Featured Story

Emotet malware attacks return after three-month break

Summary

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035 with a CVSS score of 10.0.

The vulnerability could allow a threat actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and potential remote code execution.

A cybercriminal group tracked as Storm-1175, known for deploying Medusa ransomware, was observed exploiting the vulnerability on September 11, 2025.

The threat actor abused RMM tools specifically SimpleHelp and MeshAgent for persistence, and successfully deployed Medusa ransomware in at least one compromised environment.

Other News

Oracle patches EBS zero-day exploited in Clop data theft attacks

Summary

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. :contentReference[oaicite:0]{index=0}

WhatsApp investment groups try to trap internet users

Summary

Scammers are creating fake WhatsApp “investment groups” promoted through ads on Facebook, Instagram, and TikTok.

They promise exclusive financial advice and quick profits but aim to steal victims’ money or personal information. These groups often use the logos of legitimate banks or media outlets to appear trustworthy.

Once users join, fake “experts” share charts and encourage members to invest or download malicious trading apps.