Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC66...

EUVD-2026-25391

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing aka vishing and bogus...

EUVD-2021-16413

Malware in sbrugna...

EUVD-2023-38328

Malicious code in bioql PyPI...

CVE-2023-34240

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong...

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191901 Malicious code in time-check-server-get (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25b39f6b89687636c8f9e90e3c326bcfb64ecbfa2594850247d4d2e9646b9257 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. This allows attackers to make background tasks effective.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. Exploiting this vulnerability allows a malicious actor to make a background task effective...

Citrix Workspace app for Windows Security Bulletin CVE-2024-6286

Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspac...

Citrix Provisioning Security Bulletin CVE-2024-6150

Description of Problem A vulnerability has been discovered that impacts Citrix Provisioning. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of Citrix Provisioning Current Release CR Citrix Provisioning versions before 2402 Long Ter...

Cloud Software Group Security Advisory for CVE-2024-6387

Advisory for 3rd party CVE-2024-6387 Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. Because this vulnerability is a regression of...

The vulnerability of cloud software in creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ flaws, which allow attackers to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to bypass the 2FA authentication process...

Impact of HTTP/2 CONTINUATION frames being utilized for DoS attacks on Cloud Software Group Products

Cloud Software Group is aware of the reports describing HTTP/2 CONTINUATION frames being utilized for DoS attacks. HTTP/2 CONTINUATION frames can be utilized for DoS attacks HTTP/2 CONTINUATION Flood Cloud Software Group continues to investigate any potential impact on Cloud Software Group-manage...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution lies in the incorrect expiration time of user sessions, which allows attackers to intercept user sessions.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to incorrect session duration. Exploiting this vulnerability can allow attackers to intercept user sessions...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system lies in insufficiently checking incoming requests, allowing attackers to execute SSRF attacks.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system, related to the unencrypted storage of critical information, allows attackers to compromise the passwords of arbitrary users.

The vulnerability of cloud software for creating and using Nextcloud Server storage involves the unencrypted storage of critical information. Exploiting this vulnerability can allow attackers to disclose the passwords of arbitrary users...

Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products

Cloud Software Group will continue to update this post as additional information becomes available. Summary Google Chromium Heap-Based Buffer Overflow Vulnerability Cloud Software Group is aware of the vulnerabilities CVE-2023-4863 and CVE-2023-5217 that impact Chromium. CVE-2023-4863 description...

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions lies in the improper limitation on excessive authentication attempts, which allows a hacker to compromise the target system.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the lack of protection against brute-force attacks during password reset procedures. Exploiting this vulnerability could allow a malicious actor to crack the password reset links remotely...