It's been a pretty active 24 hours in the cyber world, with CISA warning about an actively exploited Oracle zero-day, new insights into China-linked APT31's stealthy operations against Russian IT, and a fresh look at a fileless, cross-platform phishing framework using browser notifications. Let's dive in:

Critical Oracle Identity Manager Zero-Day Under Active Exploitation ⚠️

- CISA has added CVE-2025-61757, a critical Oracle Identity Manager vulnerability (CVSS 9.8), to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
- This flaw allows pre-authenticated remote code execution by bypassing authentication for critical functions, stemming from a faulty security filter that can be tricked with "?WSDL" or ";.wadl" appended to URIs.
- Evidence suggests the vulnerability was exploited as a zero-day between August 30 and September 9, 2025, well before Oracle's October patch, with Federal Civilian Executive Branch agencies mandated to patch by December 12, 2025.

📰 The Hacker News | https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

China-Linked APT31 Targets Russian IT with Cloud C2 🇨🇳

- The China-linked APT31 (aka Altaire, Violet Typhoon) has been attributed to stealthy cyberattacks against the Russian IT sector between 2024-2025, often remaining undetected for extended periods.
- The group leverages legitimate cloud services like Yandex Cloud for command-and-control (C2) and data exfiltration, blending in with normal traffic, and stages encrypted commands in social media profiles.
- APT31 employs a diverse arsenal of public and custom tools, including CloudyLoader, SharpADUserIP, Tailscale VPN, and unique backdoors like OneDriveDoor and VtChatter, to achieve persistence and exfiltrate sensitive data.

📰 The Hacker News | https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html

Matrix Push C2 Leverages Browser Notifications for Fileless Phishing 🎣

- A new command-and-control (C2) platform, Matrix Push C2, is being used by threat actors to conduct fileless, cross-platform phishing attacks via browser push notifications.
- Victims are socially engineered into allowing notifications, which then deliver fake alerts (e.g., suspicious logins, browser updates) with malicious links, effectively bypassing traditional security controls.
- Offered as a Malware-as-a-Service (MaaS) with tiered subscriptions, Matrix Push C2 includes configurable templates for impersonating brands and analytics, while separate research notes an uptick in legitimate DFIR tool Velociraptor misuse.

📰 The Hacker News | https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html

#CyberSecurity #ThreatIntelligence #ZeroDay #RCE #Oracle #APT31 #NationState #Phishing #Malware #C2 #CloudSecurity #IncidentResponse #InfoSec

{NEW} Chinese hackers are exploiting new SharePoint flaws—Microsoft links attacks to #APT27, #APT31 & Storm-2603.

They’re bypassing patches to steal MachineKeys via remote code execution.

The exploit chain is already in the wild. #CyberSecurity #CyberAttacks https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html

🇨🇿 CZECHIA
🔴 Envoy Summoned Over Chinese Cyberattacks

🔸 Czech FM summoned China's ambassador over a long-running cyber campaign targeting foreign ministry networks.
🔸 Attacks traced to APT31, linked to China’s Ministry of State Security.
🔸 Minister Lipavsky warned such hostile acts could harm bilateral ties.

#Czechia #China #Cybersecurity #APT31 #Diplomacy

Czechy oskarżyły Chiny o cebyratak na MSZ

Wróbelki w DeepWeb ćwierkają, że atakujący przejęli dane z co najmniej jednego konta Microsoft Exchange. Oczywiście, nie mam jak tego potwierdzić.

https://wp.me/p3fv0T-hrh #Chiny #ChRL #hack #atak #Czechy #MSZ #APT31 #cyberbezpieczeństwo #POLECANE

China accused of cyber espionage—again.

Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure. #Hackinggroup #cybersecurity #APT31 https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html