Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) 2025-10-06 at 15:28 By Zeljka Zorz The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated […]
Oracle customers targeted with emails claiming E-Business Suite breach, data theft 2025-10-02 at 16:19 By Zeljka Zorz Unknown attackers claiming affiliation with the Cl0p extortion gang are hitting business and IT executives at various companies with emails claiming that they have exfiltrated sensitive data from the firms’ Oracle E-Business Suite (EBS). The email campaign According
Oracle customers targeted with emails claiming E-Business Suite breach, data theft Read More »
SonicWall adds rootkit removal capabilities to the SMA 100 series 2025-09-23 at 16:24 By Zeljka Zorz SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. The malware in question is the OVERSTEP user-mode rootkit, deployed by threat group UNC6148. The
SonicWall adds rootkit removal capabilities to the SMA 100 series Read More »
Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat
Salesloft Drift data breach: Investigation reveals how attackers got in Read More »
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »
Google unveils new AI and cloud security capabilities at Security Summit 2025-08-19 at 19:05 By Sinisa Markovic Google used its Cloud Security Summit 2025 today to introduce a wide range of updates aimed at securing AI innovation and strengthening enterprise defenses. The announcements span protections for AI agents, new tools for security operations centers, enhancements
Google unveils new AI and cloud security capabilities at Security Summit Read More »
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »
SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware 2025-07-16 at 17:02 By Eduard Kovacs A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit. The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware Read More »
US Insurance Industry Warned of Scattered Spider Attacks 2025-06-17 at 15:20 By Eduard Kovacs Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector. The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
US Insurance Industry Warned of Scattered Spider Attacks Read More »
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report 2025-06-16 at 18:20 By SecurityWeek News According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market. The post Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek. This article is
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report Read More »
Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites 2025-05-28 at 16:29 By Ionut Arghire Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites. The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites Read More »
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat 2025-04-25 at 16:32 By Kevin Townsend Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats. The post M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat appeared first on SecurityWeek. This article is an excerpt from
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat Read More »
Understanding 2024 cyber attack trends 2025-04-24 at 13:04 By Zeljka Zorz Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any other industry: 17.4%. Other popular
Understanding 2024 cyber attack trends Read More »
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle 2025-04-11 at 21:05 By Ryan Naraine The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek. This
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle Read More »
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools 2025-04-09 at 20:50 By Ryan Naraine Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators. The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek. This
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools Read More »
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows 2025-04-07 at 18:06 By Ryan Naraine Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant. The post Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows Read More »
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances 2025-04-03 at 20:17 By Ryan Naraine Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek. This article is an excerpt from
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances Read More »