The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike.
WVSR-FM, owned by Bristol Broadcasting, announced on October 5, 2025, that it was experiencing a technical disruption in Charleston, West Virginia, potentially related to ransomware, impacting remote hosting, traffic systems, and phone services. By October 7, online streams for multiple stations were offline, and the cause of the disruptions remained unverified, with no identified threat actor as Bristol Broadcasting continued to broadcast over-the-air. submitted by /u/CatfishEnchiladas [link]...
Ransomware operators have shifted from opportunistic malware distribution to highly targeted campaigns that exploit legitimate software for stealth and persistence. Emerging in early 2025, several ransomware families began abusing popular remote access tools - such as AnyDesk and Splashtop - to establish footholds within enterprise networks. By hijacking or silently installing these utilities, adversaries bypass security controls that traditionally
A critical deserialization flaw in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet Admin Console, where a threat actor can forge a license response signature and bypass validation
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked. Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems. The vulnerability, carrying a maximum CVSS score of 9.8, affects the Business Intelligence Publisher (BI Publisher) Integration component and enables remote code execution
submitted by /u/CatfishEnchiladas [link] [comments]
The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month.
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
How attackers exploit exposed databases for extortion - and the defenses that work.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. - Oct. 6, 2025 - Read the full story from the United States Cybersecurity Institute (USCI) Ransomware is still the fastest-growing form of cybercrime. Far from slowing down, it's projected to cost nearly $275
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year.
Manufacturing executives recently surveyed by LevelBlue expressed a deep concern that emerging attack methods, such as deepfakes and AI-powered attacks, will be almost as likely as more traditional attacks like ransomware. We derived the information from a research-based survey conducted in January 2025, which included 220 C-suite and senior manufacturing executives. The complete survey results can be found in LevelBlue's newly released 2025 Spotlight Report: Cyber Resilience and Business...
PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively
Google is rolling out a wave of significant AI and security enhancements. Here's a quick breakdown of what's new: PROACTIVE RANSOMWARE & PASSWORD SECURITY: Google is taking security automation to the next level: For Google Drive: New AI-powered ransomware protection for Workspace users will now detect suspicious activity and automatically pause file syncing. This isolates the threat and prevents infected files from spreading to the cloud, allowing for a clean restore. For Google Password...
Following reports the Cl0p ransomware group has been extorting Oracle E-Business Suite customers, Oracle released an advisory for a zero-day that was exploited in the wild. Background Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed Oracle zero-day vulnerability that was exploited in the wild along with other recently patched vulnerabilities part of Oracle's initial investigation. FAQ What is the...
Hackers linked to the Cl0p ransomware group claim responsibility for the campaign. submitted by /u/rkhunter_ [link] [comments]