React2Shell Exploitation Surges as CISA Adds to KEV; Clop Hits NHS via Oracle Zero-Day

The Clop ransomware campaign, previously reported for breaching the Washington Post, has claimed another significant victim: Barts Health NHS Trust. This attack, which occurred in August 2025, leveraged a zero-day vulnerability in Oracle E-Business Suite, leading to the exfiltration of patient and staff names and addresses from an invoice database. This sensitive data was subsequently published on Clop's dark web leak site. The vulnerability exploited in this wider campaign has now been patched. This incident highlights the severe impact on critical infrastructure and the ongoing threat of data compromise and regulatory fines, further increasing the overall severity of this campaign.

A significant surge in 'no-click' WhatsApp account hijackings has been reported globally, with Kuwaiti authorities issuing urgent warnings. This wave of attacks exploits a technical vulnerability allowing account compromise without user interaction. While specific technical details remain undisclosed, the widespread exploitation has led to a sharp increase in compromised accounts. Users are strongly advised to immediately enable two-factor authentication (2FA) within WhatsApp settings, as it is identified as the most effective defense against this ongoing threat.

Security researchers have uncovered a vast Indonesian gambling network now serving as a command-and-control (C2) and anonymity service for malware operators. This dual-use infrastructure allows threat actors to hide malicious traffic within high-volume gambling communications, making detection and attribution significantly harder. The network provides a resilient platform for various malware campaigns, illustrating a real-world manifestation of the 'bulletproof' hosting challenge that international coalitions are working to disrupt. This discovery highlights the evolving sophistication of cybercrime infrastructure.