Tag: cybercrime
-
CISA Alerts on Oracle E-Business Suite 0-Day Actively Exploited for Ransomware Attacks
Tags: attack, business, cisa, cve, cyber, cybercrime, cybersecurity, exploit, infrastructure, oracle, ransomware, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Oracle E-Business Suite that cybercriminals are actively exploiting to deploy ransomware attacks against organizations worldwide. The vulnerability, tracked as CVE-2025-61882, poses an immediate threat to enterprises running Oracle’s widely-used business management software. Critical Vulnerability Enables Complete System…
-
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/
-
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/
-
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/
-
Microsoft Links ‘Active Exploitation’ Of GoAnywhere To Cybercrime Group
Microsoft disclosed Monday that it has observed “active exploitation” of a maximum-severity vulnerability impacting Fortra’s GoAnywhere file transfer platform. First seen on crn.com Jump to article: www.crn.com/news/security/2025/microsoft-links-active-exploitation-of-goanywhere-to-cybercrime-group
-
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra’s GoAnywhere file transfer tool. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-exploited-file-transfer
-
Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-critical-goanywhere-bug-exploited-in-ransomware-attacks/
-
Europol Calls for Stronger Data Laws to Combat Cybercrime
Europol’s Cybercrime Conference has warned that cybercriminals are exploiting new technologies faster than law enforcement can adapt First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/europol-calls-stronger-data-laws/
-
Inside the Hacker’s Playbook”, Adversarial AI Up Close
Jamie Levy, director of adversary tactics at Huntress, highlights a rare and revealing incident: a cybercriminal downloaded Huntress’ software, inadvertently giving defenders a front-row seat into how attackers are experimenting with artificial intelligence. For years, the industry has speculated that threat actors were using AI”, but speculation is not proof. This time, there was evidence.…
-
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. >>Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory CVE-2025-61882 to provide updates against additional potential exploitation that were discovered during our investigation.
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
The Guardian view on the Jaguar Land Rover cyber-attack: ministers must pay more attention to this growing risk | Editorial
Tags: attack, business, computer, conference, cyber, cybercrime, finance, government, risk, supply-chain, threatCybercriminals pose a seismic and increasingly sophisticated threat to businesses and national security. Yet Britain seems remarkably ill-preparedThe cause isn’t clear, but the impact has already been devastating. More than a month has passed since Jaguar Land Rover (JLR) was targeted in a cyber-attack that forced the car manufacturer to turn off computers and shut…
-
Cyberkriminalität: Zunehmende IT-Schwachstellen bedrohen Unternehmen
Cyberkriminalität hat sich in den vergangenen Jahren zunehmend zu einem der größten Risikofaktoren für Unternehmen, Behörden, aber auch Privatpersonen entwickelt. Der Blick auf die steigende Zahl der dokumentierten IT-Schwachstellen ist besonders besorgniserregend. Sie werden im zentralen System Common Vulnerabilities and Exposures (CVE) erfasst und weisen ein klares Wachstum auf. Im Jahr 2024 wurden an dieser……
-
Wirtschaft: Der finanzielle Schaden durch Cyberkriminalität steigt und steigt
Cyberkriminalität hat sich in den vergangenen Jahren zunehmend zu einem der größten Risikofaktoren für Unternehmen, Behörden, aber auch Privatpersonen entwickelt. Der Blick auf die steigende Zahl der dokumentierten IT-Schwachstellen ist besonders besorgniserregend. Parallel zur Zunahme der Sicherheitslücken explodieren die Schadenskosten. Während sich die Anzahl der IT-Schwachstellen zwischen 2019 und 2024 mehr als verdoppelte, stiegen die……
-
New XWorm V6 Variant Embeds Malicious Code into Trusted Windows Applications
In the constantly evolving world of cyber threats, staying informed is not just an advantage; it’s a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware, providing cybercriminals with a versatile toolkit for malicious activities. XWorm’s modular design is built around a core client and an array of specialized components…
-
GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors
On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into residential SOCKS5 proxies, enabling cybercriminals to bypass anti-fraud defenses and monetize infected hosts. The initial…
-
New ‘PointClick’ Phishing Kit Evades Security Filters to Deliver Malicious Payloads
A new toolkit named Impact Solutions has emerged on cybercrime forums, offering a comprehensive, user-friendly framework for crafting advanced phishing campaigns. By democratizing malware delivery, Impact Solutions empowers even low-skill threat actors to bypass both end users and conventional security filters, delivering malicious payloads via seemingly innocuous attachments. This article explores the mechanics of Impact…
-
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets reputable IIS servers in India, Thailand, Vietnam, Canada, and Brazil, focusing on organizations such as…
-
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets reputable IIS servers in India, Thailand, Vietnam, Canada, and Brazil, focusing on organizations such as…
-
Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns
In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links, attackers exploit users’ trust in established entities such as FedEx and Microsoft. Coupled with deceptively…
-
Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns
In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links, attackers exploit users’ trust in established entities such as FedEx and Microsoft. Coupled with deceptively…
-
Podcast: Digitale Beweissicherung, Cybercrime im Visier Forensik: Auf Spurensuche im digitalen Raum
First seen on security-insider.de Jump to article: www.security-insider.de/cloud-forensik-auf-spurensuche-im-digitalen-raum-a-5443f809eee51a215cb09fad96bab5b8/
-
Podcast: Digitale Beweissicherung, Cybercrime im Visier Forensik: Auf Spurensuche im digitalen Raum
First seen on security-insider.de Jump to article: www.security-insider.de/cloud-forensik-auf-spurensuche-im-digitalen-raum-a-5443f809eee51a215cb09fad96bab5b8/
-
Cybercriminals are trying to extort executives with data allegedly stolen through Oracle tool
Incident responders at Google are warning about an extortion campaign, possibly connected to the Clop gang, that targets executives with data that cybercriminals claim was stolen via an Oracle tool. First seen on therecord.media Jump to article: therecord.media/possible-clop-campaign-extortion-executives-stolen-data
-
Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories
The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat ‘s private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ‘s private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs often contain sensitive info, including infrastructure details,…
-
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/
-
Top Strategies for Effective and Secure Identity Risk Monitoring
Today, digital footprints are as significant as physical ones, which is why the importance of secure identity risk monitoring cannot be overstated. With the constant evolution of cyber threats, it’s crucial to implement robust strategies to protect not only personal but also professional identities from potential risks. As cybercriminals become more sophisticated, staying one step……
-
Top Strategies for Effective and Secure Identity Risk Monitoring
Today, digital footprints are as significant as physical ones, which is why the importance of secure identity risk monitoring cannot be overstated. With the constant evolution of cyber threats, it’s crucial to implement robust strategies to protect not only personal but also professional identities from potential risks. As cybercriminals become more sophisticated, staying one step……