CATEGORIES

Adversary Intelligence

Articles in Blog Posts

April 15, 2025

Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents

What looks like a harmless online file conversion could be a trap set by cybercriminals. CloudSEK’s latest investigation uncovers a stealthy malware campaign where fake PDF-to-DOCX converters, mimicking the popular PDFCandy.com, trick users into running malicious PowerShell commands. The endgame? A powerful information stealer that hijacks browser credentials, crypto wallets, and more. Dive into our detailed breakdown of this social engineering scam, its technical anatomy, and how to stay a step ahead of such byte bandits.

Written by

Varun Ajmera

March 24, 2025

Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up Analysis

On March 21, 2025, CloudSEK’s XVigil platform flagged a significant threat—a threat actor offering 6 million exfiltrated records from Oracle Cloud for sale. Despite Oracle’s public denial, our deep-dive investigation reveals a compromised production SSO endpoint, affecting over 140,000 tenants and exposing sensitive SSO and LDAP data. Our report outlines verified evidence of the breach. At CloudSEK, we prioritize transparency and preparedness. This detailed follow-up not only challenges initial denials but equips enterprises with actionable steps to assess and secure their environments. Read the full report to uncover the evidence, understand the impact, and strengthen your defenses.

Written by

Rahul Sasi

March 21, 2025

The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants

CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle

Written by

CloudSEK TRIAD

March 13, 2025

Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations

Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.

Written by

Noel Varghese

March 11, 2025

The Dark Side of eCommerce: How Fake Review Networks Manipulate Online Shopping

Ever bought a product online, convinced by its glowing five-star reviews, only to receive something completely different—or worse, useless? You're not alone. The rise of fake review networks is distorting the trust we place in eCommerce platforms. Behind the scenes, sellers and marketing agencies are orchestrating elaborate scams, using WhatsApp and Telegram groups to flood product listings with deceptive praise. From refund-for-review schemes to “empty box deals,” these tactics don’t just trick shoppers—they undermine honest businesses and erode trust in online shopping. Let’s dive into the dark underbelly of eCommerce and uncover how fake reviews are shaping what we buy.

Written by

Mayank Sahariya

March 6, 2025

PrintSteal : Exposing unauthorized CSC-Impersonating Websites Engaging in Large-Scale KYC Document Generation Fraud

Imagine thousands of fake identity documents being generated at the click of a button—Aadhaar cards, PAN cards, birth certificates—all convincingly real, but entirely fraudulent. That’s exactly what the "PrintSteal" operation has been doing on a massive scale. This investigation uncovers a highly organized criminal network running over 1,800 fake domains, impersonating government websites, and using cyber cafés, Telegram groups, and illicit APIs to distribute fraudulent KYC documents. With over 167,000 fake documents created and ₹40 Lakh in illicit profits, this isn’t just fraud—it’s a direct attack on India’s digital security. The full report dives into how this scam works, who’s behind it, and what needs to be done to stop it. If you care about financial security, digital identity protection, or cybercrime prevention, you won’t want to miss it. Read on to uncover the full story.

Written by

Abhishek Mathew

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.