VulnHub

Real-time Cybersecurity News

Lone Hacker Used Infostealers to Access Data at 50 Global Companies

Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited
Data Breach

Overview

A recent report from Hudson Rock has revealed that an Iranian hacker, known as Zestix, successfully breached 50 global companies, including Iberia Airlines and Pickett & Associates. The hacker gained access by exploiting stolen passwords and taking advantage of the companies' failure to implement multi-factor authentication (MFA). This incident raises concerns about the security practices of major organizations, especially as Zestix's activities highlight vulnerabilities that could be easily mitigated. The breaches not only compromise sensitive data but also pose a significant risk to the reputation and trustworthiness of the affected companies. Organizations should reassess their security measures to prevent similar attacks in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Iberia Airlines, Pickett & Associates, and 48 other global companies
  • Action Required: Companies should implement multi-factor authentication and regularly update password policies to enhance security.
  • Timeline: Newly disclosed

Original Article Summary

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA.

Impact

Iberia Airlines, Pickett & Associates, and 48 other global companies

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should implement multi-factor authentication and regularly update password policies to enhance security.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

GopherWhisper APT group hides command and control traffic in Slack and Discord

Help Net Security

A new advanced persistent threat group, identified as GopherWhisper, has been linked to cyberattacks targeting a Mongolian government entity. This group, which appears to be aligned with China, is utilizing popular collaboration tools like Slack and Discord to conceal its command and control communications. By embedding malicious traffic within normal enterprise activities, they are making detection more difficult. This trend of leveraging widely used platforms for malicious purposes raises concerns for organizations that rely on these tools for communication and collaboration. As attackers continue to innovate in their methods, it is crucial for companies to remain vigilant and enhance their security measures to protect against such tactics.

Apr 23, 2026

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

SecurityWeek

A newly discovered vulnerability in Microsoft Defender has been exploited as a zero-day, allowing attackers to access the Security Account Manager (SAM) database. This flaw enables them to extract NTLM hashes, potentially granting them system-level privileges. This is particularly concerning as it affects a widely used security solution, which could put numerous systems at risk. Organizations using Microsoft Defender should be vigilant, as this exploitation may lead to unauthorized access to sensitive data and systems. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on user security.

Apr 23, 2026

Cyberattacks increasingly caused by unchecked AI agents

SCM feed for Latest

A report from Infosecurity Magazine warns that organizations are increasingly vulnerable to cyberattacks due to a lack of effective strategies for managing AI agents. As companies adopt AI technologies without appropriate oversight, the risk of these systems being exploited by attackers rises. This situation poses a significant threat to data security and system integrity, as poorly governed AI can facilitate malicious activities. Organizations that fail to implement clear guidelines for AI use may find themselves facing increased incidents of cybersecurity breaches. Addressing this issue is crucial for protecting sensitive information and maintaining trust in digital systems.

Apr 22, 2026

Agoda refutes claims of massive data breach

SCM feed for Latest

Agoda, a popular booking platform in Asia, has denied rumors of a significant data breach that allegedly compromised 82 million user records. This denial comes shortly after its parent company, Booking Holdings, reported a data breach affecting Booking.com, which exposed sensitive user reservation information. The claims about Agoda's breach were fueled by concerns over the recent vulnerability at Booking.com, raising alarms about the security of user data across these platforms. While Agoda insists that no such breach occurred, the situation highlights ongoing concerns over data security in the travel industry. Users should remain vigilant about their personal information, especially in light of recent incidents affecting major companies.

Apr 22, 2026

Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

SCM feed for Latest

A severe vulnerability in Apache ActiveMQ, identified as CVE-2026-34197, has put over 6,400 servers at risk of exploitation. This widely used open-source message broker is utilized globally, with 6,476 instances exposed to the internet. Attackers could potentially execute code remotely, which could lead to significant security breaches. Organizations using ActiveMQ should take immediate action to assess their systems and implement protective measures. The urgency of this situation highlights the need for timely updates and monitoring of server configurations to prevent unauthorized access.

Apr 22, 2026

Extensive Citizens Financial Group, Frost Bank breaches claimed by Everest ransomware

SCM feed for Latest

Citizens Financial Group and Frost Bank, two significant U.S. banks, have reportedly fallen victim to the Everest ransomware group. This operation has claimed to have stolen large volumes of sensitive data from both institutions and is threatening to release this information by April 26. The breach is concerning not only for the banks but also for their customers, as it raises fears about the exposure of personal and financial information. Ransomware attacks on financial institutions can lead to severe consequences, including financial loss and damage to customer trust. As the situation develops, both banks will need to respond quickly to mitigate the impact of this breach and reassure their clients.

Apr 22, 2026