initial access – Experimental News Clipping Site

Microsoft Security Blog: Investigating targeted “payroll pirate” attacks affecting US universities

Oct 9, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Source: Microsoft Security Blog Title: Investigating targeted “payroll pirate” attacks affecting US universities Feedly Summary: Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed…

Cloud Blog: Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Oct 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation/ Source: Cloud Blog Title: Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Feedly Summary: Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor…

Microsoft Security Blog: Disrupting threats targeting Microsoft Teams

Oct 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Source: Microsoft Security Blog Title: Disrupting threats targeting Microsoft Teams Feedly Summary: Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps,…

Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…

Slashdot: Escalation in Akira Campaign Targeting SonicWall VPNs, Deploying Ransomware, With Malicious Logins

Sep 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/27/2055246/escalation-in-akira-campaign-targeting-sonicwall-vpns-deploying-ransomware-with-malicious-logins?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Escalation in Akira Campaign Targeting SonicWall VPNs, Deploying Ransomware, With Malicious Logins Feedly Summary: AI Summary and Description: Yes Summary: This text discusses a recent security incident involving the exploitation of a vulnerability in SonicWall SSL VPNs, leading to rapid ransomware deployment. The analysis highlights the critical need for…

Cloud Blog: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign/ Source: Cloud Blog Title: Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Feedly Summary: Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is…

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…

Cloud Blog: Cloud CISO Perspectives: How CISOs and boards can help fight cyber-enabled fraud

Aug 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-ciso-board-can-fight-cyber-enabled-fraud/ Source: Cloud Blog Title: Cloud CISO Perspectives: How CISOs and boards can help fight cyber-enabled fraud Feedly Summary: Welcome to the second Cloud CISO Perspectives for August 2025. Today, David Stone and Marina Kaganovich, from our Office of the CISO, talk about the serious risk of cyber-enabled fraud — and how CISOs…

Cloud Blog: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ Source: Cloud Blog Title: A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor Feedly Summary: Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the “Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community…

Cisco Talos Blog: UAT-7237 targets Taiwanese web hosting infrastructure

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/ Source: Cisco Talos Blog Title: UAT-7237 targets Taiwanese web hosting infrastructure Feedly Summary: Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. AI Summary and Description: Yes Summary: The text discusses the activities of UAT-7237, a Chinese-speaking advanced persistent…

Tag: initial access