In a recent cyber incident, Oracle has come under scrutiny for denying any cloud breach and instead attributing the hack to outdated servers. The attack was claimed by UNC3944, also known as 0ktapus or Scattered Spider, who stated they breached Oracle’s systems and gained access to internal tools and customer data. Oracle, however, clarified that the compromised servers were no longer in use and disconnected from their production or customer environments. Investigations are ongoing, with no confirmed impact on customer data within the Oracle Cloud platform.
On a separate note, Google released its April Android update which addressed 62 vulnerabilities, including two zero-day flaws that were exploited in targeted attacks. One of the zero-days, CVE-2024-53197, was a high-severity Linux kernel bug used by Serbian authorities in unlocking confiscated devices. Amnesty International had previously discovered these zero-days. Another critical flaw, CVE-2024-53150, allowed unauthorized access to sensitive data through an out-of-bounds read.
Meanwhile, Microsoft issued patches for 134 vulnerabilities, including a zero-day flaw exploited by the RansomEXX ransomware gang to escalate privileges in attacks. This flaw, tracked as CVE-2025-29824, posed a significant risk as it allowed local attackers to gain SYSTEM-level access. While most systems received the patch, updates for specific Windows 10 systems are still pending.
In a notable data breach, WK Kellogg Co. fell victim to attackers who exploited vulnerabilities in its Cleo file transfer software, resulting in unauthorized access to HR files. The incident exposed sensitive employee information and underscored the importance of timely patch management to mitigate such risks.
Moving on to international cybercrime, Spanish authorities arrested six individuals in connection with a $20.9 million AI-driven investment scam that targeted over 200 victims. The scammers utilized deepfake advertisements featuring public figures to deceive victims into fraudulent investment schemes, highlighting the evolving tactics employed by cybercriminals to defraud individuals.
In another significant development, Noah Urban, also known as “King Bob” from the Scattered Spider hacking group, pleaded guilty to federal charges related to cyberattacks on major U.S. firms. Urban’s admission of guilt shed light on the group’s activities, which included targeting cloud providers, telecom firms, and cryptocurrency companies through various tactics.
Lastly, law enforcement agencies across multiple countries conducted a coordinated operation to detain suspected customers of the SmokeLoader malware operation and seize its infrastructure. SmokeLoader, a long-running malware operation, was used to infect over 100,000 computers globally with info-stealers and ransomware. The takedown of SmokeLoader’s infrastructure marked a significant victory in the fight against cybercriminals utilizing such malicious tools.
Overall, these incidents underscore the ongoing threat posed by cybercrime and the need for organizations to remain vigilant in securing their digital assets against evolving threats in the digital landscape.