Ticker feed

A Chinese cybercrime group called UAT-8099 is hijacking web servers at universities, tech companies, and telecom providers worldwide to run a sophisticated dual-purpose operation. The hackers exploit vulnerable Internet Information Services (IIS) servers, then install "BadIIS" malware that floods search engines with gambling-related spam terms while redirecting unsuspecting users to illegal gambling sites.

The attack is particularly clever because legitimate visitors see nothing unusual, making it nearly invisible to website owners. Meanwhile, the hackers steal sensitive data including credentials and certificates for future attacks or dark web sales.

Victims span multiple countries including Brazil, Canada, India, Thailand, and Vietnam. Security experts warn that the same vulnerabilities could be exploited for more damaging attacks like credential theft or website defacement.

Source: Dark Reading

Japan's most popular beer brand Asahi could run out within hours after a cyber attack on Monday shut down dozens of factories nationwide. The breach disabled ordering and delivery systems, forcing supermarkets and izakayas (Japanese pubs) to face potential shortages.

One wholesaler expects to exhaust beer kegs by Saturday, while Tokyo izakaya owner Akira Kudo already can't get one of his regular Asahi brands. The company suspended launches of new products including soft drinks and coffee.

Asahi executives are working with police to investigate possible ransomware, stressing no customer data leaked. With Japanese consumers drinking 34.5 liters of beer annually and Asahi commanding fierce loyalty, retailers fear panic buying as they consider stocking alternative brands.

Source: Sky News

Oracle confirmed that customers using its E-Business Suite software have received extortion emails claiming sensitive data theft. The company's investigation suggests attackers exploited known vulnerabilities that were patched in Oracle's July 2025 Critical Patch Update, which fixed around 200 flaws.

Google Threat Intelligence and Mandiant researchers discovered the extortion campaign, with emails allegedly coming from the notorious Cl0p cybercrime group and sent from accounts linked to FIN11. While researchers haven't verified the hackers' theft claims, both groups have previously targeted enterprise software vulnerabilities.

Oracle's July update addressed nine E-Business Suite vulnerabilities, including three remotely exploitable flaws without authentication and three high-severity issues. This follows Oracle's earlier admission that hackers stole data from a legacy cloud environment.

Source: SecurityWeek

Phishing attacks are rapidly shifting from email to mobile platforms, with 41% of incidents now using multichannel tactics including SMS (smishing), voice calls (vishing), and QR codes (quishing). These mobile-first attacks bypass traditional email security defenses that enterprises spend millions on annually.

The three fastest-growing attack methods all target mobile devices directly. Smishing uses text messages disguised as trusted contacts or urgent alerts. Vishing employs spoofed phone calls from fake executives or IT departments. Quishing tricks users into scanning malicious QR codes that feel routine and safe.

While the global email security market is expected to grow from $5.17 billion to $10.68 billion by 2032, mobile security investment remains minimal. This creates a dangerous blind spot as attackers exploit the human layer where users are most distracted and vulnerable on their phones.

Source: Dark Reading

Cybercriminals calling themselves Radiant have deleted stolen data from thousands of children at UK-based Kido nurseries after facing widespread criticism from both the public and fellow hackers. The gang had demanded £600,000 in bitcoin from Kido but removed the sensitive information from their extortion website following a backlash.

Even other criminals on underground forums told Radiant to stop targeting children, with one hacker writing "reputation important, don't attack child right." The group apologized, saying "We are sorry for hurting kids" and confirmed all data on under-19s had been deleted.

Cybersecurity experts say the move wasn't kindness but damage control, as targeting children hurt the group's credibility in criminal circles.

Source: The Guardian

Cybercriminals claiming ties to the notorious Cl0p ransomware group are extorting executives at numerous companies, alleging they've stolen sensitive data from Oracle E-Business Suite systems. The campaign began around September 29, using hundreds of compromised email accounts linked to the FIN11 cybercrime gang.

Google's Threat Intelligence Group and Mandiant are investigating but can't yet verify the hackers' claims. Oracle E-Business Suite is used by thousands of organizations worldwide to manage business operations, making this a potentially massive security incident.

Both Cl0p and FIN11 have history with similar attacks, previously exploiting zero-day vulnerabilities in MOVEit, Cleo, and other file transfer tools to steal data from millions of users across thousands of companies.

Source: SecurityWeek

A Chinese state-sponsored group called 'Phantom Taurus' has been conducting sophisticated espionage operations against government and telecommunications organizations across Africa, the Middle East, and Asia for over two years. What makes this group unique is their use of unconventional tactics that differ from typical Chinese hacking methods, helping them stay under the radar.

The hackers recently deployed Net-Star, a powerful .NET malware suite that targets IIS web servers through three backdoors, including one that operates entirely in computer memory. They're particularly interested in diplomatic communications and defense intelligence, often timing their attacks around major global events. The group has successfully infiltrated email servers and databases at high-value targets like foreign ministries and embassies.

Source: Security Week

A devastating zero-day vulnerability (CVE-2025-20333) is being actively exploited across thousands of Cisco firewalls worldwide. With a CVSS score of 9.9, this buffer overflow flaw lets authenticated attackers execute code with root privileges on Cisco ASA and FTD devices.

Over 48,800 unpatched systems were identified on September 29, with the US most affected. The vulnerability targets VPN web servers that millions of organizations use for remote access. Attackers need valid VPN credentials, then send malicious HTTP requests to gain complete firewall control.

Cisco confirms no workarounds exist and urges immediate patching. A second bug (CVE-2025-20362) allows unauthorized VPN access, making the situation worse.

Source: Cyber Security News

The Department of Homeland Security and CISA have kicked off Cybersecurity Awareness Month 2025 with the theme "Building a Cyber Strong America." The campaign targets state and local governments, small businesses, and supply chain partners to protect essential services like water, power, and communications.

Homeland Security Secretary Kristi Noem emphasized that "bad actors are trying to steal information, sabotage critical infrastructure" daily. Acting CISA Director Madhu Gottumukkala stressed protecting small businesses and local governments that "facilitate the systems and services that sustain us every day."

The launch coincides with CISA's Emergency Directive addressing critical Cisco security flaws and a new advisory highlighting federal agency cybersecurity gaps, including unpatched vulnerabilities and untested incident response plans.

Source: Industrial Cyber

Cybercriminals are targeting Ukrainian government entities with fake emails pretending to be from the National Police of Ukraine. The attacks use malicious SVG files that look like official legal notices, warning recipients of potential legal action if ignored.

When victims open the attachment, they're redirected to download a password-protected file that installs two dangerous programs: Amatera Stealer, which harvests passwords and cryptocurrency wallets from browsers and apps like Telegram, and PureMiner, which secretly mines cryptocurrency using the victim's computer.

Fortiguard Labs researchers discovered this "fileless" attack chain, which avoids detection by loading malware directly into memory rather than saving files to disk. The campaign represents another wave of cyberattacks targeting Ukraine since Russia's 2022 invasion.

Source: Dark Reading