Author: Staff Writer

Quick Takeaways CrowdStrike links the recent exploitation of CVE-2025-61882 in Oracle E-Business Suite to the Cl0p (Graceful Spider) group, with first known attack on August 9, 2025. The attack involves bypassing authentication through an HTTP request, uploading malicious XSLT templates, and establishing remote connections for web shells and persistence. Multiple vulnerabilities (at least five) are exploited in a sophisticated chain, using SSRF and CRLF injection techniques to achieve remote code execution. The vulnerability is now prioritized by CISA, with warnings of active Cl0p campaigns stealing data and deploying ransomware, urging urgent patching and security measures. Underlying Problem Recently, a critical…

Top Highlights Oracle has issued an emergency alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, exploited by the Cl0p ransomware group to conduct widespread attacks and extort victims. The flaw affects Oracle EBS versions 12.2.3–12.2.14, enabling remote code execution without authentication, with public exploits increasing the risk. Cl0p has successfully exploited this vulnerability to infiltrate enterprise systems, stealing data and launching ransomware campaigns, building on their history of targeting high-impact security flaws. Organizations are urged to prioritize immediate patching, monitor for suspicious activity, and review access logs to mitigate the threat posed by this high-severity vulnerability. What’s…

Essential Insights Effective management of Non-Human Identities (NHIs) is crucial for cybersecurity, involving monitoring, securing credentials, and understanding behaviors to prevent breaches. Bridging the gap between security and R&D teams by integrating security into the development lifecycle enhances protection and minimizes vulnerabilities. Advanced strategies like real-time threat detection, machine learning analytics, and automation are vital for proactive NHI security amidst evolving cyber threats. Future-proof NHI management requires adopting emerging technologies, ensuring compliance (e.g., SOC 2), and maintaining agility to address increasing complexity and regulatory demands. Key Challenge The article, reported by security expert Alison Mack from Entro, underscores the growing…

Essential Insights The Cl0p ransomware group exploited multiple vulnerabilities, including a new critical zero-day (CVE-2025-61882), in Oracle’s E-Business Suite to access corporate data and conduct extortion campaigns targeting executives. CVE-2025-61882, a highly severe (9.8/10 CVSS) remote code execution flaw affecting Oracle EBS versions 12.2.3 to 12.2.14, was exploited in the wild, leading to data theft and extortion attempts. Oracle urgently recommends EBS customers apply the latest security patches; the zero-day attack involves the BI Publisher component and has already facilitated data breaches linked to Cl0p. Cl0p’s extortion tactics include emails from compromised accounts threatening to sell or publish stolen data…

Fast Facts Wiz announces Zeroday.Cloud, a hacking contest offering $4.5 million in bug bounties, with live exploits demonstrated at Black Hat Europe, in collaboration with AWS, Google Cloud, and Microsoft. The competition covers six categories—AI, Kubernetes, containers, web servers, databases, and DevOps—with substantial rewards up to $300,000 for high-impact vulnerabilities like exploits in Nginx and Kubernetes API. Participants must demonstrate full system compromise, such as container/VM escapes or 0-click RCEs, with entry deadlines by December 1 and live demos scheduled for December 10-11. The event faces controversy as Trend Micro’s ZDI claims Wiz copied parts of its rules, amid high…

Top Highlights Red Hat experienced a data breach involving the theft of approximately 570GB of data, including sensitive customer engagement reports (CERs), which impacted its GitLab instance used for consulting. The ShinyHunters gang, collaborating with Crimson Collective and Scattered Lapsus$ Hunters, is now publicly extorting Red Hat through a new leak site, threatening to release the stolen data on October 10th unless ransom is paid. Evidence suggests ShinyHunters operates as an “Extortion-as-a-Service” (EaaS), working with various threat actors to monetize stolen data, with a revenue share model reportedly around 70-75%. Besides Red Hat, ShinyHunters has targeted other companies like SP…

Quick Takeaways DNS is a primary attack vector: Attackers exploit DNS traffic, which is universally trusted and allowed through firewalls, to conduct data exfiltration, command-and-control (C2) communications, and malware delivery, bypassing traditional security measures. DNS tunneling and hidden communications: Malicious actors encode stolen data into DNS queries and responses, enabling covert exfiltration, while malware often uses DNS responses (like TXT records) to receive instructions, making detection challenging. Protection requires advanced DNS security: Implementing Protective DNS services that utilize threat intelligence can detect and block malicious DNS requests, preventing attacks before connections are established. Education and awareness are crucial: Recognizing DNS’s…

Quick Takeaways Urgent Warning for Oracle EBS Users: Immediate patching, aggressive threat hunting, and tighter controls are critical to defend against expected mass exploitation. Rapid Exploitation Likely: Multiple cyber groups are anticipated to rapidly exploit vulnerabilities within days of the alert. Targeted Systems: Critical enterprise systems such as ERP, finance, and HR are prime targets for attackers seeking sensitive data. Entry Points for Attacks: Attackers often exploit admin credentials and third-party connectors like VPNs, middleware, and API accounts with open access. The Core Issue A recent warning underscores the urgency for organizations using Oracle E-Business Suite (EBS) to act swiftly…

Top Highlights Asahi Group Holdings experienced a ransomware cyberattack affecting its systems in Japan, with ongoing investigations into potential data breaches. System disruptions have paused order and shipment processes, prompting partial manual operations and efforts to resume customer services gradually from October 6. The company has prioritized safeguarding critical data and swiftly isolating affected systems to prevent further damage, while external cybersecurity experts assist recovery. The incident’s impact on Asahi’s financial results for FY2025 is under review, with no clear timeline for full system restoration yet provided. The Core Issue The Asahi Group Holdings, a leading Japanese beermaker, announced that…

Summary Points Cybercrime Group UAT-8099: A Chinese-speaking group engaging in SEO fraud, targeting Microsoft IIS servers for high-value credentials, primarily affecting mobile users in countries like India, Thailand, and Brazil. Attack Mechanism: Exploits vulnerabilities in IIS servers, using web shells and tools like Cobalt Strike to escalate privileges and maintain control over compromised hosts. Persistent Threat: UAT-8099 employs techniques to secure access through RDP and VPNs, deploying tailored BadIIS malware to evade detection and manipulate search engine rankings. SEO Manipulation Strategy: Utilizes backlinking methods to improve website visibility, enhancing their fraudulent activities while risking penalties from Google for low-quality backlink…