Tag: SSO

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
Summary: A malicious campaign named PoisonSeed is exploiting compromised credentials from CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases, ultimately aiming to drain victims’ digital wallets. The attack involves phishing tactics aimed at high-value targets, including both individuals and enterprises linked to the cryptocurrency sector.…
Read More
Summary: Silent Push Threat Analysts have identified a sophisticated cyber campaign named “PoisonSeed” targeting enterprise organizations and cryptocurrency holders through phishing and compromised email services. The campaign employs a unique tactic of “crypto seed phrase” phishing attacks to deceive victims into compromising their cryptocurrency wallets. PoisonSeed showcases the complexity of modern cyber threats, with connections to other known groups while maintaining distinct operational characteristics.…
Read More
PoisonSeed phishing campaign behind emails with wallet seed phrases
Summary: The ‘PoisonSeed’ phishing campaign compromises corporate email marketing accounts to distribute fraudulent emails containing crypto seed phrases, aimed at draining users’ cryptocurrency wallets. Targeting platforms like Coinbase and Ledger through compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho, the campaign uses professional phishing tactics to bait recipients into providing their credentials.…
Read More
OpenAI’s ChatGPT Plus is now free for students until the end of May
Summary: OpenAI is offering a free ChatGPT Plus subscription for college students in the U.S. and Canada until the end of May, allowing them to access advanced AI models. The offer is part of an experimental program that includes verification of student status through SheerID. This initiative comes ahead of finals, with the goal of supporting students in their studies.…
Read More
Oracle privately confirms Cloud breach to customers
Summary: Oracle has confirmed a data breach involving legacy client credentials after attackers exploited vulnerabilities in 2017 systems, affecting user emails and hashed passwords. Despite Oracle’s claims that the breach did not impact Oracle Cloud, evidence suggests otherwise. Additionally, Oracle Health has also experienced a security incident that compromised patient data from U.S.…
Read More
Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
Oracle Health breach compromises patient data at US hospitals
Summary: A breach at Oracle Health has compromised patient data from multiple US healthcare organizations after a threat actor accessed legacy servers. Oracle Health, formerly Cerner, confirmed the incident but has faced criticism for its lack of transparency and communication. Healthcare organizations are advised to determine their own notification responsibilities regarding potential HIPAA violations due to the breach.…
Read More
HaveIBeenPwned Creator Becomes Victim of Sophisticated Phishing
Summary: Renowned cybersecurity expert Troy Hunt fell victim to a sophisticated phishing attempt that exploited his use of Mailchimp. Despite his expertise, Hunt was tricked into providing his credentials and two-factor authentication code, allowing attackers to compromise his email list. While the breach had minimal impact, it serves as a crucial reminder of the pervasive threat of phishing attacks, even for seasoned professionals.…
Read More
Oracle customers confirm data stolen in alleged cloud breach is valid
Summary: A hacker named ‘rose87168’ has claimed to have breached Oracle Cloud, allegedly stealing data related to 6 million users, despite Oracle’s adamant denial of any breach. Multiple companies have confirmed the authenticity of the leaked data samples, including personal and account information. Evidence suggests that the threat actor had access to Oracle’s servers, raising serious questions about the security of the cloud platform.…
Read More
Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up Analysis
On March 21, 2025, a user claimed to have accessed Oracle Cloud’s login servers, selling sensitive data, including authentication credentials. CloudSEK authenticated the data, warning the community of potential supply chain attacks. Oracle denied any breach, but CloudSEK’s investigation confirmed the exposure of real customer data linked to the compromised servers.…
Read More
The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More
Why it’s time for phishing prevention to move beyond email
Summary: Despite significant investments in email security solutions, phishing attacks continue to pose a severe threat to organizations, largely due to the emergence of sophisticated Attack-in-the-Middle (AitM) phishing techniques. Traditional detection methods, including known-bad blocklists and malicious webpage detection, are increasingly ineffective against these evolving tactics.…
Read More
How to Execute the Bybit .5B ETH Heist – An Attack Path for Offensive Security Operations in AWS
On February 21st, a significant cryptocurrency theft occurred involving Bybit, where hackers from the Lazarus Group infiltrated a supplier’s system to redirect 401,000 Ethereum coins worth approximately .5 billion. The attack exemplifies a supply chain vulnerability that permitted hackers to exploit AWS services while leaving the Bybit system itself secure.…
Read More
GitLab patches critical authentication bypass vulnerabilities
Summary: GitLab has released critical security updates addressing nine vulnerabilities in its Community and Enterprise Editions, including two significant authentication bypass flaws in the ruby-saml library. The vulnerabilities could allow authenticated attackers to impersonate users in SAML environments, leading to potential account takeovers. Users are urged to upgrade to the latest versions (17.7.7, 17.8.5, or 17.9.2) immediately, while temporary mitigations are suggested for those unable to upgrade right away.…
Read More