Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past few days, we have been in direct contact with a hacker who goes by the alias Rose87168. He claims to have breached Oracle Cloud systems, specifically targeting Oracle WebLogic and Oracle Access Manager (OAM). The hacker has provided us with multiple files and data samples, including a tree file and a 10,000-line dataset, which allegedly contain sensitive configuration files, user authentication data, and directory structures from Oracle's infrastructure.

Recently, a new ransomware group, Anubis, has emerged, making its presence known on Twitter. The Foresiet Threat Intel team monitored their activity and observed a new ransomware operation being advertised on their account. The group updated their profile picture and began posting about their latest breaches. Through analysis of their communication patterns and language, Foresiet has determined that the operators behind Anubis likely belong to a Russian-speaking threat group.

The virtual world is ever-changing, as are the cybercriminals who continue to evolve in order to circumvent even the strongest security systems. The newest threat to hit the headlines is CoffeeLoader—a second-stage payload dropper designed to bypass endpoint security tools, digital forensic tools, and EDR (Endpoint Detection and Response) tools.

On April 3, 2025, the National Security Agency and other partner agencies released a critical advisory about DNS and Fast Flux. They even called it a national security threat due to the potential dangers involved. In this article, we’ll go over what Fast Flux is and how Sysdig Secure detects this attack technique. We’ll also cover gathering potential Fast Flux domain names from VirusTotal.

As the threat landscape continues to develop, ransomware and data broker groups constantly emerge, develop, and disband. Cyjax has observed a significant number of new data-leak sites (DLS) emerge in March 2025, with a total of 14 new sites. This is the highest observed number of extortion groups which have emerged in a single month. The second highest number was observed in September 2022, when 10 data-leak sites emerged. Overall, 21 DLSs have been identified in 2025 so far.

Leadership is the backbone of any successful operation, streamlining complex processes and ensuring that teams work with clarity and direction. In the fast-evolving world of threat intelligence, where vast amounts of data must be analysed and acted upon swiftly, strong leadership becomes even more crucial. As Stephen Covey said, “Effective leadership is putting first things first.

As cyber threats continue to exploit systemic vulnerabilities in widely used technologies, the United States Cybersecurity and Infrastructure Agency (CISA) produced best practices for the technology industry with their Secure-by-Design pledge. Cloudflare proudly signed this pledge on May 8, 2024, reinforcing our commitment to creating resilient systems where security is not just a feature, but a foundational principle.

Organisations face significant challenges in maintaining visibility over their expanding technology footprint. Attack surface management addresses the need to understand what technology assets exist, where they’re located, how vulnerable they are and how supply chains might impact security posture.