indicators of compromise – Experimental News Clipping Site

Cloud Blog: Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Oct 9, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation/ Source: Cloud Blog Title: Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Feedly Summary: Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor…

Cisco Talos Blog: Velociraptor leveraged in ransomware attacks

Oct 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ Source: Cisco Talos Blog Title: Velociraptor leveraged in ransomware attacks Feedly Summary: Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to…

Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…

Cisco Talos Blog: Family group chats: Your (very last) line of cyber defense

Oct 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/family-group-chats-your-very-last-line-of-cyber-defense/ Source: Cisco Talos Blog Title: Family group chats: Your (very last) line of cyber defense Feedly Summary: Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world. AI Summary and Description: Yes Summary: This text provides insights into current cybersecurity…

Cisco Talos Blog: UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

Oct 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/ Source: Cisco Talos Blog Title: UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud Feedly Summary: Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. AI Summary and Description: Yes **Summary:** The provided text…

Cloud Blog: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

Sep 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations/ Source: Cloud Blog Title: Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations Feedly Summary: Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al Background Protecting software-as-a-service (SaaS) platforms and applications requires a comprehensive security strategy. Drawing…

Microsoft Security Blog: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Sep 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/ Source: Microsoft Security Blog Title: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory Feedly Summary: Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. The post XCSSET evolves again: Analyzing…

Cloud Blog: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign/ Source: Cloud Blog Title: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Feedly Summary: Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is…

Cisco Talos Blog: Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response

Sep 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/stopping-ransomware-before-it-starts/ Source: Cisco Talos Blog Title: Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response Feedly Summary: Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin. AI Summary and…

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…

Tag: indicators of compromise