cl0p
CL0P/FIN11 Go In-Memory on Oracle EBS — The Extortion Comes Later
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”
zero-day
zero-day
Signals Weekly: Zero-Days, Hijacked Payrolls & a Crypto Kingpin
This Week's Threat Intel Pulse: Oracle EBS zero-day exploited before patches dropped, Storm-1175 abuses GoAnywhere MFT, payroll hijackers hit US universities, ransomware crews weaponize Velociraptor, and a $15B Southeast Asian scam network faces global sanctions.
china
Will RedNovember be publicly reported to exploit at least one zero-day vulnerability in 2026?
RedNovember likely stays fast-follow on edge devices using N-days and public PoCs, not 0-days. China-nexus peers show willingness to burn edge 0-days, so a pivot is plausible but not base case...
unc5221
By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day?
Question: By Dec 31, 2025, will UNC5221 be publicly linked to exploiting at least one new zero-day in a non-Ivanti edge platform (e.g., VMware vCenter/ESXi, Citrix NetScaler, F5, Palo Alto, Fortinet)?
storm-2460
Storm-2460's Exploitation of Windows Zero-Day: Threat Actor similarity in focus.
Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-value industries.
vulns
Exploiting Zero-Days: APT34, APT28, and APT29 in Focus
Microsoft's January 2025 Patch Tuesday release addressed 159 vulnerabilities, including eight zero-day vulnerabilities, with three actively exploited in the wild.