InfoSecBulletin Cybersecurity for mankind
BlackCat hacks Motel One Group and steals 24.5 million files of data. Someone on the dark web claims to have FBI credentials, but it’s unclear if they’re real. Medusa targets two companies and demands large ransoms. Here are the top 5 news highlights from the past day.
* Motel One Group was attacked by BlackCat ransomware. They stole 6 TB of data, which included 150 customer credit card records. The attackers claim to have taken 24.5 million files.
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
Russian zero-day seller to offer up to $4 million for Telegram exploits
* SeigedSec is reportedly selling the FBI’s Law Enforcement Enterprise Portal (LEEP) account credentials. It’s unknown how many credentials are being sold or if they are real.
* The LockBit ransomware group attacked Fauquier County Public Schools in Virginia and demanded ransom payment by October 19.
* The FBI has warned the energy industry that Chinese and Russian attackers are expected to target critical energy infrastructure more frequently because of changes in global energy supply.
* Netscout reported a significant increase in DDoS attacks in the first half of 2023. There were around 7.9 million attacks, representing a 31% surge compared to the previous year. They also noticed a resurgence in DNS water-torture attacks, with a rise of 353%.
