Blogs and Articles

In a chilling new twist on an old threat, cybercriminals are once again targeting YouTube creators—this time with an insidiously clever technique dubbed Clickflix. Masquerading as legitimate brand collaborations, attackers lure content creators into executing malicious PowerShell scripts that silently steal browser credentials, crypto wallet data, and more. CloudSEK's latest investigation dives deep into this fast-evolving campaign, exposing how the attackers weaponize fake Microsoft portals, manipulate clipboard actions, and maintain stealthy persistence. If you’re a creator, security professional, or simply curious about the latest in malware innovation—this report is a must-read.

On March 21, 2025, CloudSEK’s XVigil platform flagged a significant threat—a threat actor offering 6 million exfiltrated records from Oracle Cloud for sale. Despite Oracle’s public denial, our deep-dive investigation reveals a compromised production SSO endpoint, affecting over 140,000 tenants and exposing sensitive SSO and LDAP data. Our report outlines verified evidence of the breach. At CloudSEK, we prioritize transparency and preparedness. This detailed follow-up not only challenges initial denials but equips enterprises with actionable steps to assess and secure their environments. Read the full report to uncover the evidence, understand the impact, and strengthen your defenses.

CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle

Many organizations use Apache ActiveMQ to streamline messaging, but default configurations can leave them vulnerable to cyberattacks. BeVigil’s security analysis uncovered multiple exposed ActiveMQ instances with default admin credentials, putting systems at risk of Remote Code Execution (RCE). This blog highlights the critical vulnerabilities, explains how attackers can exploit them, and provides actionable security measures to mitigate risks. From patching and updating to strengthening access controls and regular audits, discover how to fortify your messaging infrastructure and stay ahead of cyber threats. Read more to protect your system before it's too late!

Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.

Ever bought a product online, convinced by its glowing five-star reviews, only to receive something completely different—or worse, useless? You're not alone. The rise of fake review networks is distorting the trust we place in eCommerce platforms. Behind the scenes, sellers and marketing agencies are orchestrating elaborate scams, using WhatsApp and Telegram groups to flood product listings with deceptive praise. From refund-for-review schemes to “empty box deals,” these tactics don’t just trick shoppers—they undermine honest businesses and erode trust in online shopping. Let’s dive into the dark underbelly of eCommerce and uncover how fake reviews are shaping what we buy.

Imagine thousands of fake identity documents being generated at the click of a button—Aadhaar cards, PAN cards, birth certificates—all convincingly real, but entirely fraudulent. That’s exactly what the "PrintSteal" operation has been doing on a massive scale. This investigation uncovers a highly organized criminal network running over 1,800 fake domains, impersonating government websites, and using cyber cafés, Telegram groups, and illicit APIs to distribute fraudulent KYC documents. With over 167,000 fake documents created and ₹40 Lakh in illicit profits, this isn’t just fraud—it’s a direct attack on India’s digital security. The full report dives into how this scam works, who’s behind it, and what needs to be done to stop it. If you care about financial security, digital identity protection, or cybercrime prevention, you won’t want to miss it. Read on to uncover the full story.

APIs are the backbone of modern digital applications, but a single misconfiguration can expose sensitive data and cripple security. BeVigil’s latest security analysis uncovered a major vulnerability: weak API access controls allowing unauthorized access to customer profiles, banking details, and critical transactions. From exposed documentation to flawed authentication mechanisms, the risks were alarming. This blog dives deep into the findings, showing how BeVigil identified and mitigated these vulnerabilities—so your business doesn’t become the next victim. Read on to learn how to secure your APIs before attackers exploit them!

Mobile applications are vital for businesses but often come with hidden security risks. This blog highlights how BeVigil’s Mobile App Scanner uncovered a major vulnerability in a widely-used Android app, exposing hardcoded Salesforce API keys and tokens. These credentials could have granted unauthorized access to sensitive data, posing a serious security threat. BeVigil’s assessment detected and mitigated these risks by revoking exposed keys, securing API access, and implementing stricter access controls. This case emphasizes the need for proactive security measures, regular audits, and secure coding practices to safeguard digital assets and maintain customer trust.