%term

CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)

Oct 6, 2025 By Counter Adversary Operations In CrowdStrike

CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications for the purposes of data exfiltration. CrowdStrike Intelligence assesses with moderate confidence that GRACEFUL SPIDER is likely involved in this campaign but cannot rule out the possibility that multiple threat actors have exploited CVE-2025-61882.

Read Post

CrowdStrike

Read more about CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)

Is This the Best Coding Model in the World? Claude Sonnet 4.5

Oct 6, 2025 By Snyk In Snyk

In this episode of our AI Coding Tools series, we test Claude Sonnet 4.5 to see if it can build a secure note-taking app. The model claims to be the best in the world — but does it live up to the hype? We’ll cover how it codes, where it shines (or struggles), and how it stacks up against other AI coding assistants.

View Video

Snyk

Read more about Is This the Best Coding Model in the World? Claude Sonnet 4.5

Alleged Cl0p Extortion Emails Linked to July 2025 Oracle E-Business Suite Vulnerabilities

Oct 3, 2025 By Andres Ramos In Arctic Wolf

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update. The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors.

Read Post

Arctic Wolf

Read more about Alleged Cl0p Extortion Emails Linked to July 2025 Oracle E-Business Suite Vulnerabilities

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

Oct 3, 2025 By Trustwave In Trustwave

A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. In this article, we look at CVE-2025-56383, discuss what developers are saying in the wild, and provide our experts’ take on the issue.

Read Post

Trustwave

Read more about Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

CTEM Solutions Explained How to Build a Stack

Oct 2, 2025 By SecuritySenses In SecuritySenses

Vulnerability numbers are spiraling. Compliance checklists and point scans cannot keep pace. Continuous Threat Exposure Management (CTEM) provides security leaders with a practical approach to identify and mitigate real attack paths in real-time. This article explains what CTEM is, the solutions that enable it, and how to build a stack that actually shrinks exposure instead of counting it. CTEM solves the eternal problem of vulnerability management (too many vulnerabilities to ever fix) with a continuous program to find, validate, and reduce exposures before adversaries can use them.

Read Post

SecuritySenses

Read more about CTEM Solutions Explained How to Build a Stack

Web Application Firewalls (WAFs): A false sense of security?

Oct 1, 2025 By Love Andrén In Outpost 24

Web application firewalls (WAF) is a protection mechanism to help block potential malicious requests before they can reach the application itself. Often this is implemented as a proxy, intercepting HTTP requests, analyzing them, and finally deciding on an action. While effective, over relying on it could lead to a false sense of security that allows attackers to exploit unresolved internal issues.

Read Post

Outpost 24

Read more about Web Application Firewalls (WAFs): A false sense of security?

API Attack Awareness: Broken Object Level Authorization (BOLA) - Why It Tops the OWASP API Top 10

Oct 1, 2025 By Wallarm In Wallarm

For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization (BOLA). BOLA vulnerabilities top the OWASP API Top Ten. And for good reason: they’re startlingly prevalent, remarkably easy to exploit, and can have devastating consequences. So, let’s explore what they are, why they matter, and how you can mitigate them.

Read Post

Wallarm

Read more about API Attack Awareness: Broken Object Level Authorization (BOLA) - Why It Tops the OWASP API Top 10

When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

Sep 30, 2025 By Nucleus Security In Nucleus

As AI use grows, so does its dependency on the energy grid remaining up and running. This makes the energy grid a more likely target for future attacks.

View Video

Nucleus

Read more about When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

How to Detect and Mitigate Zero-Day Vulnerabilities

Sep 30, 2025 By Daniel Ghillione In LevelBlue

Companies face more sophisticated, unpredictable cyber threats. Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising thousands of organizations. Stopping zero-day attacks is a top priority for security teams, requiring faster identification, detection, and mitigation to prevent damage. But how do these attacks work, and what practices really help?

Read Post

LevelBlue

Read more about How to Detect and Mitigate Zero-Day Vulnerabilities

Understanding the OWASP AI Maturity Assessment

Sep 29, 2025 By Josh Breaker-Rolfe In Tripwire

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity.

Read Post