Today’s security landscape is dominated by a critical, actively exploited Oracle Identity Manager zero-day vulnerability added to CISA’s KEV catalog. This summary also covers a stealthy campaign by the China-linked APT31 targeting Russian IT infrastructure, a massive data scraping incident affecting 3.5 billion WhatsApp accounts due to a flawed API, and a detailed investigation into a Qilin ransomware attack. These incidents highlight the immediate need for patching, heightened threat awareness, and robust incident response.
Top 5 Critical Security Alerts
- CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability: CISA has added a critical Oracle Identity Manager pre-authentication vulnerability (CVE-2025-61757), with a CVSS score of 9.8, to its KEV catalog due to active exploitation. Read more
- Cox Enterprises discloses Oracle E-Business Suite data breach: Cox Enterprises is notifying individuals of a data breach resulting from the exploitation of a zero-day vulnerability in its Oracle E-Business Suite. Read more
- China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services: The China-linked threat group APT31 has been targeting the Russian IT sector with long-term, undetected cyberattacks by leveraging cloud services. Read more
- WhatsApp API flaw let researchers scrape 3.5 billion accounts: A significant flaw in a WhatsApp contact-discovery API, which lacked proper rate limiting, enabled the scraping of 3.5 billion user phone numbers and associated personal data. Read more
- Piecing Together the Puzzle: A Qilin Ransomware Investigation: Huntress analysts successfully reconstructed a Qilin ransomware attack from a single endpoint, identifying rogue ScreenConnect access and the full execution path despite limited visibility. Read more
Threat Intelligence (APT, malware, ransomware)
- Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks: A new command-and-control platform named Matrix Push C2 is leveraging browser push notifications to conduct fileless phishing attacks across multiple operating systems. Read more
Security Breaches & Incidents
- Oops. Cryptographers cancel election results after losing decryption key.: An election conducted by the International Association for Cryptologic Research (IACR) had its results canceled after one of the three required decryption keys was irretrievably lost. Read more
Security Tools & Best Practices
- The privacy nightmare of browser fingerprinting: An analysis of browser fingerprinting techniques highlights the significant privacy risks involved, as these methods can track users across the web without relying on cookies. Read more
- Google denies ‘misleading’ reports of Gmail using your emails to train AI: Google has clarified that it does not use the content of users’ Gmail messages to train its Gemini AI model, stating that smart features are for personalization only. Read more
