WinRAR vulnerability exploited in malware campaigns
WinRAR patched a vulnerability (CVE-2025-8088) that was actively exploited by Russian-linked cybercriminals through phishing emails containing malicious RAR attachments. The flaw allows attackers to achieve remote code execution by writing files to arbitrary system locations including Windows Startup folders. All WinRAR versions prior to 7.13 are affected.
If you use WinRAR, update it to version 7.13 or later from the official WinRAR, because hackers are sending malicious archive attachments and if you open them you are hacked. Also, be very careful with any RAR file attachments in emails, especially unexpected ones.
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/winrar-vulnerability-exploited-in-malware-campaigns-w-6-k-x-v/gD2P6Ple2L
U.S. Federal Judiciary confirms cyberattack exposing court records and confidential informant identities
The U.S. Federal Judiciary confirmed a cybersecurity incident affecting its electronic case management systems (CM/ECF and PACER) that exposed highly sensitive data including confidential informants' identities, sealed court documents, and case information across multiple federal jurisdictions.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/u-s-federal-judiciary-confirms-cyberattack-exposing-court-records-and-confidential-informant-identities-y-2-i-7-t/gD2P6Ple2L
Pakistan Petroleum Limited hit by ransomware attack
Pakistan Petroleum Limited (PPL), one of Pakistan's largest state-owned energy companies, confirmed a ransomware attack detected on August 6, 2025. The attack is claimed by the "Blue Locker" gang, which allegedly encrypted servers, deleted backups, and stole sensitive data.
****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/pakistan-petroleum-limited-hit-by-ransomware-attack-w-8-q-d-r/gD2P6Ple2L
CISA and Microsoft warn of an Exchange Server Hybrid flaw enabling attackers to compromise the Cloud instance
CISA and Microsoft are warning of a vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that allows authenticated attackers with administrative access to escalate privileges from on-premises Exchange servers to connected cloud environments.
If you run Exchange Server in hybrid mode with cloud services, plan an install Microsoft's April 2025 hotfix updates and follow their dedicated hybrid app configuration guidance. Yes, the exploit requires admin privileges on the on-prem server. Yes, someone will get those given enough time. So don't give them the time.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-and-microsoft-warn-of-an-exchange-server-hybrid-flaw-enabling-attackers-to-compromise-the-cloud-instance-t-4-5-z-r/gD2P6Ple2L
Healthcare devices exposed: over 1.2 million medical systems found misconfigured and accessible on the Internet
Cybersecurity company Modat discovered over 1.2 million internet-connected healthcare devices globally (including MRI scanners, CT machines, and X-ray systems) exposed on the open internet due to misconfigurations. The devices also had default passwords and part of them had unpatched vulnerabilities. Sensitive patient data including medical imaging, PHI, and treatment records accessible to potential attackers.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/healthcare-devices-exposed-over-1-2-mmillion-medical-systems-found-misconfigured-and-accessible-on-the-internet-p-w-q-r-n/gD2P6Ple2L
Venice Film Festival confirms data breach affecting accredited participants
The Venice International Film Festival confirmed a cyberattack where unknown attackers compromised festival servers and copied documents containing personal data of accredited participants, journalists and industry members. The organization isolated affected systems, notified authorities, and sent breach notifications to the affected individuals.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/venice-film-festival-confirms-data-breach-affecting-accredited-participants-h-a-q-q-r/gD2P6Ple2L
Hackers breach Salesforce instances of major corporations through voice phishing
ShinyHunters gang is conducting a sophisticated voice phishing campaign targeting Salesforce CRM instances and has breached major corporations including Cisco, Google, Chanel, Pandora, KLM, and Air France. The attack is tricking employees into authorizing malicious OAuth applications.
Always verify any urgent call from "IT" or anyone representing authority. The urgent call technique paired with pressure tactics and abuse of the ability of most users to grant access to apps is extremely dangerous.
#cybersecurity #infosec #attack #activeattack
https://beyondmachines.net/event_details/hackers-breach-salesforce-instances-of-major-corporations-through-voice-phishing-x-5-x-3-m/gD2P6Ple2L
Google confirms data breach of Salesforce instance via voice phishing attack
Google confirmed that ShinyHunters cybercriminals breached one of its Salesforce instances in June 2025 using voice phishing tactics to trick an employee into authorizing a malicious connected application, exposing business contact information for small and medium-sized enterprise customers. This breach is part of the ongoing voice phishing campaign targeting Salesforce instances that has also compromised Cisco, Chanel, Pandora, KLM, and other major organizations.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/google-confirms-data-breach-of-salesforce-instance-via-voice-phishing-attack-d-8-c-s-u/gD2P6Ple2L
Team82 Researchers report multiple flaws in Axis Communications CCTV Systems
Security researchers disclosed four vulnerabilities in Axis Communications surveillance equipment affecting the proprietary Axis.Remoting protocol, with the most critical flaw allowing authenticated remote code execution that could lead to complete system compromise. Over 6,500 servers exposing these systems were discovered on the internet, potentially affecting hundreds of thousands of cameras.
If you're using Axis surveillance equipment (Camera Station Pro, Camera Station, or Device Manager), review your systems and the advisories. Make sure the surveillance systems are isolated from the internet, and then plan an upgrade to the latest patched versions (Pro 6.9, Station 5.58, Device Manager 5.32).
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/team82-researchers-report-multiple-flaws-in-axis-communications-cctv-systems-o-i-a-p-2/gD2P6Ple2L
KLM and Air France report data breach through third-party customer service system
KLM Royal Dutch Airlines and Air France confirmed a data breach exposing customer data after attackers compromised a third-party customer service system. The incident appears to be part of the ongoing voice phishing campaign targeting Salesforce instances that also affected Cisco, Chanel, and Pandora among others.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/klm-royal-dutch-airlines-reports-data-breach-through-third-party-customer-service-system-g-a-m-5-e/gD2P6Ple2L
BeyondMachines :verified: