Weekly Exploit Roundup

Generated 2025-10-14T08:00:13.856609+00:00 (UTC)

1. Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign
   Source: Threat Intelligence | Published: 2025-10-09T14:00:00+00:00 | Score: 27.707
   Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. The actor began sending a high volume of emails to executives at numerous organizations, alleging the theft of sensitive data from the victims' Oracle E-Business Suite (EBS) environments. On Oct. 2, 2025, Oracle reported that the threat actors may have exploited vulnerabilities that were patched in July 2025 and recommended that customers apply the latest critical patch updates . On Oct. 4, 2025, Oracle directed customers to apply emergency patches to address this vulnerability, reiterating their standing recommendation that customers stay current on all Critical Patch Updates. Our analysis indicates that the CL0P extortion campaign followed months of intrusion activity targe
2. From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
   Source: The Hacker News | Published: 2025-10-10T09:34:00+00:00 | Score: 19.789
   Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products.
   The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
3. From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
   Source: The Hacker News | Published: 2025-10-10T11:42:00+00:00 | Score: 18.853
   Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025.
   The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious
4. New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
   Source: The Hacker News | Published: 2025-10-12T17:24:00+00:00 | Score: 18.051
   Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data.
   The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14.
   "Easily exploitable vulnerability allows an unauthenticated attacker with
5. Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
   Source: The Hacker News | Published: 2025-10-07T08:15:00+00:00 | Score: 17.107
   Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware.
   The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain
6. Harvard investigating breach linked to Oracle zero-day exploit
   Source: BleepingComputer | Published: 2025-10-13T11:14:21+00:00 | Score: 16.682
   Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers. […]
7. Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
   Source: The Hacker News | Published: 2025-10-09T06:57:00+00:00 | Score: 13.997
   Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites.
   The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the
8. Microsoft restricts IE mode access in Edge after zero-day attacks
   Source: BleepingComputer | Published: 2025-10-13T21:51:47+00:00 | Score: 13.198
   Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. […]
9. CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
   Source: The Hacker News | Published: 2025-10-10T06:41:00+00:00 | Score: 13.004
   Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday.
   "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of
10. Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data
    Source: SecurityWeek | Published: 2025-10-13T10:37:59+00:00 | Score: 12.664
    It’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild. The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek .

End of report.