Turn Cyber Threats Data into Actionable Visuals with AI Precision. Built for CISOs. Monitor. Analyze. Predict. At CloudSEK, we combine the power of Cyber Intelligence, Brand Monitoring, Attack Surface Monitoring, Infrastructure Monitoring and Supply Chain Intelligence to give context to our customers’ digital risks.

6 天之前 · On March 21, 2025, CloudSEK’s XVigil platform flagged a significant threat—a threat actor offering 6 million exfiltrated records from Oracle Cloud for sale. Despite Oracle’s public denial, our deep-dive investigation reveals a compromised production SSO endpoint, affecting over 140,000 tenants and exposing sensitive SSO and LDAP data.

4 天之前 · Researchers at CloudSEK have hit back, however, publishing a follow-up report which claims their investigation “paints a different picture”. CloudSEK said the threat actor provided a sample of customer data and a text file created on login.us2.oraclecloud.com – which researchers said equates to “evidence aligning with their claim that ...

At CloudSEK, we combine the power of Cyber Intelligence, Brand Monitoring, Attack Surface Monitoring, Infrastructure Monitoring and Supply Chain Intelligence to give context to our customers’ digital risks.

6 天之前 · Oracle is caught up in a cybersecurity mess right now, with claims about a massive data breach affecting its cloud infrastructure. Last week, Hackread.com published an article based on the findings of cybersecurity firm CloudSEK revealing that a threat actor had stolen 6 million records from Oracle Cloud.

6 天之前 · The Oracle Cloud data breach incident has taken a new turn. The Cybersecurity firm CloudSEK has unveiled evidence confirming the exposure of sensitive enterprise data via Oracle Cloud’s production Single Sign-On (SSO) endpoints. This contradicts Oracle’s denial of any breach, even as a threat actor is selling 6 million allegedly exfiltrated records.

5 天之前 · CloudSEK stated that the breach potentially impacts over 1,500 unique organisations and can lead to increased risk of unauthorised access and corporate espionage, along with financial and reputational risks. The firm and security experts continue to monitor the situation and encourage Oracle to take action by disclosing more details.

5 天之前 · CloudSEK communicated with the threat actor, determining that the breach likely occurred due to a possible zero-day WebLogic vulnerability "on login.(region-name).oraclecloud.com, leading to ...

2025年3月21日 · According to CloudSEK’s findings, the stolen data includes: The stolen data includes: JKS Files: These are digital keys used to secure systems. Encrypted SSO Passwords: These are login passwords that are scrambled to make them harder to read, but they can still be cracked. Key Files: These are special files that allow access to secure parts of a system.

2025年3月22日 · CloudSEK建议立即进行凭证轮换、彻底的事件响应和取证、持续的威胁情报监控，并与甲骨文安全团队联系以进行验证和缓解。他们还建议加强访问控制，以防止未来类似事件的发生。 参考来源： Oracle Denies Breach Amid Hacker’s Claim of Access to 6 Million Records