Java Archives - MASSIVE News

CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)

wiredgorilla — Wed, 08 Oct 2025 01:00:39 +0000

CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications for the purposes of data exfiltration.

CrowdStrike Intelligence assesses with moderate confidence that GRACEFUL SPIDER is likely involved in this campaign but cannot rule out the possibility that multiple threat actors have exploited CVE-2025-61882. The first known exploitation occurred on August 9, 2025; however, investigations remain ongoing, and this date is subject to change.

CrowdStrike Intelligence further assesses that the October 3, 2025 proof-of-concept (POC) disclosure and the CVE-2025-61882 patch release will almost certainly encourage threat actors — particularly those familiar with Oracle EBS — to create weaponized POCs and attempt to leverage them against internet-exposed EBS applications.

Details

On September 29, 2025, GRACEFUL SPIDER emailed multiple organizations and claimed they had accessed and exfiltrated data from the victim’s Oracle EBS applications.

In an October 3, 2025 post in one of the Telegram channels insinuating collaboration between SCATTERED SPIDER, SLIPPY SPIDER, and ShinyHunters — a channel participant posted a purported Oracle EBS exploit (SHA256 hash: 76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d). In their post, the member criticized GRACEFUL SPIDER’s tactics.

How the poster obtained the exploit and whether this actor or any other actors associated with the channel have leveraged this exploit is unclear. Oracle published this POC as an indicator of compromise (IOC) in its CVE-2025-61882 disclosure, suggesting the vendor assesses that the POC has been or may be used for CVE-2025-61882 exploitation. While analysis is ongoing, the purported POC appears to align with at least some of the observed exploitation, including activity leveraging Java Servlets for exploitation.

Unauthenticated RCE Vulnerability (CVE-2025-61882)

On October 4, 2025, Oracle publicly disclosed CVE-2025-61882, a vulnerability impacting Oracle EBS that can result in unauthenticated remote code execution (RCE). While Oracle’s advisory did not explicitly state this vulnerability has been exploited in the wild (ITW), Oracle provided IOCs (such as IP addresses, observed commands, and files) suggesting ITW exploitation.¹

CVE-2025-61882 appears to align with at least some of the exploitation activity CrowdStrike has analyzed thus far.

Authentication Bypass

The observed activity appears to begin with an HTTP POST request to /OA_HTML/SyncServlet, which initiates the authentication-bypass portion of a multi-step exploit chain. On at least one confirmed occasion, authentication bypass was related to an administrative account within EBS.

Code Execution

To achieve code execution, the adversary targeted Oracle’s XML Publisher Template Manager by issuing GET and POST requests to /OA_HTML/RF.jsp and /OA_HTML/OA.jsp to upload and execute a malicious XSLT template. Commands in the malicious template are executed when the malicious template is previewed. Figure 1 documents example GET and POST requests used to upload and preview a malicious template.

The post CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882) appeared first on MASSIVE News.

At least one student killed, dozens injured after school collapses in East Java Province | DW News

wiredgorilla — Tue, 30 Sep 2025 07:04:45 +0000

Emergency workers in Indonesia are trying to rescue the dozens of students feared trapped under the rubble of their school after it collapsed during afternoon prayer. At least one student has died and dozens more were injured when the boarding school in East Java province caved in. Over 100 students have been evacuated. Hundreds of family members have gathered to wait for news of their loved ones as the rescue operation continues. DW correspondent Ferdinand Himawan reports.

#indonesia #eastjava #schoolcollapse
For more news go to: http://www.dw.com/en/

Follow DW on social media:
►Instagram: https://www.instagram.com/dwnews
►TikTok: https://www.tiktok.com/@dwnews
►Facebook: https://www.facebook.com/deutschewellenews/
►Twitter: https://twitter.com/dwnews

Für Videos in deutscher Sprache besuchen Sie: https://www.youtube.com/dwdeutsch

Subscribe: https://www.youtube.com/user/deutschewelleenglish?sub_confirmation=1

The post At least one student killed, dozens injured after school collapses in East Java Province | DW News appeared first on MASSIVE News.

What could possibly go wrong? DOGE to rapidly rebuild Social Security codebase.

Editor — Sat, 29 Mar 2025 14:08:49 +0000

Like many legacy government IT systems, SSA systems contain code written in COBOL, a programming language created in part in the 1950s by computing pioneer Grace Hopper. The Defense Department essentially pressured private industry to use COBOL soon after its creation, spurring widespread adoption and making it one of the most widely used languages for mainframes, or computer systems that process and store large amounts of data quickly, by the 1970s. (At least one DOD-related website praising Hopper’s accomplishments is no longer active, likely following the Trump administration’s DEI purge of military acknowledgements.)

As recently as 2016, SSA’s infrastructure contained more than 60 million lines of code written in COBOL, with millions more written in other legacy coding languages, the agency’s Office of the Inspector General found. In fact, SSA’s core programmatic systems and architecture haven’t been “substantially” updated since the 1980s when the agency developed its own database system called MADAM, or the Master Data Access Method, which was written in COBOL and Assembler, according to SSA’s 2017 modernization plan.

SSA’s core “logic” is also written largely in COBOL. This is the code that issues social security numbers, manages payments, and even calculates the total amount beneficiaries should receive for different services, a former senior SSA technologist who worked in the office of the chief information officer says. Even minor changes could result in cascading failures across programs.

“If you weren’t worried about a whole bunch of people not getting benefits or getting the wrong benefits, or getting the wrong entitlements, or having to wait ages, then sure go ahead,” says Dan Hon, principal of Very Little Gravitas, a technology strategy consultancy that helps government modernize services, about completing such a migration in a short timeframe.

It’s unclear when exactly the code migration would start. A recent document circulated amongst SSA staff laying out the agency’s priorities through May does not mention it, instead naming other priorities like terminating “non-essential contracts” and adopting artificial intelligence to “augment” administrative and technical writing.

The post What could possibly go wrong? DOGE to rapidly rebuild Social Security codebase. appeared first on MASSIVE News.