Topic: indicators of compromise

  • Cl0p Gang Hits Oracle in Major Data Theft Campaign

    Cl0p Gang Hits Oracle in Major Data Theft Campaign

    The Cl0p ransomware gang exploited a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite to exfiltrate data and send extortion emails to victims in August 2025. Oracle issued a security advisory for the vulnerability, which allows unauthenticated remote attackers to execute code vi...

    Read More »
  • Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...

    Read More »
  • Fortra GoAnywhere MFT Zero-Day Actively Exploited

    Fortra GoAnywhere MFT Zero-Day Actively Exploited

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...

    Read More »
  • SystemBC Malware Hijacks VPS Servers as Proxy Gateways

    SystemBC Malware Hijacks VPS Servers as Proxy Gateways

    The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...

    Read More »
  • Major Cybersecurity Firms Impacted by Salesloft Data Breach

    Major Cybersecurity Firms Impacted by Salesloft Data Breach

    A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...

    Read More »
  • Russian Hackers Hide Malware in CAPTCHA Tests

    Russian Hackers Hide Malware in CAPTCHA Tests

    Star Blizzard, a Russian state-sponsored hacking group, has escalated cyber-espionage by hiding malware like NoRobot, YesRobot, and MaybeRobot within fake CAPTCHA pages, using social engineering tactics to trick targets into executing harmful code. The group rapidly abandoned its previous LostKey...

    Read More »
  • Ransomware Hackers Weaponize Velociraptor DFIR Tool

    Ransomware Hackers Weaponize Velociraptor DFIR Tool

    Malicious actors are misusing the Velociraptor digital forensics tool to deploy LockBit and Babuk ransomware, with the Chinese threat group Storm-2603 identified as responsible. Attackers exploited a privilege escalation vulnerability in Velociraptor to maintain persistent access, using technique...

    Read More »
  • Clop Hackers Use Oracle Zero-Day to Steal Executive Data

    Clop Hackers Use Oracle Zero-Day to Steal Executive Data

    Oracle has patched a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, which hackers exploited to steal sensitive personal data from corporate executives without needing login credentials. The hacking group Clop has been linked to this mass exploitation campaign, sending e...

    Read More »
  • Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)

    Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)

    A critical zero-day vulnerability (CVE-2025-53690) in Sitecore on-premises deployments is being actively exploited, allowing unauthorized access and remote code execution. Attackers leverage a known sample ASP.NET machine key to exploit ViewState deserialization, enabling them to deploy malware, ...

    Read More »
  • Oracle Quietly Patches Critical Zero-Day Exposed by Hackers

    Oracle Quietly Patches Critical Zero-Day Exposed by Hackers

    Oracle urgently patched a critical pre-authentication SSRF vulnerability (CVE-2025-61884) in its E-Business Suite after the ShinyHunters group leaked a working exploit, enabling unauthorized access without login credentials. Two separate threat actors, Clop and ShinyHunters, exploited distinct Or...

    Read More »
  • Cyber Attackers Target Retail Gift Cards with Cloud-Only Tactics

    Cyber Attackers Target Retail Gift Cards with Cloud-Only Tactics

    The "Jingle Thief" cyber campaign targets retailers by exploiting cloud environments using stolen credentials from phishing, bypassing traditional malware and endpoint security. Attackers gain access to gift-card systems by manipulating inboxes, enrolling rogue devices, and bypassing multi-factor...

    Read More »
  • Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches

    Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches

    Cybersecurity experts warn of a serious threat exploiting a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking hardware, allowing attackers with root access to install persistent rootkits. The campaign, named 'Operation Zero Disco', targets Cisco switches li...

    Read More »