Unity vulnerability puts popular games at risk
Gotta catch them all, vulnerabilities that is. Unity-built games like Pokémon GO and Genshin Impact are affected by a high-severity bug (CVE-2025-59489) that could let attackers execute code through affected apps on Android, Windows, macOS, and Linux. Microsoft and Steam are taking action with Microsoft flagging potentially vulnerable apps and games, while Steam blocks launches containing risky command-line parameters. Unity has patched the flaw and urges developers to update editors or replace runtime files in existing games to keep players safe.
Oracle zero-day exploit patched
This is an update to a story we first brought to you last week, The Cl0p ransomware group is now the confirmed hackers behind a recently exploited zero-day vulnerability in Oracle E-Business Suite (EBS), stealing data and sending extortion emails. The flaw, CVE-2025-61882, allows remote code execution on EBS versions 12.2.3-12.2.14 and carries a critical severity rating of 9.8. Oracle has since released patches and shared indicators of compromise, but security experts warn other threat actors could exploit the same vulnerability. This campaign follows a pattern seen in recent Cl0p attacks on Cleo, MOVEit, and Fortra products.
Third-party breach claims Discord user info
A compromised support vendor is to blame for a data breach at the popular social platform Discord. The incident only impacts users who contacted Discord’s support or Trust & Safety teams, exposing personal information including names, emails, IP addresses, billing details, and government ID images submitted for age verification appeals. Discord says it has revoked the vendor’s access but did not name which provider was involved. The company is notifying affected users but hasn’t disclosed how many were impacted.
(Security Week), (The Register)
Critical MFT flaw exploited
The cybercrime group Storm-1175 has been exploiting a critical GoAnywhere MFT vulnerability (CVE-2025-10035) in Medusa ransomware attacks for the past month. Microsoft reports that the flaw allows remote command execution without user interaction, enabling lateral movement, file exfiltration, and ransomware deployment. Microsoft and Fortra are urging admins to patch immediately and inspect logs for signs of compromise, while the Shadowserver Foundation has already tracked over 500 exposed instances online, though it’s unclear how many of those have already been patched.
(Bleeping Computer), (Microsoft)
Huge thanks to our sponsor, ThreatLocker
Malware campaign spreads via Whatsapp
Hackers are using WhatsApp to spread a new malware called Sorvepotel, targeting government agencies and businesses primarily in Brazil. The malware arrives in phishing messages disguised as receipts or forms and hijacks WhatsApp Web to automatically send itself to all contacts, rapidly propagating. Researchers say it mainly spreads quickly rather than stealing data or encrypting files, though related payloads can steal banking credentials.
Crowdsourced ransomware campaign
Scattered Lapsus$ Hunters is letting anyone do their dirty work. The crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies it claims to have breached. The group, which recently claimed to be “retiring,” posted instructions on Telegram and a new data leak site listing 39 alleged victims, mostly linked to Salesforce integrations. Followers are urged to email executives until they pay, with higher rewards for using personal accounts or “doing an exceptionally well job.”
Chinese hackers turn SEO fraud into a global hustle
A new Chinese-speaking cybercrime group called UAT-8099 has been caught running a global search engine optimization ring (SEO) fraud ring using compromised Microsoft IIS servers. The hackers target systems across India, Thailand, Vietnam, Canada, and Brazil hitting everything from universities to telecoms. Researchers say the group uses tools like Cobalt Strike and BadIIS malware to hijack search results and steal credentials, all while locking out rival attackers.
Win big with Wiz
Cloud security giant Wiz is offering $4.5 million USD in its new bug bounty contest, Zeroday.Cloud. Participants will demonstrate exploits against widely used cloud software live at Black Hat Europe in London this December, backed by AWS, Google Cloud, and Microsoft. Top prizes reach $300,000 USD for web server exploits with AI, containers, databases, and DevOps platforms also in play.
(Security Week), (ZeroDay Cloud)