SANS Internet Storm Center, InfoCON: green SANS Internet Storm Center - Cooperative Cyber Security Monitor
- Infocon: green
on 6 October 2025 at 7:15 amQuick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882)
- Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882), (Mon, Oct 6th)on 6 October 2025 at 3:50 am
This weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the incident response [1].
- ISC Stormcast For Monday, October 6th, 2025 https://isc.sans.edu/podcastdetail/9642, (Mon, Oct 6th)on 6 October 2025 at 2:45 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- ISC Stormcast For Friday, October 3rd, 2025 https://isc.sans.edu/podcastdetail/9640, (Fri, Oct 3rd)on 3 October 2025 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- More .well-known Scans, (Thu, Oct 2nd)
on 2 October 2025 at 2:08 pmI have been writing about the ".well-known" directory a few times before. Recently, about attackers hiding webshells &#;x26;#;x5b;1&#;x26;#;x5d;, and before that, about the purpose of the directory and why you should set up a "/.well-known/security.txt" file. But I noticed something else when I looked at today&#;x26;#;39;s logs on this web server. Sometimes you do not need a honeypot. Some attackers are noisy enough to be easily visible on a busy web server. This time, the attacker hit various URLs inside the ".well-known" directory. Here is a sample from the > 100 URLs hit: