#data-breach

Researchers found that billions of leaked credentials from this year reveal users still relying on laughably weak passwords like ‘123456’, ‘admin’, and even ‘Minecraft’, leaving accounts wide open to brute-force attacks.

Source: Comparitech

SO! This one is the post i eluded too earlier! Welcome the source of so so many issues in this story. The reason behind the Shadowtale and Mechatale infections. Welcome Data-Breach everyone!

The art is as always made by the wonderful @hoodedalchemist!!

Actively exploited vulnerabilities and fast-moving malware campaigns hit servers, routers, and everyday apps this week, exposing how quickly attackers are abusing weak patching, trusted platforms, and fragile supply chains.

Malware campaigns, ransomware fallout and supply-chain abuse converged this week, hitting consumers, developers, public services and global organisations at once, underscoring how broad and interconnected cyber risk has become.

A 25-year-old Russian hacker has confessed to selling stolen access to US firms and sharing in Yanluowang ransomware profits, exposing how the group split multimillion-dollar payments among its members.

Source: The Register | US Department of Justice (Court Filing)

Amazon Web Services (AWS) experienced a major outage caused by DNS resolution failures, temporarily disrupting access to numerous online platforms including Amazon.com, Prime Video, and Canva. The incident exposed ongoing fragility in global internet infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities catalogue, adding five actively exploited flaws impacting Oracle E-Business Suite and Microsoft Windows, including one critical Windows SMB privilege escalation vulnerability now under active attack.

Japanese retailer Muji suspended online sales after a ransomware attack at its logistics provider Askul, which also halted shipments and order processing. The disruption affected multiple retail operations dependent on Askul’s supply network.

The Ministry of State Security (MSS) in China accused the U.S. National Security Agency (NSA) of launching a cyberattack on the National Time Service Centre, claiming the use of 42 specialised tools to compromise critical infrastructure systems.

Microsoft revoked over 200 fraudulent code-signing certificates used in a ransomware campaign delivered through fake Teams installers linked to threat group Vanilla Tempest. Meanwhile, over 75,000 WatchGuard devices remain exposed to a critical remote code execution flaw.

Security researchers also reported the GlassWorm malware spreading via OpenVSX and Visual Studio Code marketplaces, marking a new phase of supply-chain compromise targeting developers with self-propagating malicious packages.

Today’s advisories highlight extensive critical updates across Linux kernel distributions, addressing numerous privilege escalation and denial-of-service flaws. CISA confirmed new actively exploited vulnerabilities in Microsoft Windows SMB and Adobe Experience Manager, while Oracle E-Business Suite and VMware Cloud Foundation received urgent patches for remotely exploitable code execution risks.

Highlights of the day:

China accuses NSA of cyberattacks on national infrastructure: Beijing claims the U.S. National Security Agency infiltrated the National Time Service Centre using 42 attack tools between 2022 and 2024, potentially impacting communications and power systems.

AWS outage disrupts major online services: DNS and network load balancer failures in AWS’s US-EAST-1 region caused widespread downtime affecting Amazon, Prime Video, Fortnite, and other platforms before recovery was completed.

Dolby decoder flaw enables zero-click code execution: CVE-2025-54957 in the Dolby Unified Decoder allows remote code execution via crafted audio messages, affecting Android, macOS, and iOS devices before vendor patches were released.

131 spamware extensions abuse Chrome Web Store: A cluster of extensions posing as WhatsApp automation tools injected malicious code into WhatsApp Web, impacting over 20,000 users and linked to Brazilian firms DBX Tecnologia and Grupo OPT.

GlassWorm spreads through VS Code Marketplace: The self-propagating malware used invisible Unicode code and blockchain-based command-and-control to infect 35,800 extensions, turning developer systems into proxy nodes.

Ransomware halts operations at Japan’s Askul: A cyberattack forced the retailer to suspend online orders and shipments, disrupting logistics for partners including Muji, Loft, and Sogo & Seibu.

Windows SMB flaw under active exploitation: Attackers are abusing CVE-2025-33073 to gain SYSTEM privileges on unpatched Windows systems, prompting CISA to add it to its Known Exploited Vulnerabilities Catalogue.

Large-scale supply chain compromise across developer ecosystems, active exploitation of enterprise networking flaws, and major data theft incidents shaped a high-impact week for global organisations.

ShinyHunters exploited a Canvas vulnerability to steal 3.65TB of data affecting nearly 275 million records and later defaced hundreds of school portals after shifting to direct institutional extortion.

Source: Halcyon