Major Incidents or Breaches

  • Oracle has issued a security alert for a newly discovered vulnerability in its E-Business Suite, which could allow attackers to access sensitive data without authentication.

Newly Discovered Vulnerabilities

  • A security flaw affecting Oracle E-Business Suite has been identified, permitting unauthorized data access. Oracle has published a security alert regarding this issue.

Notable Threat Actor Activity

  • Researchers have identified a new Rust-based malware dubbed “ChaosBot.” The malware leverages Discord channels for command and control, enabling threat actors to conduct reconnaissance and execute arbitrary commands on infected systems.
  • A smishing campaign is targeting New York residents with fraudulent “Inflation Refund” text messages, impersonating the Department of Taxation and Finance to harvest personal information.

Trends, Tools, or Tactics of Interest

  • ChaosBot demonstrates the continued adoption of Rust for malware development and the use of popular communication platforms like Discord for C2 infrastructure.
  • Smishing remains a prevalent technique for credential theft, with recent campaigns exploiting economic themes to increase effectiveness.