Massive Supply Chain Attack Hits Salesforce Ecosystem; Critical Flaws in Oracle, Azure, and Grafana Emerge

Publication Date: November 22, 2025

Summary

This cybersecurity brief for November 22, 2025, covers a series of high-impact events. A major supply chain attack attributed to 'Scattered Lapsus$ Hunters' compromised over 200 companies by abusing OAuth tokens in a Salesforce-integrated app. Concurrently, CISA issued warnings for a critical, actively exploited RCE in Oracle Identity Manager. Critical 10.0 CVSS vulnerabilities were also disclosed in Microsoft Azure Bastion and Grafana Enterprise. Other significant threats include a new Android trojan stealing encrypted messages, a sophisticated Chinese APT campaign targeting Russia, and a botnet using the Ethereum blockchain for C2.

Today New Articles

CISA KEV Alert: Actively Exploited Oracle RCE Flaw Allows Full System Takeover

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in Oracle Identity Manager, CVE-2025-61757, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, with a CVSS score of 9.8...

Chinese APT24 Group Uses 'BadAudio' Malware in Years-Long Espionage Campaign Targeting Taiwan

The Chinese-nexus threat group APT24, also known as Pitty Tiger, is behind a nearly three-year cyberespionage campaign utilizing a new custom malware called 'BadAudio'. According to Google's Threat Intelligence Group, the campaign, active since November 2022,...

Major Wall Street Banks Exposed After Breach at Mortgage Vendor SitusAMC

SitusAMC, a critical technology and services provider for the real estate finance industry, has disclosed a significant data breach discovered on November 12, 2025. The cyberattack compromised corporate information and, more critically, data belonging to its c...

Grafana Enterprise Hit by Critical 10.0 CVSS Flaw Allowing Admin Impersonation

Grafana Labs has patched a critical vulnerability, CVE-2025-41115, in Grafana Enterprise that carries the maximum CVSS score of 10.0. The flaw resides in the SCIM provisioning feature and allows a malicious SCIM client to escalate privileges and impersonate an...

CrowdStrike Fires Insider for Leaking Screenshots to 'Scattered Lapsus$ Hunters' Hacking Group

Cybersecurity giant CrowdStrike has confirmed it fired an employee last month for acting as a malicious insider. The employee leaked screenshots of internal systems, including an Okta dashboard, to the 'Scattered Lapsus$ Hunters' hacking group, who then posted...

Critical 10.0 CVSS Flaw in Azure Bastion Allows Full Cloud Takeover

Microsoft has patched a critical authentication bypass vulnerability, CVE-2025-49752, in its Azure Bastion service. The flaw, which scores a perfect 10.0 on the CVSS scale, could allow a remote, unauthenticated attacker to gain administrative control over all...