TECHZONE™

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that facilitates

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations https://thehackernews.com/2025/10/new-report-links-research-firms-bieta.html A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the

5 Critical Questions For Adopting an AI Security Solution https://thehackernews.com/2025/10/5-critical-questions-for-adopting-ai.html In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More https://thehackernews.com/2025/10/weekly-recap-oracle-0-day-bitlocker.html The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers https://thehackernews.com/2025/10/chinese-cybercrime-group-runs-global.html Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files https://thehackernews.com/2025/10/zimbra-zero-day-exploited-to-target.html A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and aimed

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer https://thehackernews.com/2025/10/detour-dog-caught-running-dns-powered.html A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads https://thehackernews.com/2025/10/rhadamanthys-stealer-evolves-adds.html The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL https://thehackernews.com/2025/10/researchers-warn-of-self-spreading.html Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has been observed to

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security https://thehackernews.com/2025/10/product-walkthrough-how-passwork-7.html Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It's also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware https://thehackernews.com/2025/10/confucius-hackers-hit-pakistan-with-new.html The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact https://thehackernews.com/2025/10/automating-pentest-delivery-7-key.html Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware https://thehackernews.com/2025/10/google-mandiant-probes-new-oracle.html Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or