Topic: google threat intelligence
-
SonicWall Zero-Day Exploit Patched (CVE-2025-40602)
SonicWall has released a critical update for a new, actively exploited local privilege escalation flaw (CVE-2025-40602) in its SMA 1000 series appliances, urging immediate patching. This vulnerability is especially dangerous when chained with a previously patched flaw (CVE-2025-23006), allowing a...
Read More » -
SonicWall SMA1000 Zero-Day Exploited in Active Attacks
SonicWall has issued an urgent alert for SMA1000 appliance users to apply a critical update, as active attacks exploit a new medium-severity local privilege escalation flaw (CVE-2025-40602) chained with a previously patched critical bug to achieve remote code execution with root privileges. The v...
Read More » -
Russian Hackers Hide Malware in CAPTCHA Tests
Star Blizzard, a Russian state-sponsored hacking group, has escalated cyber-espionage by hiding malware like NoRobot, YesRobot, and MaybeRobot within fake CAPTCHA pages, using social engineering tactics to trick targets into executing harmful code. The group rapidly abandoned its previous LostKey...
Read More » -
North Korean Hackers' New EtherHiding Crypto Heist
A North Korean hacking group is using EtherHiding, a blockchain-based method that embeds malware in smart contracts, making the blockchain a resilient command-and-control server for malicious activities. EtherHiding resists traditional cybersecurity measures because it operates on a decentralized...
Read More » -
Nation-State Hackers Use "Bulletproof" Blockchains to Spread Malware
State-sponsored hackers, including a North Korean group, are now hiding malware within public cryptocurrency blockchains, creating a resilient and nearly untouchable hosting platform. This technique, called "EtherHiding," embeds malicious code in smart contracts on blockchains like Ethereum, leve...
Read More » -
Google: Clop Hackers Stole Major Data in Oracle Breach
The Clop ransomware group breached Oracle's E-Business Suite starting around August 9, exploiting a zero-day vulnerability (CVE-2025-61882) to steal corporate data before patches were available. Victims received extortion emails from Clop affiliates demanding payment to prevent public data releas...
Read More » -
Urgent: Hackers Exploit Unpatched Oracle EBS Vulnerabilities
Oracle has confirmed active exploitation of unpatched vulnerabilities in its E-Business Suite, with hackers sending extortion emails claiming to have stolen sensitive corporate data. The vulnerabilities were resolved in the July 2025 Critical Patch Update, which addressed nine EBS flaws, includin...
Read More » -
Oracle Warns Known Flaws Fueling Recent Ransomware Attacks
Oracle is warning that known vulnerabilities in its E-Business Suite are being exploited in ransomware attacks, with customers receiving extortion emails linked to patched security flaws. The Cl0p ransomware group, possibly connected to FIN11, is suspected of sending these emails from compromised...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
Google: BrickStorm Malware Stole U.S. Data for a Year
A sophisticated cyber espionage campaign using BrickStorm malware successfully stole sensitive data from American technology, legal, SaaS, and BPO companies for over a year before being detected. The malware, attributed to China-linked group UNC5221, is a versatile backdoor that operates stealthi...
Read More » -
SonicWall SMA100 Update Eradicates Rootkit Malware
SonicWall has released a critical firmware update for its SMA 100 series appliances that can eradicate the OVERSTEP rootkit malware, which enables persistent unauthorized access and data theft. The update is urgent due to active attacks by threat actor UNC6148, who uses the rootkit to steal sensi...
Read More » -
Qualys, Tenable Hit in Salesloft Data Breach
Tenable and Qualys experienced unauthorized access to their Salesforce data due to stolen OAuth tokens from the Salesloft Drift application, highlighting risks from third-party integrations. Both firms confirmed their core products and services were unaffected, and they responded by disabling the...
Read More » -
Major Cybersecurity Firms Impacted by Salesloft Data Breach
A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...
Read More » -
Zscaler Breach: Customer Data Exposed via Third-Party Hack
A security breach at Zscaler exposed customer data via a compromised third-party AI chat agent, Salesloft Drift, which allowed attackers to access sensitive records in the company's Salesforce environment. The compromised information includes names, email addresses, job titles, phone numbers, reg...
Read More »