LR pixel

Oracle E-Business Suite RCE Vulnerability

What is the Vulnerability? CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite’s Concurrent Processing component. The flaw is remotely exploitable over HTTP without...

BRICKSTORM Espionage Campaign

What is the Attack? BRICKSTORM is a stealthy, Go-based backdoor deployed by the China-nexus actor UNC5221, enabling long-term persistence and espionage via compromised network appliances in US organizations. Since March 2025, GTIG (Google Threat Intelligence Group)...

AndroxGh0st Malware Actively Used in the Wild

FortiGuard Labs is aware that AndroxGh0st malware is actively used in the field to primarily target .env files that contain confidential information such as credentials for various high profile applications such as – AWS, O365, SendGrid, and Twilio from the...

npm Supply Chain Attack

What is the Attack? On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and...