ShadowPad, Spyder, and SodaMaster, tools frequently associated with China-aligned threat actors. These implants facilitated data theft, surveillance, and network penetration. One case revealed attackers used the Impacket tool to escalate privileges, execute commands, and extract sensitive authentication data from a US-based NGO. ESET's independent research confirms FishMonger is an espionage team operated by I-SOON, highlighting the ongoing threat posed by China-aligned APT groups to sensitive sectors worldwide.
Recommended read:
References :
- Cyber Security News: Chinese FishMonger APT Linked to I-SOON Targets Governments and NGOs
- Virus Bulletin: ESET's Matthieu Faou writes about Operation FishMedley, a global espionage operation by FishMonger, the China-aligned APT group run by I-SOON. In the victims list: governments, NGOs and think tanks across Asia, Europe and the United States.
- : FishMonger APT Group Linked to I-SOON in Espionage Campaigns
- gbhackers.com: GB Hackers: I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
- Talkback Resources: Talkback: Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley [net] [rev] [mal]
|
|
FlagThis - #none