MUST READ

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

 | 

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

 | 

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

 | 

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

 | 

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

 | 

Lazarus targets European defense firms in UAV-themed Operation DreamJob

 | 

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

 | 

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy

 | 

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

 | 

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

 | 

TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files

 | 

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

 | 

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

 | 

U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog

 | 

China-Linked Salt Typhoon breaches European Telecom via Citrix exploit

 | 

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

 | 

CVE-2025-61882

Pierluigi Paganini October 07, 2025
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first […]

Pierluigi Paganini October 06, 2025
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. “Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory – CVE-2025-61882 to provide updates against additional potential exploitation that were discovered during our investigation.” […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

Malware / October 26, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

Security / October 26, 2025

Security Affairs newsletter Round 547 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / October 26, 2025

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

Security / October 25, 2025

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

Security / October 25, 2025