Topic: indicators of compromise

Sort by: Relevance | Date
  • Cl0p Gang Hits Oracle in Major Data Theft Campaign
    October 13, 2025
    78%

    Cl0p Gang Hits Oracle in Major Data Theft Campaign

    The Cl0p ransomware gang exploited a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite to exfiltrate data and send extortion emails to victims in August 2025. Oracle issued a security advisory for the vulnerability, which allows unauthenticated remote attackers to execute code vi...

    Read More »
  • Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035
    September 27, 2025
    78%

    Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...

    Read More »
  • Fortra GoAnywhere MFT Zero-Day Actively Exploited
    September 27, 2025
    75%

    Fortra GoAnywhere MFT Zero-Day Actively Exploited

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...

    Read More »
  • SystemBC Malware Hijacks VPS Servers as Proxy Gateways
    September 22, 2025
    72%

    SystemBC Malware Hijacks VPS Servers as Proxy Gateways

    The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...

    Read More »
  • Major Cybersecurity Firms Impacted by Salesloft Data Breach
    September 3, 2025
    72%

    Major Cybersecurity Firms Impacted by Salesloft Data Breach

    A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...

    Read More »
  • Russian Hackers Hide Malware in CAPTCHA Tests
    October 28, 2025
    70%

    Russian Hackers Hide Malware in CAPTCHA Tests

    Star Blizzard, a Russian state-sponsored hacking group, has escalated cyber-espionage by hiding malware like NoRobot, YesRobot, and MaybeRobot within fake CAPTCHA pages, using social engineering tactics to trick targets into executing harmful code. The group rapidly abandoned its previous LostKey...

    Read More »
  • Ransomware Hackers Weaponize Velociraptor DFIR Tool
    October 11, 2025
    70%

    Ransomware Hackers Weaponize Velociraptor DFIR Tool

    Malicious actors are misusing the Velociraptor digital forensics tool to deploy LockBit and Babuk ransomware, with the Chinese threat group Storm-2603 identified as responsible. Attackers exploited a privilege escalation vulnerability in Velociraptor to maintain persistent access, using technique...

    Read More »
  • Clop Hackers Use Oracle Zero-Day to Steal Executive Data
    October 9, 2025
    70%

    Clop Hackers Use Oracle Zero-Day to Steal Executive Data

    Oracle has patched a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, which hackers exploited to steal sensitive personal data from corporate executives without needing login credentials. The hacking group Clop has been linked to this mass exploitation campaign, sending e...

    Read More »
  • Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)
    September 6, 2025
    70%

    Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)

    A critical zero-day vulnerability (CVE-2025-53690) in Sitecore on-premises deployments is being actively exploited, allowing unauthorized access and remote code execution. Attackers leverage a known sample ASP.NET machine key to exploit ViewState deserialization, enabling them to deploy malware, ...

    Read More »
  • Oracle Quietly Patches Critical Zero-Day Exposed by Hackers
    October 16, 2025
    65%

    Oracle Quietly Patches Critical Zero-Day Exposed by Hackers

    Oracle urgently patched a critical pre-authentication SSRF vulnerability (CVE-2025-61884) in its E-Business Suite after the ShinyHunters group leaked a working exploit, enabling unauthorized access without login credentials. Two separate threat actors, Clop and ShinyHunters, exploited distinct Or...

    Read More »
  • Cyber Attackers Target Retail Gift Cards with Cloud-Only Tactics
    October 23, 2025
    60%

    Cyber Attackers Target Retail Gift Cards with Cloud-Only Tactics

    The "Jingle Thief" cyber campaign targets retailers by exploiting cloud environments using stolen credentials from phishing, bypassing traditional malware and endpoint security. Attackers gain access to gift-card systems by manipulating inboxes, enrolling rogue devices, and bypassing multi-factor...

    Read More »
  • Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches
    October 21, 2025
    45%

    Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches

    Cybersecurity experts warn of a serious threat exploiting a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking hardware, allowing attackers with root access to install persistent rootkits. The campaign, named 'Operation Zero Disco', targets Cisco switches li...

    Read More »

Related Topics

remote code execution (59) cybersecurity threats (62) data exfiltration (56) cve-2025-61882 (8) data theft (44) vulnerability exploitation (39) security advisory (14) zero-day exploitation (13)