Today’s roundup
U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
SolarWinds addressed three critical flaws in Serv-U
CrowdStrike denies breach after insider sent internal screenshots to hackers
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
China’s APT31 linked to hacks on Russian tech firms
Summary
CISA has added CVE-2025-61757, a critical (CVSS 9.8) Oracle Identity Manager remote code execution flaw, to its Known Exploited Vulnerabilities catalog due to active exploitation since August 2025; federal agencies must patch by December 12. This vulnerability allows pre-authenticated system takeover.
Grafana Labs patched CVE-2025-41115, a maximum severity (CVSS 10.0) SCIM flaw in Grafana Enterprise, enabling privilege escalation and user impersonation under specific configurations.
SolarWinds addressed three critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40549, -40548, -40547) in its Serv-U file transfer solution. These flaws, exploitable with administrative privileges, require an update to version 15.5.3.
CrowdStrike confirmed an insider shared internal screenshots with the Scattered Lapsus$ Hunters threat group but stated no system breach or customer data exposure occurred. The company terminated the employee involved, with reports indicating an attempt by ShinyHunters to purchase network access.
A new command-and-control platform, Matrix Push C2, is facilitating fileless, cross-platform phishing by leveraging browser push notifications, fake alerts, and redirects to distribute malicious links across various operating systems.
Moscow-based Positive Technologies linked the China-aligned APT31 group to cyberattacks targeting entities within Russia's technology sector, indicating ongoing nation-state espionage activities.
Want to dig deeper?
Vulnerabilities
Cyber Groups