1010.cx

  • Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers

    ·

    , , ,

    Oracle has disclosed two critical vulnerabilities in its E-Business Suite’s Marketing product that could hand full control to remote attackers.

    Dubbed CVE-2025-53072 and CVE-2025-62481, these flaws affect the Marketing Administration component and carry a perfect storm CVSS score of 9.8, marking them as among the most severe threats disclosed this year.

    Organizations relying on Oracle’s suite for customer relationship management and marketing automation now face urgent patching needs to avert potential data breaches and system takeovers.

    The vulnerabilities stem from weaknesses in how the Marketing Administration handles HTTP requests. An unauthenticated attacker needs only network access, no special privileges, or user interaction to exploit them.

    Once triggered, the flaws enable full compromise of the Oracle Marketing module, granting attackers high-level access to confidentiality, integrity, and availability.

    This could mean stealing sensitive customer data, altering marketing campaigns, or disrupting operations entirely.

    In today’s threat landscape, where ransomware groups and nation-state actors hunt for easy entry points, such exposures in widely used ERP systems like Oracle E-Business Suite amplify the danger.

    Details Of The Flaws

    Both CVEs target versions 12.2.3 through 12.2.14 of Oracle Marketing, with no mitigations in place beyond applying the latest security patches.

    Oracle’s advisory highlights that the issues remain unchanged from initial assessments, underscoring their straightforward exploitability.

    The CVSS 3.1 vector for each (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) breaks down to network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and high impacts across all categories.

    CVE IDComponentAttack VectorRequires Auth?CVSS 3.1 ScoreAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability ImpactAffected Versions
    CVE-2025-53072Marketing AdministrationHTTP (Network)No9.8LowNoneNoneUnchangedHighHighHigh12.2.3-12.2.14
    CVE-2025-62481Marketing AdministrationHTTP (Network)No9.8LowNoneNoneUnchangedHighHighHigh12.2.3-12.2.14

    These entries reveal a pattern: identical scoring and vectors suggest related coding errors, possibly in input validation or session handling, though Oracle has not released specifics to avoid aiding attackers.

    Mitigations

    The disclosure arrives amid a surge in supply chain attacks targeting enterprise tools, echoing recent breaches at companies like Cisco and Microsoft.

    For businesses in retail, finance, or e-commerce where Oracle E-Business Suite powers core marketing functions, these vulnerabilities could expose terabytes of customer profiles to theft or manipulation, leading to regulatory fines under GDPR or CCPA.

    Oracle urges immediate patching via its Critical Patch Update for October 2025, available on My Oracle Support.

    In the interim, experts recommend network segmentation, web application firewalls tuned for HTTP anomalies, and monitoring for unusual Marketing Administration traffic.

    Cybersecurity firms like Mandiant warn that exploit code may surface soon on dark web forums, given the high incentive.

    As enterprises scramble, this incident highlights the need for proactive vulnerability management in legacy systems. With no evidence of active exploitation yet, the window for defense remains open but it’s narrowing fast.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories

    ·

    , , ,

    Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to handle exabytes of unstructured data for AI, high performance computing, analytics, media streaming, enterprise backup, and IoT ingestion, Blob Storage has become an attractive vector for sophisticated campaigns aiming to […]

    The post Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion

    ·

    , ,

    SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By adopting an “EtherHiding” pattern, the malware retrieves encrypted C2 details from smart contracts through Ethereum RPC calls, decrypts the payload in memory, and initiates contact—all while blending in with legitimate […]

    The post SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data

    ·

    , , ,

    Cybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns and business email compromise attacks. Security researchers across the industry are sounding the alarm as malicious actors leverage this trusted pathway to bypass authentication checks and deliver convincing internal-looking messages […]

    The post Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Bridging the Remediation Gap: Introducing Pentera Resolve

    ·

    From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What’s missing is a system of action. How do you transition from the

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

    ·

    Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions

    ·

    , , ,

    In September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation campaign by a Chinese-speaking threat actor. Using this method, the attackers installed a malicious IIS module named TOLLBOOTH, deployed a Godzilla-forked webshell framework, leveraged the GotoHTTP remote monitoring and management […]

    The post Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams

    ·

    , , ,

    Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal.

    Varonis found that Azure’s safeguards, designed to block reserved names for cross-tenant apps, could be bypassed using invisible Unicode characters.

    By inserting characters like the Combining Grapheme Joiner (U+034F) between letters such as “Az͏u͏r͏e͏ ͏P͏o͏r͏t͏a͏l”, attackers created apps that appeared legitimate on consent screens.

    This trick worked with over 260 such characters, including those in ranges like U+FE00 to U+FE0F. The ploy exploited the fact that many Microsoft apps lack verification badges, leading users to overlook warnings about third-party origins.

    Azure applications, essentially software entities that integrate with Azure services, rely on user consent for permissions. Delegated permissions let apps act on a user’s behalf, accessing emails, files, and more, while application permissions grant standalone access.

    When abused, these become potent attack vectors for initial access, persistence, and privilege escalation in Microsoft 365 environments.

    Phishing Tactics Fuel The Threat

    Varonis zeroed in on initial access methods, particularly illicit consent grants and device code phishing. In the former, phishing emails lure victims to fake file links that redirect to a consent page.

    Once approved, attackers snag access tokens without needing passwords, granting them the victim’s resource privileges.

    Device code phishing takes it further: Attackers generate a verification URI and code for a malicious app, tricking users into entering it on a legitimate-looking site. The attacker then polls for the token, hijacking the session.

    These techniques thrive on deception. Consent pages for the spoofed apps displayed convincingly, especially when paired with Azure icons.

    Forum discussions reveal users routinely dismissing “unverified” alerts, assuming they’re safe from Microsoft itself.

    Prohibited names tested included staples like “Microsoft Teams,” “Power BI,” and “OneDrive SyncEngine,” underscoring the scope of potential impersonations.

    Varonis disclosed the issues promptly; Microsoft fixed the initial Unicode bypass in April 2025 and a broader set in October 2025.

    No customer action is required, as the updates safeguard tenants automatically. Still, experts urge organizations to monitor app consents rigorously, enforce least-privilege permissions, and educate users on phishing red flags.

    This episode reinforces the need for layered defenses in cloud environments. As attackers evolve, so must vigilance lest a seemingly benign app consent unlock the door to chaos.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data

    ·

    , , , ,

    In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and their focus […]

    The post Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums

    ·

    , ,

    Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials.

    First detected in late September, the malware exploits phishing emails containing malicious Word documents.

    Upon opening, the embedded macro downloads the ransomware binary from a compromised server. Victims report file encryption using a mix of AES-256 for file payloads and RSA-2048 for key exchange, rendering data inaccessible without the private key.

    Dark Web Informer analysts noted that Monolock’s initial deployments targeted small to mid-sized organizations in healthcare and manufacturing sectors.

    The operators demand payment in cryptocurrency, instructing victims to access a Tor-hosted payment portal. This portal automatically verifies the transaction and supplies the decryption key.

    Early samples reveal a ransom note that offers a 10 percent discount if paid within 48 hours.

    In controlled environments, researchers identified that Monolock terminates processes associated with common backup and security software before encryption begins.

    It scans running services for patterns matching “backup,” “sql,” and “vss,” then kills them to prevent snapshot restores.

    After encryption, it appends the extension “.monolock” to filenames and leaves a ransom note named “README_RECOVER.txt” in each directory.

    Persistence and Evasion

    Monolock’s infection mechanism embeds itself into the Windows registry under the Run key, ensuring execution at boot.

    The malware binary disguises as a legitimate DLL and injects into explorer.exe to evade detection.

    It uses API hashing to locate required Windows functions dynamically, complicating static signature matching.

    A snippet of the API-hashing routine demonstrates this tactic:-

    DWORD hash = 0xA1B2C3D4;
for (char* p = moduleName; *p; ++p) {
    hash = ((hash << 7) | (hash >> (32 - 7))) ^ *p;
}

    By leveraging this routine, Monolock avoids importing functions by name, hindering many endpoint detection tools.

    This advanced evasion underscores the need for behavior-based monitoring to detect such threats.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶