Salesforce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions.
The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on SecurityWeek.
Data Breach at Doctors Imaging Group Impacts 171,000 People
Doctors Imaging Group is informing customers about a cybersecurity incident nearly a year after it occurred.
The post Data Breach at Doctors Imaging Group Impacts 171,000 People appeared first on SecurityWeek.
$4.5 Million Offered in New Cloud Hacking Competition
Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition.
The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek.
Beer Giant Asahi Says Data Stolen in Ransomware Attack
The brewing giant has reverted to manual order processing and shipment as operations at its Japanese subsidiaries are disrupted.
The post Beer Giant Asahi Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.
The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military.
Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,
Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks.
The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle
The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle
Oracle patches EBS zero-day exploited in Clop data theft attacks
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. […]
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. […]
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But there’s a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. […]