Today’s threat landscape is dominated by a new extortion campaign linked to the Clop ransomware gang targeting Oracle E-Business Suite users and a significant security breach at Red Hat involving a compromised GitLab instance. CISA has also issued critical alerts, adding five actively exploited vulnerabilities to its KEV catalog that require immediate attention. This summary covers these top threats, along with new malware campaigns and critical hardware vulnerabilities you need to know about.
Top 5 Critical Security Alerts
- CISA Adds Five Known Exploited Vulnerabilities to Catalog: CISA has added five actively exploited vulnerabilities to its KEV catalog, including flaws in GNU Bash, Juniper ScreenOS, and Jenkins, requiring federal agencies to patch immediately. Read more
- Clop Ransomware Gang Linked to Oracle E-Business Suite Extortion Campaign: Google and Mandiant are tracking a new extortion campaign, likely by the Clop gang, targeting executives with emails claiming data theft from their Oracle E-Business Suite systems. Read more
- Red Hat Confirms Security Breach of GitLab Instance: Red Hat is investigating a security incident after an extortion group breached one of its GitLab instances, claiming to have stolen nearly 570GB of data from 28,000 internal repositories. Read more
- DrayTek Warns of Critical Remote Code Execution Bug in Vigor Routers: A critical vulnerability has been disclosed in several DrayTek Vigor router models that could allow remote, unauthenticated attackers to execute arbitrary code. Read more
- CISA Warns of Critical Flaw in Raise3D Pro2 Series 3D Printers: An ICS advisory from CISA highlights a critical (CVSS 8.8) authentication bypass vulnerability in Raise3D Pro2 printers, which could allow for data exfiltration. Read more
Threat Intelligence
- Android Spyware Campaigns Impersonate Signal and ToTok Messengers: New spyware campaigns dubbed ProSpy and ToSpy are luring Android users with fake Signal and ToTok messaging app plugins to steal sensitive data. Read more
- Chinese-Speaking Cybercrime Group UAT-8099 Targets IIS for SEO Fraud: Cisco Talos reports on UAT-8099, a cybercrime group focused on SEO fraud and stealing credentials and configuration data from high-value Microsoft IIS servers. Read more
- Confucius APT Deploys New Malware in Attacks on Pakistan: The Confucius cyber-espionage group has launched a new phishing campaign against Pakistani targets, utilizing malware such as WooperStealer and the Anondoor backdoor. Read more
- Malicious PyPI Package ‘soopsocks’ Delivered Backdoor to Windows Systems: A deceptive Python package named ‘soopsocks’ was downloaded over 2,600 times, installing a stealthy backdoor on Windows systems before being removed from the repository. Read more
Security Breaches & Incidents
- Japanese Brewer Asahi Halts Production After Cyberattack: Beverage giant Asahi is facing production and delivery disruptions following a significant cyberattack, leading to fears of shortages of its top-selling beer. Read more
- Georgia Tech Settles with DOJ Over Lax Cybersecurity Allegations: The Georgia Institute of Technology will pay $875,000 to resolve a False Claims Act lawsuit alleging it failed to meet cybersecurity requirements for federal defense contracts. Read more
Security Tools & Best Practices
- Microsoft Outlook to Block Inline SVG Images Used in Attacks: To counter emerging threats, Outlook for Web and the new Outlook for Windows will no longer render inline SVG images, which have been exploited by attackers. Read more
- Microsoft Defender Bug Causes Erroneous BIOS Update Alerts: Microsoft is addressing a bug in Defender for Endpoint that incorrectly flags BIOS firmware as outdated, causing false security alerts for system administrators. Read more
- Your Service Desk is the New Attack Vector: Here’s How to Defend It. Read more
Security Standards & Frameworks
- CISA Releases Two Industrial Control Systems Advisories: CISA published advisories for vulnerabilities in Raise3D Pro2 Series 3D Printers (CVE-2025-10653) and the Hitachi Energy MSM Product (CVE-2023-53155, CVE-2024-53429). Read more
