A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025. The campaign, attributed to the notorious Clop ransomware group and linked to the financially motivated threat actor FIN11, exploited a zero-day vulnerability, CVE-2025-61882, to achieve unauthenticated […]
The post Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide appeared first on Cyber Security News.
Trustwave SpiderLabs researchers have identified a sophisticated banking trojan called Eternidade Stealer that spreads through WhatsApp hijacking and social engineering tactics. The malware, written in Delphi, represents a significant evolution in Brazil’s cybercriminal landscape, combining advanced contact harvesting with credential theft targeting financial institutions. The threat emerges from a multi-stage infection chain that begins with […]
The post New Malware Via WhatsApp Exfiltrate Contacts to Attack Server and Deploys Malware appeared first on Cyber Security News.
A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before it’s run, a bash script – also executed entirely in-memory – checks the system’s country setting and terminates if it indicates that the machine is located in specific regions. It also checks whether the machine is virtual … More →
The post MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices appeared first on Help Net Security.
Cybercriminals are rapidly embracing generative AI to transform the way they operate scams, making fraud operations faster, more convincing, and dramatically easier to scale. According to recent research, what once required months of work and specialized technical skills can now be accomplished in just a few hours by anyone with basic computer knowledge. The shift […]
The post GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams appeared first on Cyber Security News.
A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on underground hacking forums. Priced at $30,000, the exploit purportedly works on most Office file formats, including the latest versions, and affects fully patched Windows installations. […]
The post Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums appeared first on Cyber Security News.
You must login to view this content
Google has filed a complaint in court that details the scam:
In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”
These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. “Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses,” Google alleged. Kits include “hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website.”...
The post Scam USPS and E-Z Pass Texts and Websites appeared first on Security Boulevard.
You must login to view this content
You must login to view this content
Every click, post, and search leaves a data trail online — and it’s called a digital footprint. Digital footprints are a record of a person’s online activity across all websites, apps, and social media platforms. Whether you’re uploading photos, using your favorite streaming app, or simply browsing the web, you’re creating a lasting digital mark ...
The post What Are Digital Footprints? Understanding Your Online Identity appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post What Are Digital Footprints? Understanding Your Online Identity appeared first on Security Boulevard.
CISA released six Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.