-
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. “This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. “Users unknowingly
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
State-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber warfare unit, may be operating jointly a development with profound implications for global security. Russia […]
The post Russian and North Korean Hackers Forge Global Cyberattack Alliance appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Delta Dental of Virginia, a non-profit dental benefits organization based in Roanoke, has announced a significant data breach affecting approximately 145,918 individuals. The unauthorised access to an external system exposed sensitive personal information, marking one of the more substantial healthcare data incidents affecting Virginia residents this year. The security breach occurred on March 21, 2025, […]
The post Major Data Breach at Delta Dental of Virginia Hits Over 146,000 Customers’ Info appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Five newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal, hijack tags, and even achieve remote code execution all of which risk the very foundation […]
The post Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS).
The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon on its dark web leak site, publishing the company’s domain alongside other alleged victims.
While the listing on the leak site raised concerns about a massive data breach, Canon clarified that the impact was contained. The camera and imaging giant stated that the compromise affected only a specific environment within one of its subsidiaries.
According to the company, the attackers did not encrypt the broader network or disrupt global operations, which distinguishes this incident from the devastating Maze ransomware attack Canon suffered in 2020.
Canon’s security team detected the intrusion and immediately isolated the affected systems. In a statement shared with SecurityWeek, the company emphasized that the breach did not spread beyond a web server operated by a Canon U.S.A., Inc. subsidiary.
The rapid containment likely prevented the theft of sensitive customer data or intellectual property, which the Clop group often seeks for extortion.
“We have confirmed that the incident only affected the web server, and we have already taken security measures and resumed service,” Canon said. “In addition, we are continuing to investigate further to ensure that there is no other impact”.
The Oracle EBS Zero-Day Exploit
The vulnerability used in this campaign is tracked as CVE-2025-61882, a critical security flaw in Oracle E-Business Suite. This zero-day allowed unauthenticated attackers to execute arbitrary code remotely on vulnerable servers.
Security researchers discovered that Clop affiliates, tracked as Graceful Spider, began exploiting this flaw as early as August 2025 to plant web shells and exfiltrate data before Oracle could issue a patch in October.
Detail Description CVE ID CVE-2025-61882 CVSS Score 9.8 (Critical) Affected Product Oracle E-Business Suite (EBS) Affected Versions 12.2.3 through 12.2.14 Vulnerability Type Unauthenticated Remote Code Execution (RCE) Exploit Vector Network (No user interaction required) This incident is part of a larger “move-it-style” extortion wave where Clop leveraged the zero-day to breach nearly 30 organizations. Instead of deploying encryption malware immediately, the group focused on data theft and subsequently sent extortion emails to executives starting in late September 2025.
These emails threatened to leak stolen documents unless a ransom was paid. The group’s leak site currently lists domains, including Canon, suggesting these entities were successfully compromised during the automated exploitation phase.
Indicators of Compromise (IoCs)
Indicator Type Value Description IPv4 Address 200.107.207.26 Malicious command and control (C2) IP IPv4 Address 185.181.60.11 Observed exploitation source IP SHA256 Hash 76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d Malicious zip archive containing exploit tools SHA256 Hash 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b Python script used for server-side exploitation File Name FileUtils.java Malicious web shell downloader Security teams are advised to scan their Oracle EBS environments for these indicators and apply the official patches immediately to prevent further unauthorized access.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, including LummaC2 and Rhadamanthys, through a deceptive social engineering technique that tricks users into executing commands via the Windows Run prompt. […]
The post ClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security Update appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SitusAMC, a major player in the real estate and finance services sector, disclosed a significant data breach on November 12, 2025, that compromised sensitive corporate information. The incident resulted in unauthorized access to client accounting records, legal agreements, and potentially customer data, marking a serious security incident for the financial services provider. Investigation and Containment […]
The post Retail Finance Giant SitusAMC Hit by Breach Exposing Confidential Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been identified in Apache Syncope that could allow attackers to decrypt stored passwords if they gain access to the internal database. The flaw stems from the use of a hardcoded default AES encryption key, which undermines the password protection mechanism designed to keep sensitive user credentials secure. The vulnerability affects multiple […]
The post Apache Syncope Flaw Lets Attackers Access Internal Database Content appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to […]
The post Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials.
The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an incorrect default configuration in Vault’s Terraform Provider.
Specifically, the provider set the deny_null_bind parameter to false by default for the LDAP authentication method.
HashiCorp Vault Vulnerability
This misconfiguration created a dangerous security gap because the underlying LDAP server permitted unauthenticated connections.
When exploited, this vulnerability allows threat actors to authenticate to Vault without providing legitimate credentials.
This authentication bypass poses significant risks to organizations storing sensitive secrets, encryption keys, and other critical data in Vault.
CVE ID Affected Products Affected Versions Impact CVE-2025-13357 Vault Terraform Provider v4.2.0 to v5.4.0 Authentication Bypass HashiCorp has released fixes addressing this vulnerability. Organizations should take the following actions:
Update to Vault Terraform Provider v5.5.0, which correctly sets the deny_null_bind parameter to true by default.
Additionally, upgrade to Vault Community Edition 1.21.1 or Vault Enterprise versions 1.21.1, 1.20.6, 1.19.12, or 1.16.28.
Ensure the deny_null_bind parameter is explicitly set to true in LDAP auth method configurations.
Organizations using older provider versions should explicitly set the parameter in their Terraform files and apply the changes immediately.
The patched Vault versions no longer accept empty password strings, effectively preventing unauthenticated LDAP connections via the authentication method.
HashiCorp has announced that this outdated parameter will be removed in future releases. This vulnerability was identified by a third-party researcher who responsibly disclosed it to HashiCorp.
Organizations using Vault with LDAP authentication should prioritize applying these security updates to protect their infrastructure from potential exploitation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
