Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 20, 2025, a threat actor known as Rose87168 posted on the dark web, claiming to be selling breached Oracle Cloud Traditional servers along with approximately 6 million exfiltrated user records. The hacker did not mention the price for the stolen data. He alleged that critical information, including SSO (Single Sign-On) and LDAP credentials, Java Keystore (JKS) files, passwords, and authentication keys, was stolen from Oracle’s login infrastructure.

In a record-breaking transaction that reflects the increasing importance of multicloud security, Google is to acquire cloud security giant Wiz in a whopping $32 billion all-cash deal. The largest deal by Google so far, the buyout marks a seismic step ahead in its cloud security offerings. As cyber threats continue to evolve at a record pace, businesses are looking for better, AI-driven solutions to protect their cloud-based digital properties.

The newly found Windows shortcut vulnerability is now being actively exploited by state-sponsored Advanced Persistent Threat (APT) actors to execute covert malicious commands. According to new research conducted by Trend Micro's Zero Day Initiative (ZDI), the vulnerability, designated as ZDI-CAN-25373, is now being exploited by Chinese, Iranian, North Korean, and Russian threat actors for worldwide cyber espionage and data theft.

]India has emerged as the globe's number one cyberattack target, with advanced persistent threat (APT) groups and hacktivist groups escalating their cyber assaults. From denial-of-service (DDoS) attacks to high-profile data breaches, cybercriminals are exploiting vulnerabilities in India's rapidly digitizing landscape.

Cybersecurity Compliance Simplified: Governing Changing Rules and Reducing Risks cybersecurity-compliance-simplified-governing-changing-rules-and-reducing-risks Introduction With the increasing presence of sophisticated cyber threats, governments around the globe are enhancing regulations to safeguard sensitive information and key infrastructure. Not only do organizations have to be compliant with the regulations, but they also have to have sound risk management systems to safeguard their online assets.

On March 10, 2025, X (formerly Twitter) experienced a series of outages due to a large-scale Distributed Denial of Service (DDoS) attack. The platform went down multiple times throughout the day, affecting millions of users globally. Elon Musk later confirmed that X was targeted by a "massive cyberattack", with initial investigations pointing to Ukraine-based IP addresses as the source.

With the rapid and dynamic nature of the digital world of today, businesses are seeing a mounting high rate of cybersecurity attacks. Cyber attackers keep evolving and coming up with new methods of breaching their systems, which leaves security teams under immense pressure to identify, assess, and remediate vulnerabilities at scale. Traditional methods of vulnerability management are typically behind the curve because the sheer volume of threats is overwhelming.

With cybercriminals becoming increasingly more sophisticated, utilizing the latest tools such as generative AI and SaaS exploits, the cybersecurity world in 2025 appears to be more convoluted than ever before. From compromised credentials-driven SaaS attacks to social engineering-based fraud facilitated through deepfakes, CISOs need to remain ahead with insightful recommendations.

Lazarus Group Strikes Again: North Korean Hackers Steal $1.46 Billion in Bybit Crypto Heist In recent weeks, the cryptocurrency community has been rocked by a series of high-profile thefts, including a $1.46 billion suspicious outflow from Bybit, a $11.5 million Coinbase social engineering scam, and an XRP laundering attempt linked to North Korea. Blockchain investigator ZachXBT has been actively tracking these incidents, mapping the stolen funds' movement across multiple chains.

Cybersecurity incidents continue to make headlines, with the latest victim being Tata Technologies, a leading global engineering and technology services company. The HUNTUBS ransomware group has claimed responsibility for a major attack, leaking sensitive corporate data. The incident, which resulted in the theft of 1.4 TB of confidential data, has raised concerns about cybersecurity resilience among major enterprises.

Apple had to deal with another active security vulnerability. The company has recently issued emergency patches for iOS and iPadOS, which fixed CVE-2025-24200-an alarming zero-day flaw that might have allowed cybercrooks to disable USB Restricted Mode on locked devices. The purpose of the update is to ward off possible cyber-physical attacks and keep data from unauthorized extraction.

Ransomware remains one of the most pressing cybersecurity threats, affecting individuals and organizations worldwide. Among the latest ransomware strains making headlines is VGOD ransomware, known for its advanced encryption techniques and aggressive attack methods. In this blog, we will explore the workings of VGOD ransomware, recent incidents, and the critical lessons organizations must learn to protect against such threats.

Cyber hackers always find ways to make their strategies more perfect in countermanding the security measures, and the XE Group is no exception. Hailing from Vietnam, initially famous for its credit card skimming operations, the cyber threat entity now engages itself in supply chain hacking. This sophistication and flexibility are proved by exploiting two newly identified zero-day vulnerabilities in VeraCore's warehouse management software.