Tag: SSO

Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
Oracle Health breach compromises patient data at US hospitals
Summary: A breach at Oracle Health has compromised patient data from multiple US healthcare organizations after a threat actor accessed legacy servers. Oracle Health, formerly Cerner, confirmed the incident but has faced criticism for its lack of transparency and communication. Healthcare organizations are advised to determine their own notification responsibilities regarding potential HIPAA violations due to the breach.…
Read More
HaveIBeenPwned Creator Becomes Victim of Sophisticated Phishing
Summary: Renowned cybersecurity expert Troy Hunt fell victim to a sophisticated phishing attempt that exploited his use of Mailchimp. Despite his expertise, Hunt was tricked into providing his credentials and two-factor authentication code, allowing attackers to compromise his email list. While the breach had minimal impact, it serves as a crucial reminder of the pervasive threat of phishing attacks, even for seasoned professionals.…
Read More
Oracle customers confirm data stolen in alleged cloud breach is valid
Summary: A hacker named ‘rose87168’ has claimed to have breached Oracle Cloud, allegedly stealing data related to 6 million users, despite Oracle’s adamant denial of any breach. Multiple companies have confirmed the authenticity of the leaked data samples, including personal and account information. Evidence suggests that the threat actor had access to Oracle’s servers, raising serious questions about the security of the cloud platform.…
Read More
Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up Analysis
On March 21, 2025, a user claimed to have accessed Oracle Cloud’s login servers, selling sensitive data, including authentication credentials. CloudSEK authenticated the data, warning the community of potential supply chain attacks. Oracle denied any breach, but CloudSEK’s investigation confirmed the exposure of real customer data linked to the compromised servers.…
Read More
The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More
Why it’s time for phishing prevention to move beyond email
Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More
GitLab patches critical authentication bypass vulnerabilities
Summary: GitLab has released critical security updates addressing nine vulnerabilities in its Community and Enterprise Editions, including two significant authentication bypass flaws in the ruby-saml library. The vulnerabilities could allow authenticated attackers to impersonate users in SAML environments, leading to potential account takeovers. Users are urged to upgrade to the latest versions (17.7.7, 17.8.5, or 17.9.2) immediately, while temporary mitigations are suggested for those unable to upgrade right away.…
Read More
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Summary: Two critical security vulnerabilities have been found in the ruby-saml library, allowing attackers to bypass SAML authentication protections and potentially execute account takeover attacks. The flaws, designated as CVE-2025-25291 and CVE-2025-25292, affect specific library versions due to discrepancies in XML parsing between REXML and Nokogiri.…
Read More
🚨Cyber Attack Chronicles🚨
The SolarWinds hack, a significant supply chain attack discovered in December 2020, compromised numerous Fortune 500 companies and government agencies, resulting in extensive cybersecurity repercussions. Attackers embedded malicious code into SolarWinds’ Orion software updates, infiltrating thousands of networks and highlighting the vulnerabilities in vendor trust. Affected: Fortune 500 companies, US Government agencies, SolarWinds

Keypoints :

The hack was discovered in December 2020, but the infiltration began as early as March 2020.…
Read More
AI’s Role in Turning Massive Data Leaks into Hacker Paydays: A Look at the Orange Breach
Breaches involving companies like Orange, Schneider Electric, and Telefonica often begin with infostealers acquiring sensitive credentials, leading to substantial internal data leaks. Hackers leverage AI to efficiently analyze and extract valuable information from these massive datasets, turning previously chaotic data into actionable intelligence. Affected: Orange, Schneider Electric, Telefonica

Keypoints :

Recent breaches often start with infostealers that collect JIRA or Confluence credentials.…
Read More
New Microsoft 365 outage impacts Teams, causes call failures
Summary: Microsoft is currently investigating an outage affecting Microsoft 365 services, particularly impacting Teams users who are experiencing call failures and authentication issues. Affected users report broader connectivity problems with other Microsoft applications, including Outlook and Exchange. Microsoft is analyzing the situation to identify the root cause and potential solutions.…
Read More
Microsoft links recent Microsoft 365 outage to buggy update
Summary: Microsoft has resolved a coding issue that caused a widespread outage affecting Microsoft 365 apps, particularly Outlook and Exchange Online, over the weekend. The incident also led to degraded functionality of Teams and Power Platform, but was addressed by reverting the problematic code change. Additionally, ongoing issues with Exchange Online on iOS have been reported, related to authentication token errors linked to a third-party application.…
Read More