Cybersecurity Daily: News & Threats
(00:00:00) Icarus OAuth Attack, Council of Europe Breach & AryStinger Botnet (00:01:13) Oracle PeopleSoft Zero-Day, 100+ Victims (00:01:48) ShinyHunters Publishes Council of Europe Data (00:02:43) AryStinger Botnet Hijacks D-Link Routers (00:03:34) The Signal That Connects All Three Three major incidents dominated the past twenty-four hours, and they share a single underlying pattern: attackers exploiting the gap between trusted access and monitored access. The Icarus group compromised legacy credentials at Klue, a competitive intelligence platform, converting them into OAuth tokens that granted silent access to Salesforce data across nine cybersecurity firms — including HackerOne, Recorded Future, Snyk, and Jamf. Automated Python scripts queried the API continuously for twenty-four hours, blending into normal integration traffic. A ransom deadline of June 17th has already passed with no disclosed resolution. In a connected development, a critical Oracle PeopleSoft zero-day has been exploited across more than one hundred organisations. Attacks mimicked legitimate user sessions, bypassing anomaly detection entirely. The Council of Europe is among confirmed victims — and that breach escalated sharply when ShinyHunters published 297 gigabytes of stolen data after the Council declined to pay. The leaked files include payroll records, medical files, and bank details for approximately ten thousand employees. ShinyHunters deployed permanent torrent mirrors, explicitly framing the release as lasting until the end of time. That shift fundamentally changes the extortion calculus for every future victim: payment no longer removes the threat. Rounding out today's briefing, the AryStinger botnet has quietly compromised over 4,300 end-of-life D-Link routers — models the manufacturer abandoned — installing a Dropbear SSH backdoor for infrastructure reconnaissance rather than DDoS. Detection rates in mainstream security engines are near zero. Oracle's patch timeline remains undefined. Klue's full breach scope is unconfirmed. Affected Council of Europe employees are still awaiting notification. This is Cybersecurity Daily. This episode includes AI-generated content.
64 jaksot
Kommentit
0Ole ensimmäinen kommentoija
Rekisteröidy nyt ja liity Cybersecurity Daily: News & Threats-yhteisöön!