Top News

• Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884

Link

TLP¹ : Green

• Massive multi-country botnet targets RDP services in the US

A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses.

Link

TLP¹ : Green

• SonicWall VPN accounts breached using stolen creds in widespread attacks

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials.

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly stolen from Harvard University.

Link

TLP¹ : Green

• Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP

Link

TLP¹ : Green

• Chinese hackers abuse geo-mapping tool for year-long persistence

Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell.

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• SimonMed Imaging discloses a data breach impacting over 1.2 million people

Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach.

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products.

Link

TLP¹ : Green

• New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds

Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including two-factor authentication (2FA) codes from Google Authenticator in under 30 seconds.

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• CrowdStrike Falcon Windows Sensor Vulnerability Let Attacker Delete Arbitrary Files

CrowdStrike has disclosed and released patches for two medium-severity vulnerabilities in its Falcon sensor for Windows that could allow an attacker to delete arbitrary files.

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Windows 10 Hits End of Life: 200 Million PCs Face Mounting Security Risks

Microsoft has officially ended support for Windows 10, affecting hundreds of millions of users worldwide. This decision comes nearly a decade after the operating system’s initial release and signals the end of free security updates, bug fixes, and technical support for the platform.

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp