Massive Supply Chain Attacks Expose Millions; Clop Ransomware Targets Harvard and Oracle

Notorious Ransomware Group Clop Adds Harvard University to its Dark Web Leak Site

The prolific Russian-speaking ransomware group Clop has claimed responsibility for a cyberattack against Harvard University, adding the prestigious institution to its data leak site on October 12, 2025. The group, known for its 'big-game hunting' and exploitation of zero-day vulnerabilities, threatened to publish stolen data, stating that a torrent link would be available soon. The claim has not yet been confirmed by Harvard. Clop, also known as TA505, has a history of high-profile attacks using double-extortion tactics, including the mass exploitation of flaws in MOVEit Transfer and GoAnywhere MFT, which affected hundreds of organizations worldwide.

RansomwareClopTA505Harvard UniversityData Leak +2 more

Ransomware

Threat Actor

Data Breach

Oracle Issues Emergency Patch for High-Severity EBS Flaw Amid Active Clop Attacks

Oracle Patches Unauthenticated Data Exposure Flaw (CVE-2025-61884) in E-Business Suite

Oracle has released an emergency security patch for a high-severity vulnerability, CVE-2025-61884, in its E-Business Suite (EBS). The flaw, which has a CVSS score of 7.5, allows an unauthenticated, remote attacker to access sensitive data within the Oracle Configurator module. It affects EBS versions 12.2.3 through 12.2.14. This alert is especially critical as it comes while the Clop ransomware group is actively exploiting a separate, critical zero-day (CVE-2025-61882) in EBS for an executive extortion campaign. While there's no confirmed link, the active targeting of EBS by Clop significantly increases the risk that this new vulnerability will be weaponized. Administrators are urged to apply the patch immediately.

VulnerabilityOracleE-Business SuiteCVE-2025-61884CVE-2025-61882 +3 more

4 min read

Oracle Issues Emergency Patch for High-Severity EBS Flaw Amid Active Clop Attacks

Vulnerability

Patch Management

Ransomware

Discord Denies Massive Breach Claim After Hackers Allege 1.5TB Data Leak

MEDIUM

Discord Refutes Claims of a Major Data Breach and Leak of Government-Issued IDs

Discord is publicly denying claims that it suffered a major data breach. On October 11, 2025, an unknown group of hackers alleged they had exfiltrated and leaked 1.5 terabytes of user data, including highly sensitive government-issued identification documents. Some reports suggested the breach was linked to Discord's Zendesk customer support portal, an allegation Zendesk also refuted, stating its systems were not vulnerable. Discord maintains that its services were not compromised and that the claims are unverified. The significant discrepancy between the hackers' claims and the company's denial leaves the situation unclear, but the mere allegation of leaked IDs poses a serious concern for users.

DiscordData BreachZendeskUnconfirmedIdentity Theft

Discord Denies Massive Breach Claim After Hackers Allege 1.5TB Data Leak

Data Breach

Security Operations

North Korean Hackers Shatter Records, Stealing $2 Billion in Crypto in 2025

North Korean State-Sponsored Hackers Steal Record-Breaking $2 Billion in Cryptocurrency Assets in 2025

North Korean state-sponsored hacking groups have stolen over $2 billion in cryptocurrency assets in 2025 so far, marking the largest annual total ever recorded for the regime. A report highlighted on October 11, 2025, points to the increasing scale and sophistication of these financially motivated cyber operations. The single largest heist of the year was the February 2025 attack on the Bybit cryptocurrency exchange, which accounted for $1.46 billion of the total losses. These attacks on crypto exchanges and DeFi platforms are a critical source of revenue for North Korea, allowing it to circumvent international sanctions and fund its weapons programs.

North KoreaLazarus GroupCryptocurrencyCyber HeistBybit +2 more

North Korean Hackers Shatter Records, Stealing $2 Billion in Crypto in 2025

Threat Actor

Cyberattack

Malware

North Korean IT Worker Fraud Scheme Expands, Targeting 5,000 Companies

Global Alert: North Korean Scheme Using Fake IT Workers Infiltrates Thousands of Companies

A sophisticated North Korean scheme using fraudulent IT worker personas to infiltrate companies has expanded into a massive global operation. According to a report from October 11, 2025, researchers have identified over 130 fake identities used in more than 6,500 job interviews with approximately 5,000 companies over a four-year period. These state-sponsored operatives pose as skilled freelance IT workers to secure remote employment, then use their insider access to conduct espionage, steal intellectual property, and divert funds. The campaign, previously thought to be focused on the U.S., is now confirmed to be global, prompting warnings for businesses to enhance their hiring and verification processes for remote workers.

North KoreaInsider ThreatEspionageHiring FraudRemote Work +1 more

North Korean IT Worker Fraud Scheme Expands, Targeting 5,000 Companies

Threat Actor

Incident Response

Policy and Compliance

Critical RCE Flaw in WooCommerce Designer Pro Plugin Puts WordPress Sites at Risk

CRITICAL

Critical Path Traversal Vulnerability (CVE-2025-6439) in WooCommerce Designer Pro Allows Unauthenticated File Deletion

A critical vulnerability, CVE-2025-6439, has been disclosed in the WooCommerce Designer Pro WordPress plugin. The flaw, rated 9.8 out of 10 on the CVSS scale, is a path traversal issue that allows an unauthenticated attacker to delete arbitrary files on the web server. This could lead to complete data loss, website destruction, or even remote code execution (RCE) by deleting critical files like wp-config.php and re-running the WordPress installation. The vulnerability affects all versions up to and including 1.9.26 and is also present in the 'Pricom' theme which bundles the plugin. Users are urged to update immediately.

WordPressVulnerabilityCVE-2025-6439WooCommercePath Traversal +2 more

4 min read

Critical RCE Flaw in WooCommerce Designer Pro Plugin Puts WordPress Sites at Risk

Vulnerability

Patch Management

WordPress Plugin 'Contest Gallery' Vulnerable to CSV Injection Attacks

MEDIUM

Medium-Severity CSV Injection Flaw (CVE-2025-11254) Disclosed in Contest Gallery WordPress Plugin

A medium-severity CSV injection vulnerability, CVE-2025-11254, has been disclosed in the 'Contest Gallery' plugin for WordPress. The flaw affects all versions up to and including 27.0.3. It allows an unauthenticated attacker to embed malicious formulas into data fields that are later exported as a CSV file by a site administrator. If the administrator opens the malicious CSV file in a spreadsheet program like Microsoft Excel, the formulas can execute, potentially leading to arbitrary code execution on their local machine. The vulnerability has a CVSS score of 4.3 and has been patched in version 28.0.0 of the plugin.