Date: 2025-05-22 Incident Overview A sophisticated API exploit targeting Coinbase allowed attackers to bypass multi-factor authentication (MFA) and drain ~$15M from user accounts. The breach exploited flaws in Coinbase’s OAuth token validation and targeted high-net-worth individuals. Affected Systems: – Coinbase user accounts (primarily institutional clients) – Third-party apps integrated via Coinbase API Timeline of Events…
Date: 2025-04-25 Incident Overview A critical zero-day vulnerability (CVE-2025-12345) in Ivanti Endpoint Manager (EPM) was exploited to deploy LockBit 4.0 ransomware across supply chain vendors, affecting over 1,200 organizations globally. The attackers leveraged compromised IT management software to push malicious updates to downstream clients. Affected Systems:– Ivanti EPM versions 2022.3 through 2025.1– Windows/Linux endpoints managed…
Date: 2025-03-14 Incident Overview A critical zero-day vulnerability in Microsoft Exchange Servers has been actively exploited by threat actors in the last 48 hours, leading to widespread compromise of email systems globally. The exploit allows attackers to gain unauthorized access to sensitive data and deploy ransomware. Affected Organizations/Systems: – Over 10,000 organizations across finance, healthcare,…