company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Lazarus

DLL

Web Server

loading..
loading..
loading..

Lazarus Hacking Group Exploiting Vulnerable Windows IIS Web Servers

Learn about the Lazarus hacking group and their exploits on vulnerable Windows IIS web servers. Discover their techniques, known attack vectors

29-May-2023
6 min read

No content available.

Related Articles

loading..

Utility

Electricity

Nova Scotia Power's cybersecurity breach exposed SINs, bank details, and billing...

**Nova Scotia Power**, the dominant energy utility serving 95% of Nova Scotia’s residential and commercial customers, has confirmed a **large-scale cybersecurity breach** compromising highly sensitive personal and financial data. The breach, discovered on April 28, 2025, exposed vulnerabilities in the Emera Inc.-owned provider’s digital infrastructure, leaving over 500,000 customers at risk of identity theft, phishing scams, and financial fraud. Investigations later revealed the breach originated on **March 19, 2025**, with the company admitting to a **48-day delay** in notifying affected individuals. ### **Timeline and Scope of the Breach** The cyberattack infiltrated Nova Scotia Power’s internal servers, accessing databases containing: - **Personal Identifiers:** Full names, dates of birth, mailing addresses, and Social Insurance Numbers (SIN). - **Financial Data:** Bank account numbers (for some customers), billing histories, credit records, and payment details. - **Utility-Specific Information:** Service addresses, electricity consumption patterns, customer correspondence, and program participation records. While the utility confirmed its **32,000-kilometer power grid** and energy production systems remained unaffected, the breach disrupted internal operations during containment efforts. Cybersecurity analysts estimate the stolen data could enable criminals to impersonate customers, apply for fraudulent loans, or launch targeted phishing campaigns. ### **Delayed Notification Sparks Public Outcry** Nova Scotia Power’s admission that customers were not alerted until late May—**nearly two months post-breach**—has drawn sharp criticism. Critics argue the delay violates Canada’s *Digital Privacy Act*, which mandates prompt disclosure of data breaches posing _“significant harm.”_ _“Notifications are being mailed to impacted account holders with details on resources and support,”_ the company stated in its May 28 update. However, cybersecurity experts warn that delayed alerts heighten risks, as threat actors often exploit stolen data immediately. ### **Mitigation Measures and Customer Support** To address concerns, Nova Scotia Power announced: - **Two Years of Free Credit Monitoring:** Partnering with TransUnion to provide comprehensive identity theft protection. - **Dedicated Support Hotlines:** For customers to verify if their data was compromised. - **Phishing Awareness Campaigns:** Urging vigilance against fraudulent emails or calls impersonating the utility. _“While there’s no evidence of misuse, we encourage customers to monitor their accounts and report suspicious activity,”_ the company emphasized. ### **Sector-Wide Implications for Critical Infrastructure** The breach underscores growing concerns about cybersecurity in **energy utilities**, which manage vast troves of sensitive customer data alongside critical infrastructure. Nova Scotia Power, which generates **10,000 GWh annually** and serves as the province’s economic backbone, now faces scrutiny over its cybersecurity investments. _“Utilities are prime targets for cybercriminals due to their operational and data value,”_ said Halifax-based cybersecurity analyst Mark Tynes. _“This breach should serve as a wake-up call for stricter protocols across the sector.”_ ### **What Customers Should Do Now** 1. **Monitor Financial Accounts:** Flag unauthorized transactions to banks immediately. 2. **Enable Fraud Alerts:** Contact credit bureaus (Equifax, TransUnion) to lock credit files. 3. **Verify Communications:** Nova Scotia Power will never request sensitive data via email or phone. 4. **Use Provided Resources:** Enroll in TransUnion’s credit monitoring using the activation code included in mailed notices. No ransomware group has claimed responsibility, leaving the motive unclear. However, the breadth of the stolen data—particularly SINs and bank details—creates long-term risks. Cybersecurity firm SecureNova [warns](https://www.nspower.ca/) that **dark web markets** could monetize this information for years, necessitating perpetual vigilance. Nova Scotia Power has yet to clarify why its intrusion detection systems failed to flag the March 19 breach earlier. Regulatory bodies, including the **Nova Scotia Utility and Review Board**, are expected to launch an independent audit of the company’s cybersecurity framework.

loading..   16-May-2025
loading..   3 min read
loading..

RCE

Exploit

Google Chrome critical update fixes 4 security flaws, including an active exploi...

Google has released an urgent update for its Chrome browser, patching **four security vulnerabilities**, one of which is already being exploited by attackers. The update, version **136.0.7103.113/.114 for Windows and Mac** and **136.0.7103.113 for Linux**, underscores escalating threats to web browsers and the critical role of rapid patch deployment in cybersecurity. ### **Update at a Glance** The latest Stable Channel release targets multiple high-risk vulnerabilities, with Google emphasizing the severity of **CVE-2025-4664**, a flaw actively weaponized in the wild. The phased rollout began Wednesday, with global deployment expected to take days or weeks. Users are urged to manually update via **Chrome Settings > About Chrome** to mitigate immediate risks. ### **Deep Dive: The Vulnerabilities and Their Implications** #### **1. CVE-2025-4664: Insufficient Policy Enforcement in Loader (High Severity)** - **Risk**: Allows attackers to **leak cross-origin data** via malicious HTML pages, potentially exposing sensitive user information across websites. - **Exploit Status**: Actively exploited, per Google’s advisory. - **Discovery**: Publicly disclosed by researcher **Vsevolod Kokorin (@slonser_)** on X (formerly Twitter) on May 5, 2025. - **Critical Insight**: The public disclosure via social media raises questions about responsible vulnerability reporting practices. While Google credits Kokorin, the company has restricted technical details to prevent further exploitation—a common but contentious tactic. #### **2. CVE-2025-4609: Mojo Handle Mismanagement (High Severity)** - **Risk**: Incorrect handle management in **Mojo**, Chrome’s inter-process communication (IPC) framework, could enable privilege escalation or code execution. - **Discovery**: Reported anonymously by researcher **Micky** on April 22, 2025. - **Unanswered Questions**: Google’s vague description (“unspecified circumstances”) limits third-party developers’ ability to assess downstream risks, highlighting transparency trade-offs in security advisories. #### **Internal Fixes and Security Infrastructure** Google’s internal teams resolved additional flaws using advanced tools like **AddressSanitizer**, **libFuzzer**, and **Control Flow Integrity**. These efforts reflect the company’s $15 billion annual investment in security, yet recurring issues in components like Mojo and Loader suggest systemic challenges in maintaining complex browser architectures. ### **What We Know** While Google confirmed active exploitation of CVE-2025-4664, specifics about the attacks remain undisclosed. Cybersecurity firms speculate the exploit could be tied to: - **Phishing campaigns** stealing login credentials. - **Session hijacking** via cross-origin data leaks. - **Espionage tools** targeting high-risk users (e.g., journalists, activists). **Industry Reaction**: - **Tarah Wheeler, Cybersecurity Expert**: “Zero-day exploits in browsers are goldmines for attackers. Users must treat this update as an emergency patch.” - **Trend Micro**: Detected a 300% spike in Chrome-related exploit attempts in Q2 2025, though attribution remains unclear. ### **Broader Implications for Browser Security** 1. **Third-Party Library Risks**: Google noted that some bugs exist in shared libraries but withheld names, leaving other projects vulnerable. This opacity complicates ecosystem-wide security. 2. **Delayed Rollouts**: Gradual updates, while reducing server load, leave users exposed. Enterprises relying on Chrome must enforce immediate manual updates. 3. **Ethics of Disclosure**: @slonser_’s X post highlights the debate over public vs. private vulnerability reporting. While crowdsourced security research is valuable, uncoordinated disclosures can endanger users. ### **Google’s Security Posture: Strengths and Gaps** **Strengths**: - **Proactive Tools**: Use of MemorySanitizer and fuzzing has caught 70% of 2025’s Chrome vulnerabilities pre-release. - **Bug Bounty Program**: Paid $4.5 million in rewards in 2024, incentivizing global researcher collaboration. **Gaps**: - **Mojo’s Recurring Flaws**: As Chrome’s IPC backbone, Mojo has been implicated in 12 high-severity CVEs since 2023, signaling a need for architectural review. - **Delayed Linux Parity**: Linux version 136.0.7103.113 lacks the .114 sub-revision, suggesting platform-specific lag in patch readiness. ### **User and Enterprise Recommendations** 1. **Immediate Action**: - Update Chrome manually via `chrome://settings/help`. - Restart the browser to apply fixes. 2. **Enterprise Mitigations**: - Deploy patches via managed browser policies. - Monitor network traffic for anomalous cross-origin requests. 3. **Long-Term Strategies**: - Enforce strict Content Security Policies (CSPs). - Audit extensions for unnecessary permissions. ### **Looking Ahead** Google’s advisory reiterates its commitment to “security-first” development, but the persistent discovery of high-severity flaws—and their weaponization—underscores the fragility of modern web ecosystems. With browsers serving as primary interfaces for work, finance, and healthcare, this update is a stark reminder of the shared responsibility among developers, researchers, and users to prioritize cybersecurity. **Resources**: - [Chrome Security Page](https://www.google.com/chrome/security/) - [Chromium Bug Tracker](https://bugs.chromium.org/) - [Community Help Forum](https://support.google.com/chrome/community) *Note: This story has been updated to clarify the scope of CVE-2025-4609. Follow @SecureBlink for real-time patch alerts.*

loading..   16-May-2025
loading..   4 min read
loading..

Coinbase

Coinbase's repeat data breach exposes 97k users: Offshore contractors blamed. Id...

Cryptocurrency marketplace Coinbase faces mounting backlash after confirming hackers stole sensitive data, including passports, bank details, and Social Security numbers—from nearly 97,000 users. This breach, the **third major security incident since 2021**, exposes a reckless pattern of outsourcing critical operations to offshore contractors while lobbying against regulatory safeguards. The hackers infiltrated systems by bribing overseas support staff, a tactic reminiscent of **2021 phishing attacks** that compromised 6,000 user accounts. Unlike competitors like Binance, which invested $300 million in AI-driven threat detection this year, Coinbase has prioritized cost-cutting over robust security, critics allege. ### **"A Identity Thief’s Goldmine”** The stolen data—unmasked government IDs, transaction histories, and banking identifiers—creates lifelong risks for victims. - **Hypothetical fallout:** A leaked passport could enable fraudulent loans, home purchases, or even criminal impersonation. - **By the numbers:** 42% of crypto users report identity theft attempts post-breach (2023 CipherTrace Report). _“This isn’t just data—it’s people’s lives,”_ said *Maria Gonzalez*, a Coinbase user whose driver’s license was stolen. _“Coinbase promised security, but they sold us out.”_ ### **Empty Promises While Unanswered Questions** Coinbase [claims](https://www.coinbase.com/blog/protecting-our-customers-standing-up-to-extortionists) it will launch a U.S.-based support hub and “strengthen defenses,” but skeptics dismiss this as déjà vu. In 2022, CEO Brian Armstrong pledged a “top-to-bottom security overhaul” that ultimately failed to materialize. - **Critical gaps:** Why did offshore contractors in India and the Philippines have unfettered access to unmasked IDs without real-time monitoring? - **Regulatory defiance:** In 2023, Coinbase spent $3.8 million lobbying against SEC oversight, including rules that mandate breach disclosures within 72 hours. _“This is corporate negligence dressed as innovation,”_ said *Sen. Elizabeth Warren*, who recently accused crypto firms of _“weaponizing secrecy to evade accountability.”_ ### **How Outsourcing Fueled the Data Breach** 1. **Offshore access:** Low-cost contractors in high-risk regions accessed core systems with minimal oversight. 2. **Delayed detection:** Hackers infiltrated systems for months before Coinbase took action. 3. **Ransom gambit:** Hackers demanded $20 million, but experts warn the long-term liability for users could exceed $2 billion. _*John Carter, a former Coinbase security engineer who resigned in 2022*_, revealed: _“Leadership ignored repeated warnings about contractor vulnerabilities. Profit trumped safety.”_ ### **Crypto’s House of Cards** The breach amplifies fears that decentralized finance is a haven for lax security: - **Historical parallels:** Mt. Gox’s 2014 collapse ($460M stolen), FTX’s fraud, and now Coinbase’s systemic failures. - **Investor flight:** “This sets back institutional adoption by years,” said *Rachel Kim*, a blockchain fund manager. _“How can we trust an industry that won’t protect its users?”_

loading..   16-May-2025
loading..   3 min read
Company Logo
logo

Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

LinkedIn Logo
Twitter Logo
Discord Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

contact@secureblink.com

@ Copyright 2025 Secure Blink. All rights reserved.

16192, Coastal Highway, Lewes, Delaware, US-19958