Tag: tactics

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation/ Source: Cloud Blog Title: Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Feedly Summary: Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor…

Cisco Talos Blog: Velociraptor leveraged in ransomware attacks

Oct 9, 2025

—

by

Source URL: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ Source: Cisco Talos Blog Title: Velociraptor leveraged in ransomware attacks Feedly Summary: Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to…

Slashdot: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach

Oct 8, 2025

—

by

Source URL: https://yro.slashdot.org/story/25/10/08/208202/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach Feedly Summary: AI Summary and Description: Yes Summary: Salesforce is facing an extortion demand from a crime syndicate that claims to have stolen approximately 1 billion records from various customers, highlighting vulnerabilities in user compliance and security…

Krebs on Security: ShinyHunters Wage Broad Corporate Extortion Spree

—

by

Source URL: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ Source: Krebs on Security Title: ShinyHunters Wage Broad Corporate Extortion Spree Feedly Summary: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they…

Microsoft Security Blog: Disrupting threats targeting Microsoft Teams

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Source: Microsoft Security Blog Title: Disrupting threats targeting Microsoft Teams Feedly Summary: Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps,…

Schneier on Security: AI-Enabled Influence Operation Against Iran

—

by

Source URL: https://www.schneier.com/blog/archives/2025/10/ai-enabled-influence-operation-against-iran.html Source: Schneier on Security Title: AI-Enabled Influence Operation Against Iran Feedly Summary: Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer…

Cisco Talos Blog: Too salty to handle: Exposing cases of CSS abuse for hidden text salting

—

by

Source URL: https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/ Source: Cisco Talos Blog Title: Too salty to handle: Exposing cases of CSS abuse for hidden text salting Feedly Summary: A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered…

Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

Oct 6, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…

Cloud Blog: 11 ways to reduce your Google Cloud compute costs today

Oct 6, 2025

—

by