Cybersecurity Today Cybersecurity Update: Incorrect Company Naming, Major Breaches, and New Malware Campaigns
Nov 27, 2025
This update dives into a significant data theft affecting U.S. banks linked to a financial tech vendor. The host covers the CLOP group's exploitation of Oracle's vulnerabilities targeting Broadcom. Listeners will learn about the SteelC malware cleverly disguised in Blender 3D models, as well as the Shai-Hulud attack infiltrating NPM packages. The discussion also highlights a sophisticated phishing scam using similar domains to trick Microsoft users. Practical tips are provided to help safeguard against these threats.
AI Snips
Chapters
Transcript
Episode notes
Host Corrects Company Naming Error
- Jim Love recounts misnaming a breached company and issuing a corrected recording with apologies.
- He thanks listeners who alerted him and notes Ascensus was not involved in the incident.
Data-Theft At Financial Recordkeeper
- Citus AMC reported a data-theft incident affecting US banks and third parties without encrypting systems.
- The FBI is investigating while affected institutions assess scope and exposure.
Zero-Day Exploits Hit Oracle Users
- CLOP is exploiting zero-days in Oracle's E-Business Suite and publicly naming alleged victims.
- Broadcom says it patched and examined systems but hasn't confirmed a damaging breach.