InfoSecBulletin Cybersecurity for mankind
BlackCat hacks Motel One Group and steals 24.5 million files of data. Someone on the dark web claims to have FBI credentials, but it’s unclear if they’re real. Medusa targets two companies and demands large ransoms. Here are the top 5 news highlights from the past day.
* Motel One Group was attacked by BlackCat ransomware. They stole 6 TB of data, which included 150 customer credit card records. The attackers claim to have taken 24.5 million files.
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild
Bengaluru firm got ransomware attack, Hacker demanded $70,000
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today
PwC exits more than a dozen countries in push to avoid scandals: FT reports
* SeigedSec is reportedly selling the FBI’s Law Enforcement Enterprise Portal (LEEP) account credentials. It’s unknown how many credentials are being sold or if they are real.
* The LockBit ransomware group attacked Fauquier County Public Schools in Virginia and demanded ransom payment by October 19.
* The FBI has warned the energy industry that Chinese and Russian attackers are expected to target critical energy infrastructure more frequently because of changes in global energy supply.
* Netscout reported a significant increase in DDoS attacks in the first half of 2023. There were around 7.9 million attacks, representing a 31% surge compared to the previous year. They also noticed a resurgence in DNS water-torture attacks, with a rise of 353%.
