Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Article Link: https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html
- In late September 2025, executives at multiple organizations received extortion emails claiming that sensitive data had been stolen from their Oracle E-Business Suite (EBS) systems. Investigations linked the emails to accounts formerly associated with the FIN11 threat group.
- Evidence later confirmed that the Cl0p ransomware gang was behind the campaign, exploiting a new zero-day vulnerability (CVE-2025-61882) in the BI Publishing Integration component of Oracle EBS (versions 12.2.3 to 12.2.14).
- Oracle acknowledged the exploitation of this critical remote code execution flaw, rated with a CVSS score of 9.8, and confirmed it was used alongside vulnerabilities patched in July 2025. Patches and indicators of compromise (IoCs) have been released to help organizations detect and remediate intrusions.
- Oracle rushed out a fix after confirming hackers were exploiting CVE-2025-61882, a flaw in its Concurrent Processing and BI Publisher Integration components that let attackers take control of systems remotely without logging in.
- Investigators believe the Cl0p group may have taken advantage of other weak spots too, and they’re telling companies to look back through their logs to see if intruders got in before updates were installed.
- Due to the critical nature of this zero-day, FRSecure experts recommend conducting a proactive threat hunt focused on detecting lateral movement within affected environments to identify potential compromises and contain ongoing attacker activity.
- CVE-2025-61882: https://nvd.nist.gov/vuln/detail/CVE-2025-61882
Nursery Hackers Threaten to Publish More Children’s Profiles Online
Article Link: https://www.bbc.com/news/articles/c07vxv8v89lo
- A group calling itself Radiant claims to hold pictures and private data on thousands of nursery children and families, after breaching the London-based Kido nursery chain, and has already posted 20 children’s profiles online.
- The criminals escalated into direct intimidation by phoning parents and pressuring them to force Kido to pay, an act described by Famly’s chief as “truly barbaric” and by a former National Cyber Security Centre head as “absolutely horrible.”
- Families in London say they feel violated and alarmed; investigators from the Metropolitan Police are now handling the case while officials stress the immediate risk of physical harm to children is very low.
- The attackers told the BBC they are motivated purely by money and have since cut contact; police warn families not to pay, while Famly insists its systems were not breached and other nurseries remain unaffected.
Hackers Nab FEMA, Customs and Border Protection Staff Data
Article Link: https://cybernews.com/security/fema-customs-border-protection-data-breach/
- A hacker infiltrated FEMA’s Region 6 networks, covering Arkansas, Louisiana, New Mexico, Oklahoma, and Texas, by using stolen Citrix logins. They remained inside for weeks, quietly siphoning data on FEMA and Customs and Border Protection staff.
- The breach, flagged in July, revealed FEMA’s weak safeguards, including missing multi-factor authentication, reliance on outdated systems, ignoring vulnerabilities, and limited visibility across its networks.
- Homeland Security warned those gaps gave the intruder free rein, putting agency operations and broader departmental systems in jeopardy.
- Internal notes also faulted Citrix for not disclosing the scale of the intrusion, leaving FEMA blindsided and turning the breach into a dangerous game of chance that the attacker won.
Sendit Sued by the FTC for Illegal Collection of Children Data
Article Link: https://www.bleepingcomputer.com/news/legal/sendit-sued-by-the-ftc-for-illegal-collection-of-children-data/
- The Federal Trade Commission has filed a complaint against Sendit’s parent company, Iconic Hearts Holdings Inc., and CEO Hunter Rice, accusing them of unlawfully collecting data from children under 13 and deceiving users with fake messages and misleading subscriptions.
- The FTC says Sendit violated the Children’s Online Privacy Protection Act by gathering phone numbers, birthdates, photos, and usernames from 116,000 U.S. children without parental consent.
- The lawsuit also claims the app tricked users into paying up to $9.99 a week for a “Diamond Membership” that falsely promised to reveal message senders but often provided generic or no information at all.
- The agency unanimously voted to refer the case to the Department of Justice (DoJ), stressing these are allegations that will now be decided in court. For Sendit, the gamble is whether its practices stand up under the bright lights of a federal trial.
Lawsuits against Boyd Gaming for recent data breach are piling up
- Boyd Gaming Corp. is now facing at least five lawsuits in Nevada federal court after a September breach exposing personal data. The newest four were filed Monday and follow an earlier case from last week. Together, they seek to form a class action covering thousands of employees, former staff, and customers.
- The complaints accuse Boyd of negligence, invasion of privacy, unjust enrichment, and breach of implied contract. Plaintiffs say Boyd knew about unauthorized activity as early as September 6 but withheld disclosure until weeks later.
- In a Form 8-K filing with the SEC on September 23, Boyd admitted attackers removed employee records and information tied to other individuals. Victims claim they only learned of the breach when letters arrived in the mail.
- Boyd operates 28 properties across 10 states and now faces the loss of trust from those affected. For many victims, the real sting is not just the data loss, but feeling like the company folded on its due diligence and due care to protect their personally identifiable information (PII) they had been entrusted with.
Cyberattacks Remain Big Threat for Tribes
Article Link: https://cdcgaming.com/cyberattacks-remain-big-threat-for-tribes/
- A new survey from the Tribal Information Sharing & Analysis Center shows tribal casinos and enterprises remain prime targets for cyberattacks, with ransomware dominating the threat landscape. Nearly a quarter of tribes reported actionable threats, and of those hit, 75 percent faced ransomware. Encouragingly, 77 percent refused to pay, reflecting stronger recovery planning.
- The survey, covering 89 tribes, revealed gaps in disaster recovery, business continuity, third-party oversight, and tabletop testing. Only 44 percent have ever run a tabletop exercise. Leaders warn that small IT teams, limited budgets, and rising use of artificial intelligence are giving attackers the upper hand.
- Recent closures underline the stakes. Kewadin Casinos in Michigan, Jackpot Junction in Minnesota, and Casino Del Sol in Arizona all suffered ransomware incidents in 2025 that disrupted operations and exposed customer data. Losses ran into the millions.
- While some tribes are now investing between $100,000 and $500,000 annually, and a few over $1 million, most remain underfunded. For many, the breach game feels like being forced into high stakes with a short stack, yet 73 percent expect to raise their bets on cybersecurity spending in 2026.
- Survey: https://tribalisac.org/wp-content/uploads/2025/09/THE-PULSE-9_15_25.pdf
Critical Infrastructure Operators Add More Insecure Industrial Equipment Online
Article Link: https://www.cybersecuritydive.com/news/industrial-control-systems-internet-exposed-vulnerabilities-bitsight/761122/
- Security firm Bitsight says nearly 200,000 industrial control systems are now exposed online, up 13 percent in a year, with the U.S., Italy, and Spain accounting for the largest share. The number is expected to surpass 200,000 before 2025 ends.
- Researchers stress this is not just a legacy issue. Newly deployed systems are going live with insecure protocols, weak or no authentication, and little effort to segment networks or shrink exposure.
- The flaws are not minor. Bitsight found severe flaws, including logic bombs, authentication bypasses, and remove code executions, some trivial to exploit and capable of disrupting fuel, water, and manufacturing systems.
- The exposure of fuel gauges without passwords illustrates the scale of weak oversight. Bitsight researchers are warning that reducing connectivity, enforcing authentication, and tightening segmentation are essential to limit risk.
- A note from FRSecure: Bitsight is known for keeping vendor risk analysis and attack surface records for its clients, but doesn’t disclose this information without a subscription or add-ons. Essentially, this can be viewed as using vendors’ vulnerability data to pressure organizations to sign up for their (quite expensive) tool. Our advice is to pursue tools and security partners with full disclosure processes that provide an attack surface verification process and recommended fixes through a consistent scanning and reporting cadence (i.e., monthly).
Police Seizes $439 million Stolen by Cybercrime Rings Worldwide
Article Link: https://www.bleepingcomputer.com/news/security/police-seizes-439-million-stolen-by-cybercrime-rings-worldwide/
- In a five-month sweep called Operation HAECHI VI, authorities from 40 countries across five continents seized more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crime.
- Investigators disrupted schemes including phishing calls, investment swindles, e-commerce fraud, romance scams, sextortion, business email compromise, and laundering tied to illegal online gambling. More than 68,000 bank accounts were frozen, and 400 cryptocurrency wallets confiscated.
- Key results included 45 arrests in Portugal for rerouting social security funds from vulnerable families and a Royal Thai Police action that intercepted $6.6 million transferred from a major Japanese corporation into accounts controlled by an organized crime group.
- With $400 million seized under HAECHI V in 2024 and $300 million under HAECHI IV in 2023, the rising totals reveal both the scale of criminal networks and the mounting importance of cross-border collaboration.
London Court Convicts Chinese Mastermind Behind £5bn Crypto Seizure
Article Link: https://hackread.com/london-court-convicts-chinese-crypto-seizure/
- London police have closed in on the “Bitcoin Queen,” Zhimin Qian, who pled guilty to laundering billions. They seized 61,000 Bitcoin worth £5.5 billion, the biggest crypto seizure in history.
- The heartless scam, run by Qian and Jian Wen (her already convicted dirty-rotten associate) in China, bamboozled 128,000 people with promises of huge profits. When it collapsed, she escaped with fake papers and hid the money in Bitcoin.
- In the UK, they tried to launder the crypto into houses and luxury goods, but police were smarter and used forensics to eventually find their financial hidey-holes.
- The plea’s done. She is now on standby for sentencing, with her fate in the judge’s hands. And the fight over who gets the billions, the UK or China, with both making claims to the money, remains.
