Dataproof Communications

Oracle E-Business Suite Unauth RCEThis week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The exploit chains multiple flaws—including SSRF, path traversal, HTTP request smuggling, and XSLT injection—to coerce the target into fetching and executing a malicious XSL file hosted...

Amazon Web Services (AWS) is pleased to announce the expansion of GSMA Security Accreditation Scheme for Subscription Management (SAS-SM) certification to four new AWS Regions: US West (Oregon), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Singapore). Additionally, the AWS US East (Ohio) and Europe (Paris) Regions have been recertified. All certifications are under the GSM Association...

One of the most common questions about secrets management strategies on Amazon Web Services (AWS) is whether an organization should centralize its secrets. Though this question is often focused on whether secrets should be centrally stored, there are four aspects of centralizing the secrets management process that need to be considered: creation, storage, rotation, and monitoring. In...

US lawmakers have extended the Cybersecurity Information Sharing Act of 2015 for another nine months, buying time to enact a replacement for the legislation. - Read more

Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system - Read more

Executive Summary In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and regularly updating the below lists to aid in post-quantum cryptography (PQC) adoption. The lists include hardware and software categories with...

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. - Read more

F5 Labs’ Weekly Threat Bulletin delivers fast, AI‑driven insights on emerging cyber threats with IoCs, mitigation tips, and expert‑validated guidance. - Read more

A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older ransomware family that shared the same name in 2016. The emergence of Osiris marks another addition to the...

Welcome to this week’s edition of the Threat Source newsletter. “Upon us all a little rain must fall” — Led Zeppelin, via Henry Wadsworth Longfellow  I recently bumped into a colleague with whom I spent several years working in an MSSP environment. We had very different roles within the organization, so our viewpoints, both then and now, were very different. He asked me the question I hear almost every time I speak somewhere: “What do you think...