This week's security landscape was marked by several significant vulnerabilities and emerging threats demanding immediate attention from security teams. High-severity CVEs across major enterprise platforms require prioritized patching to mitigate potential exploitation.
Top Security Stories
Critical Flaw in Oracle Identity Manager Under Exploitation
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.
Source: darkreading.com
Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise. The post Anatomy of an Akira Ransomware Attack: When a Fake C...
Source: unit42.paloaltonetworks.com
ClickFix attack uses fake Windows Update screen to push malware
New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside image...
Source: bleepingcomputer.com
Canon Says Subsidiary Impacted by Oracle EBS Hack
More than 100 alleged victims of the Oracle EBS campaign have been added to the Cl0p ransomware website. The post Canon Says Subsidiary Impacted by Oracle EBS Hack appeared first on SecurityWeek.
Source: securityweek.com
This hacker conference installed a literal antivirus monitoring system
Organizers had a way for attendees to track CO2 levels throughout the venue—even before they arrived.
Source: arstechnica.com
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability
CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek....
Source: securityweek.com
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for ...
Source: cisa.gov
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. [...]
Source: bleepingcomputer.com
Russian-linked Malware Campaign Hides in Blender 3D Files
Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain
Source: infosecurity-magazine.com
How an AI meltdown could reset enterprise expectations
In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industr...
Source: helpnetsecurity.com
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users...
Source: thehackernews.com
Aircraft cabin IoT leaves vendor and passenger data exposed
The expansion of IoT devices in shared, multi-vendor environments, such as aircraft cabins, has created tension between the benefits of data collaboration and the risks to passenger privacy, vendor in...
Source: helpnetsecurity.com
ISC Stormcast For Tuesday, November 25th, 2025 https://isc.sans.edu/podcastdetail/9714, (Tue, Nov 25th)
Source: isc.sans.edu
Shai-Hulud worm returns stronger and more automated than ever before
Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. The post Shai-Hulud worm returns stronger and more automated...
Source: cyberscoop.com
ShadowRay 2.0 Turns AI Clusters into Crypto Botnets
A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.
Source: darkreading.com
Critical Vulnerabilities (CVEs)
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2025-40547 | 9.1 | A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute cod... |
| CVE-2025-40548 | 9.1 | A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. ... |
| CVE-2025-40549 | 9.1 | A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to... |
| CVE-2025-41346 | 9.8 | Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their... |
| CVE-2025-41347 | 9.8 | Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to uploa... |
Published by RainCity Techworks
Techworks Blog