Oracle has patched a critical flaw in its E-Business Suite, CVE-2025-61882, exploited by Cl0p hackers. This cybercrime group was having a field day with data theft attacks, but Oracle’s emergency patch aims to shut down their party. E-Business Suite users, it’s time to patch up and lock them out!

LinkedIn has leveled a lawsuit against ProAPIs and its CEO, Rahmat Alam, for allegedly scraping user data through millions of fake accounts, charging clients up to $15,000 a month. Not only does this scheme overload LinkedIn’s servers, but it also turns “networking” into a whole new kind of sport.

In a data leak paw-sitively ripe for “Whoopsie Daisy” awards, Rainwalk Pet left 158 GB of pet and owner info out in the open. Not only did this expose names and numbers, but even Fido’s microchip details. Rainwalk Pet’s data breach highlights the dangers lurking in unprotected databases.

A code execution vulnerability in the Unity game engine could lead to chaos on Android and Windows devices. The vulnerability, CVE-2025-59489, allows sneaky apps to execute code and access sensitive data. Valve and Microsoft advise developers to update their Unity versions faster than you can say, “Game over!”

Huntress has teamed up with Sherweb, marking its first distribution partnership. This dynamic duo plans to make enterprise-grade cybersecurity accessible to every MSP. Huntress products will soon hit the Sherweb Marketplace, offering tools that ensure hackers will have to find new hobbies.

Radiant Group, the new kids on the ransomware block, have moved from preschools to hospitals, hitting a Minnesota facility and giving it seven days to comply with extortion demands. While children are off-limits after a scolding from a rival gang, hospitals are seemingly fair game for these cyber crooks.

A high-severity vulnerability in Unity, tracked as CVE-2025-59489, allows attackers to load malicious libraries and execute arbitrary code. With a CVSS score of 8.4, this bug can be exploited locally and potentially remotely. Unity and partners like Microsoft and Valve urge developers to update and secure their applications promptly.

Discord data was stolen, but it wasn’t their fault! Blame the compromised support vendor. While Discord’s servers stayed safe, names, emails, and even credit card bits got exposed. Discord cut ties faster than a bad breakup and is now warning users to dodge scams. So, stay vigilant, folks!

A BBC journalist was offered a significant sum to hack the network. Cybercriminals wanted access to steal data and demand a ransom. The journalist wisely declined, but the offer highlights a growing trend: hackers seeking insider help. Even reporters aren’t safe from the allure of cybercrime.

UAT-8099, a Chinese-speaking cybercrime group, targets Microsoft Internet Information Services servers for SEO fraud and data theft. They manipulate search rankings by focusing on high-value IIS servers in regions like India and Brazil. Using tools like BadIIS malware and Cobalt Strike, they gain control and evade detection.

Scattered LAPSUS$ Hunters, a mishmash of retired hackers, claims they’ve swiped data from 39 Salesforce customers, including Disney and Google. They’re threatening to spill the beans unless Salesforce pays up. Meanwhile, Salesforce says it’s all smoke and mirrors, with no signs their platform has been hacked.

XWorm backdoor makes a comeback in phishing campaigns, now with more plugins than your average smartphone! After the developer XCoder vanished, threat actors adopted XWorm 6.0, 6.4, and 6.5, adding features for stealing data, ransomware, and more. It’s like a Swiss Army knife, but for cybercriminals.

Doctors Imaging Group, a radiology practice, is notifying patients about a data breach from November 2024, impacting over 171,000 individuals. Hackers accessed sensitive information, but no cybercriminal group has claimed responsibility. While unsettling, large-scale healthcare data breaches are not uncommon.

Dell UnityVSA’s login redirection flaw, CVE-2025-36604, lets hackers with no credentials issue commands—like giving your keys to a stranger who promises to “just look around.” Upgrade to version 5.5.1 to avoid this virtual home invasion.

Jaguar Land Rover revs up for a manufacturing comeback after a cyber-induced pit stop. The UK automaker gears up its plants, with Wolverhampton leading the race. With downtime costs soaring, the £1.5 billion government loan arrives just in time to prevent the supply chain from stalling completely.

Vibe coding may streamline development, but it’s like letting a toddler play with matches in a fireworks factory. Security risks abound, especially if AI is trained on outdated or low-quality code. While it can help low-resource groups, the potential for vulnerabilities is a ticking time bomb in software-supply-chain security.

Security experts are scratching their heads as reconnaissance activity targeting Palo Alto Networks login portals skyrockets by 500%. GreyNoise reports 1300 IP addresses in the mix, with 91% hailing from the US. As if the drama wasn’t enough, Cisco ASA and SonicWall have also joined the reconnaissance party.

Wiz has launched Zeroday.Cloud, a mega hacking competition with $4.5 million in prizes. Participants must demonstrate their cloud software exploits live in London. With categories ranging from AI to Kubernetes, the competition promises big rewards and a dash of drama, as Trend Micro accuses Wiz of rule plagiarism.

Asahi, the brewing giant, was hit by a ransomware attack, causing a data breach and halting operations in Japan. While hackers haven’t demanded a ransom yet, Asahi’s Emergency Response Headquarters is on the case, working to restore order. Meanwhile, Asahi’s manual operations are back, proving sometimes you just can’t beat the human touch.

Oracle rushed to fix a zero-day vulnerability in its E-Business Suite, already exploited by Clop for data theft and extortion. The flaw, CVE-2025-61882, allows remote code execution and has a severity score of 9.8. Oracle and Mandiant urge immediate patching, as mass exploitation has already taken place.