Broadcom
Company Details
Linkedin ID:
broadcom
Website:
Employees number:
53,946
Number of followers:
589,166
NAICS:
3344
Industry Type:
Homepage:
broadcom.com
IP Addresses:
367
Company ID:
BRO_3083730
Scan Status:
Completed
Broadcom Company CyberSecurity Posture
broadcom.com
A global infrastructure technology leader built on more than 60 years of innovation, collaboration and engineering excellence.
Broadcom A.I CyberSecurity Scoring
Broadcom Risk Score (AI oriented)Between 700 and 749
Broadcom
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Broadcom Global Score (TPRM)XXXX
Broadcom
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Broadcom Company CyberSecurity News & History
Past Incidents
8
Attack Types
3
Broadcom
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: U.S.-based semiconductor giant **Broadcom** suffered a **third-party ransomware attack** in September, targeting **Business Systems House (BSH)**, a partner of its former payroll provider **ADP**. The breach, attributed to the **El Dorado ransomware gang** (linked to BlackLock), resulted in the theft of **Middle Eastern employees' sensitive data**, including birthdates, email addresses, phone numbers, home addresses, national ID numbers, health insurance details (IDs, policy numbers), financial account numbers, salary information, and employment termination dates. While ADP clarified that only a **'small subset' of clients in select Middle Eastern countries** were affected and denied direct involvement or ransom payments, the incident occurred during Broadcom’s transition to a new payroll provider. The full scope of the breach remains undisclosed, but the compromised data poses significant risks of identity theft, financial fraud, and reputational harm to affected employees.
Broadcom
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A ransomware attack targeted **Business Systems House (BSH)**, a Middle Eastern payroll partner of **ADP**, in **September 2024**, leading to the theft of **Broadcom’s employee data**. The compromised data was leaked online in **December 2024**, but Broadcom was not notified until **May 2025**—an eight-month delay. The **El Dorado ransomware group** claimed responsibility, exploiting Broadcom’s ongoing transition between payroll providers. The breach exposed sensitive employee information, including personal and financial details, while Broadcom was still dependent on ADP and BSH for payroll processing. The incident underscores critical vulnerabilities in **third-party supply chain security**, particularly during vendor transitions, and highlights the prolonged risks of undetected data exfiltration in ransomware attacks. The delayed disclosure further exacerbated reputational and operational risks for Broadcom, a global semiconductor and infrastructure software leader.
Broadcom
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Broadcom, a global technology leader valued at hundreds of billions, was among the high-profile victims of **Cl0p’s ransomware attack** exploiting a **zero-day vulnerability in Oracle’s E-Business Suite (CVE-2025-61882 and CVE-2025-21884)**. The cybercriminal group **exfiltrated sensitive corporate and customer data**, threatening to leak or sell it unless a ransom was paid. The breach compromised critical systems, risking **financial records, proprietary business data, and third-party customer information**. Cl0p’s extortion tactics included warnings of **public disclosure on their blog, torrent leaks, or sales to malicious actors**, amplifying reputational and operational risks. Given Broadcom’s role in semiconductor and infrastructure technology, the attack posed **supply chain cascading risks**, potentially disrupting clients reliant on its products. Oracle issued emergency patches, but the damage—including **data theft, potential regulatory fines, and erosion of stakeholder trust**—had already occurred. The incident underscores vulnerabilities in enterprise software dependencies, with Broadcom facing **long-term financial and strategic repercussions** if the stolen data is weaponized.
Broadcom
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The **Cl0p ransomware gang** breached **Broadcom**, a $300+ billion semiconductor and infrastructure software leader, by exploiting an **unpatched zero-day vulnerability in Oracle E-Business Suite**. This ERP platform manages critical operations, including **supply chain, financial systems, and customer data**, making it a high-value target. The attackers likely **exfiltrated sensitive corporate data** (potentially including **intellectual property, manufacturing secrets, and customer information**) before deploying ransomware, following Cl0p’s typical double-extortion tactic. The breach risks **operational disruptions in global manufacturing**, **regulatory penalties for data exposure**, and **reputational damage** due to the involvement of a notorious ransomware group. The use of a **zero-day exploit** amplifies the threat, as other organizations using Oracle E-Business Suite may face similar attacks until a patch is released. Broadcom has not confirmed the incident, but the alleged compromise aligns with Cl0p’s pattern of targeting **high-value enterprises** via unpatched vulnerabilities in widely used software.
Broadcom
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: A critical security vulnerability has been discovered in Broadcom’s Symantec Endpoint Management Suite that enables unauthenticated remote code execution, posing significant risks to enterprise IT infrastructure. The flaw, designated CVE-2025-5333 with a severe CVSS v4.0 score of 9.5, affects multiple versions of the widely-deployed endpoint management solution and has prompted immediate mitigation recommendations from security experts. The vulnerability resides in the Symantec Altiris Inventory Rule Management (IRM) component, specifically targeting an exposed legacy .NET Remoting endpoint.
Broadcom (VMware)
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Broadcom patched a **high-severity privilege escalation vulnerability (CVE-2025-41244)** in **VMware Aria Operations** and **VMware Tools**, actively exploited since **October 2024** by **UNC5174**, a **Chinese state-sponsored threat actor** linked to China’s Ministry of State Security (MSS). The flaw allows an **unprivileged local attacker** to escalate privileges to **root-level code execution** by staging a malicious binary in paths like `/tmp/httpd` and exploiting VMware’s service discovery mechanism. UNC5174, known for selling network access to **U.S. defense contractors, UK government entities, and Asian institutions**, previously exploited **CVE-2023-46747 (F5 BIG-IP)**, **CVE-2024-1709 (ConnectWise ScreenConnect)**, and **CVE-2025-31324 (SAP NetWeaver)**.The vulnerability poses a **critical risk** as it enables **full system compromise**, potentially allowing attackers to **move laterally across networks**, **steal sensitive data**, or **deploy additional malware**. While no **direct data breach or ransomware** was confirmed in this case, the exploitation by a **state-backed APT group** suggests **espionage or pre-positioning for future attacks**. Broadcom also patched **two other high-severity VMware NSX flaws** reported by the **NSA**, indicating a broader pattern of **targeted cyber operations** against enterprise infrastructure.
Symantec
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Security firm Symantec was attacked by a hacker back in February 2021 in which the hackers extracted some of the data. This comprises not only passwords but a list of Symantec clients -- including government agencies. The hacker was able to access a list of clients using Symantec's CloudSOC services, account managers and account numbers.
Symantec
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Tavis Ormandy identified Symantec and Norton flaws that cybercriminals may use to gain access to users' data. There were 17 items on the list of vulnerable Symantec enterprise products. On the Symantec website, these items had been listed as a security advisory. Malware concealed in an executable file had a chance to obtain total access to the computer running the operating system, it was discovered that Symantec decompressed files in the operating system's kernel.
Broadcom Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Broadcom
Incidents vs Semiconductor Manufacturing Industry Average (This Year)
Broadcom has 545.16% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Broadcom has 525.0% more incidents than the average of all companies with at least one recorded incident.
Incident Types Broadcom vs Semiconductor Manufacturing Industry Avg (This Year)
Broadcom reported 4 incidents this year: 0 cyber attacks, 3 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Broadcom (X = Date, Y = Severity)
Broadcom cyber incidents detection timeline including parent company and subsidiaries
Broadcom Company Subsidiaries
A global infrastructure technology leader built on more than 60 years of innovation, collaboration and engineering excellence.
Loading...
Broadcom Similar Companies
STMicroelectronics
ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities an
AMD
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedde
KLA develops industry-leading equipment and services that enable innovation throughout the electronics industry. We provide advanced process control and process-enabling solutions for manufacturing wafers and reticles, integrated circuits, packaging and printed circuit boards. In close collaboration
Semiconductors are crucial to solve the energy challenges of our time and shape the digital transformation. This is why Infineon is committed to actively driving decarbonization and digitalization. As a global semiconductor leader in power systems and IoT, we enable game-changing solutions for green
ASML
Who are we? ASML is an innovation leader in the global semiconductor industry. We make machines that chipmakers use to mass produce microchips. Founded in 1984 in the Netherlands with just a handful of employees, we’ve now grown to over 40,000 employees, 143 nationalities and more than 60 locations
Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and
Lam Research
Lam Research Corp. (NASDAQ:LRCX) At Lam Research, we create equipment that drives technological advancements in the semiconductor industry. Our innovative solutions enable chipmakers to power progress in nearly all aspects of modern life, and it takes each member of our team to make it possible. A
TSMC
Established in 1987, TSMC is the world's first dedicated semiconductor foundry. As the founder and a leader of the Dedicated IC Foundry segment, TSMC has built its reputation by offering advanced and "More-than-Moore" wafer production processes and unparalleled manufacturing efficiency. From its in
Microchip Technology Inc. is a leading semiconductor supplier of smart, connected and secure embedded control solutions. Its easy-to-use development tools and comprehensive product portfolio enable customers to create optimal designs which reduce risk while lowering total system cost and time to mar
.png)
Broadcom CyberSecurity News
November 13, 2025 03:03 AM
Broadcom expands VMware Cloud to boost AI & private cloud
Broadcom broadens VMware Cloud Foundation with AI ReadyNodes, open networking, and enhanced hardware certification for flexible private...
November 10, 2025 08:35 PM
How I Found My Calling in Mainframe Cybersecurity
Read to see how Adia Sakura-Lemessy leaned into her cybersecurity interests, discovered the world of mainframe—and launched a rewarding...
November 10, 2025 04:15 PM
Modernize. Defend. Comply.
EU cyber threats are escalating. With ransomware attacks, phishing, and nation-state activity on the rise, intensifying pressure is being...
October 30, 2025 07:00 AM
U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Expl...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws...
October 13, 2025 07:00 AM
OpenAI and Broadcom Announce Multi-Year Partnership to Develop Next-Generation AI Accelerator and Networking Systems
OpenAI and Broadcom partner to develop next-gen AI accelerators and network systems, aiming for depl.
October 02, 2025 07:00 AM
Broadcom patches VMware zero-day exploited for nearly a year
Broadcom patches a VMware zero-day flaw exploited for nearly a year, allowing attackers root access to virtual machines in certain...
October 01, 2025 07:00 AM
Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability
A newly patched VMware vulnerability has been exploited as a zero-day by Chinese hackers since October 2024.
October 01, 2025 07:00 AM
Broadcom Patches VMware Zero-Day Exploited by Chinese Hackers Since 2024
In a move that has raised eyebrows among cybersecurity experts, Broadcom Inc. recently patched a high-severity vulnerability in its VMware...
September 19, 2025 05:24 AM
KuppingerCole Leadership Compass, Email Security (2025)
Broadcom is proud to be named an Overall Leader for Email Security by KuppingerCole. Broadcom's Symantec Email Security.cloud and Symantec Messaging Gateway...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Broadcom CyberSecurity History Information
Official Website of Broadcom
The official website of Broadcom is http://www.broadcom.com.
Broadcom’s AI-Generated Cybersecurity Score
According to Rankiteo, Broadcom’s AI-generated cybersecurity score is 704, reflecting their Moderate security posture.
How many security badges does Broadcom’ have ?
According to Rankiteo, Broadcom currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Broadcom have SOC 2 Type 1 certification ?
According to Rankiteo, Broadcom is not certified under SOC 2 Type 1.
Does Broadcom have SOC 2 Type 2 certification ?
According to Rankiteo, Broadcom does not hold a SOC 2 Type 2 certification.
Does Broadcom comply with GDPR ?
According to Rankiteo, Broadcom is not listed as GDPR compliant.
Does Broadcom have PCI DSS certification ?
According to Rankiteo, Broadcom does not currently maintain PCI DSS compliance.
Does Broadcom comply with HIPAA ?
According to Rankiteo, Broadcom is not compliant with HIPAA regulations.
Does Broadcom have ISO 27001 certification ?
According to Rankiteo,Broadcom is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Broadcom
Broadcom operates primarily in the Semiconductor Manufacturing industry.
Number of Employees at Broadcom
Broadcom employs approximately 53,946 people worldwide.
Subsidiaries Owned by Broadcom
Broadcom presently has no subsidiaries across any sectors.
Broadcom’s LinkedIn Followers
Broadcom’s official LinkedIn profile has approximately 589,166 followers.
NAICS Classification of Broadcom
Broadcom is classified under the NAICS code 3344, which corresponds to Semiconductor and Other Electronic Component Manufacturing.
Broadcom’s Presence on Crunchbase
No, Broadcom does not have a profile on Crunchbase.
Broadcom’s Presence on LinkedIn
Yes, Broadcom maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/broadcom.
Cybersecurity Incidents Involving Broadcom
As of November 27, 2025, Rankiteo reports that Broadcom has experienced 8 cybersecurity incidents.
Number of Peer and Competitor Companies
Broadcom has an estimated 1,246 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Broadcom ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Breach and Ransomware.
How does Broadcom detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with block port 4011 on firewalls, containment measures with configure the irm_hostedserviceurl core setting with an empty value and restart the altiris inventory rule management service, and remediation measures with limit .net remoting access to localhost-only in upcoming releases, and incident response plan activated with yes (broadcom patch release), and third party assistance with nviso (vulnerability reporting and poc), third party assistance with google mandiant (threat actor analysis), and containment measures with patch release for cve-2025-41244, containment measures with previous patches for cve-2025-22224, cve-2025-22225, cve-2025-22226 (march 2024), containment measures with nsx vulnerabilities patched (november 2024), and communication strategy with public disclosure via the register; adp issued a statement clarifying limited impact and no ransom payment, and network segmentation with recommended for organizations using oracle e-business suite, and enhanced monitoring with recommended: review security logs for unauthorized access, deploy edr solutions, and and third party assistance with mandiant (google-owned cybersecurity firm), and containment measures with oracle security patches (cve-2025-61882, cve-2025-21884), and remediation measures with patch application for oracle ebs vulnerabilities, and communication strategy with oracle security alerts to customers, communication strategy with public disclosure via media..
Incident Details
Can you provide details on each incident ?
Title: Symantec Data Breach
Description: Security firm Symantec was attacked by a hacker in February 2021, resulting in the extraction of data including passwords and a list of Symantec clients, including government agencies.
Date Detected: 2021-02-01
Type: Data Breach
Title: Symantec and Norton Vulnerabilities Identified by Tavis Ormandy
Description: Tavis Ormandy identified Symantec and Norton flaws that cybercriminals may use to gain access to users' data. There were 17 items on the list of vulnerable Symantec enterprise products. On the Symantec website, these items had been listed as a security advisory. Malware concealed in an executable file had a chance to obtain total access to the computer running the operating system, it was discovered that Symantec decompressed files in the operating system's kernel.
Type: Vulnerability Exploit
Attack Vector: Executable File
Vulnerability Exploited: File Decompression in Kernel
Motivation: Data Theft
Title: Critical Security Vulnerability in Broadcom’s Symantec Endpoint Management Suite
Description: A critical security vulnerability (CVE-2025-5333) has been discovered in Broadcom’s Symantec Endpoint Management Suite that enables unauthenticated remote code execution, posing significant risks to enterprise IT infrastructure.
Date Detected: May 2025
Type: Vulnerability
Attack Vector: Unauthenticated Remote Code Execution (RCE)
Vulnerability Exploited: CVE-2025-5333
Title: Broadcom Patches High-Severity VMware Aria Operations and VMware Tools Privilege Escalation Vulnerability (CVE-2025-41244) Exploited by UNC5174
Description: Broadcom has patched a high-severity privilege escalation vulnerability (CVE-2025-41244) in its VMware Aria Operations and VMware Tools software, exploited in zero-day attacks since October 2024. The vulnerability allows unprivileged local attackers to escalate privileges to root-level code execution by staging a malicious binary in broadly-matched regex paths (e.g., /tmp/httpd). The attacks have been linked to the Chinese state-sponsored threat actor UNC5174, a contractor for China's Ministry of State Security (MSS). NVISO released a proof-of-concept exploit demonstrating the flaw's exploitation.
Date Detected: 2024-05-01
Date Publicly Disclosed: 2024-11-05
Type: Privilege Escalation
Attack Vector: LocalMalicious Binary StagingService Discovery Abuse
Vulnerability Exploited: CVE-2025-41244 (VMware Aria Operations and VMware Tools Privilege Escalation)
Threat Actor: UNC5174 (Chinese state-sponsored, linked to Ministry of State Security - MSS)
Motivation: EspionageFinancial Gain (selling network access)Cyber Warfare
Title: Ransomware Attack on Business Systems House (BSH) Leading to Broadcom Employee Data Theft
Description: A ransomware attack on Business Systems House (BSH), a Middle Eastern partner of payroll provider ADP, resulted in the theft of Broadcom employee data in September 2024. The data was leaked online in December 2024, but Broadcom was not informed until May 2025. The El Dorado ransomware group claimed responsibility. The breach occurred during Broadcom's transition away from ADP and BSH as payroll providers.
Date Detected: 2024-09
Date Publicly Disclosed: 2025-05
Type: ransomware
Attack Vector: third-party vendor (BSH, a regional partner of ADP)
Threat Actor: El Dorado ransomware group
Motivation: financial gaindata theft
Title: Broadcom Middle Eastern Employees' Data Breach via Third-Party Ransomware Attack
Description: U.S. multinational semiconductor manufacturing company Broadcom had its Middle Eastern employees' data stolen following a September ransomware attack against **Business Systems House (BSH)**, a partner of its former payroll services provider **ADP**. The breach, claimed by the **El Dorado ransomware gang** (linked to **BlackLock**), occurred during Broadcom's transition to another payroll provider. Compromised data may include employees' birthdates, email addresses, phone numbers, home addresses, national ID numbers, national health insurance ID numbers, health insurance policy numbers, financial account numbers, salary details, and employment termination dates. ADP stated the incident impacted only a 'small subset' of clients in some Middle Eastern countries and confirmed no ransom was paid by ADP or BSH (to their knowledge).
Type: data breach
Attack Vector: supply chain attackthird-party compromise (payroll provider partner)
Threat Actor: El Dorado ransomware gangBlackLock operation
Motivation: financial gain (ransomware)
Title: Cl0p Ransomware Gang Claims Breach of Broadcom via Zero-Day in Oracle E-Business Suite
Description: The Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. The attackers allegedly exploited an unpatched zero-day vulnerability in Oracle E-Business Suite to gain initial access. The incident follows a pattern of Cl0p targeting high-value enterprise systems using zero-day and known vulnerabilities. Broadcom has not issued an official statement, and the claim remains unverified by independent security researchers. The vulnerability allows arbitrary code execution, persistent access, and lateral movement across corporate networks. Cl0p is known for combining zero-day exploitation with credential theft and data exfiltration before deploying ransomware.
Type: ransomware
Attack Vector: zero-day vulnerability in Oracle E-Business Suitearbitrary code executionlateral movementcredential theftdata exfiltration
Vulnerability Exploited: Unpatched zero-day vulnerability in Oracle E-Business Suite (arbitrary code execution)
Threat Actor: Cl0p ransomware gang
Motivation: financial gain (ransomware)data theft for extortiondisruption of high-value enterprise targets
Title: Cl0p Exploits Zero-Day Vulnerabilities in Oracle E-Business Suite Leading to Massive Data Breaches
Description: The cybercriminal group Cl0p exploited two zero-day vulnerabilities (CVE-2025-61882 and CVE-2025-21884) in Oracle’s E-Business Suite (EBS), leading to data breaches in over 100 companies, including Broadcom, Estée Lauder, Mazda, and Canon. The group demanded significant ransom payments, threatening to leak or sell exfiltrated data if unpaid. Oracle issued security patches, but the attacks had already compromised sensitive corporate and customer data across multiple industries and geographies.
Date Detected: 2023-09-01
Date Publicly Disclosed: 2023-11-20
Type: Ransomware
Attack Vector: Zero-Day Exploit (CVE-2025-61882, CVE-2025-21884)Unauthenticated HTTP RequestsData Exfiltration
Threat Actor: Cl0p (Clop)
Motivation: Financial Gain (Ransomware Extortion)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Executable File, Port 4011, Exploitation of CVE-2025-41244 (privilege escalation via /tmp/httpd)Previous exploits: CVE-2023-46747 (F5 BIG-IP), CVE-2024-1709 (ConnectWise ScreenConnect), CVE-2025-31324 (NetWeaver Visual Composer), unpatched zero-day vulnerability in Oracle E-Business Suite, Zero-day vulnerabilities in Oracle EBS (CVE-2025-61882 and CVE-2025-21884).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SYM1336271222
Data Compromised: Passwords, List of symantec clients, Government agencies, List of clients using symantec's cloudsoc services, Account managers, Account numbers
Incident : Vulnerability Exploit SYM44121823
Systems Affected: Symantec Enterprise Products
Incident : Vulnerability BRO809071525
Systems Affected: Symantec Endpoint Management Suite 8.6.x-8.8
Incident : Privilege Escalation BRO4592445093025
Systems Affected: VMware Aria Operations (credential-based mode)VMware Tools (credential-less mode)
Operational Impact: Potential root-level code execution on vulnerable VMs, leading to full system compromise
Brand Reputation Impact: High (zero-day exploitation by state-sponsored actor, multiple high-profile vulnerabilities in 2024)
Incident : ransomware BRO3362533111725
Data Compromised: Broadcom employee data
Brand Reputation Impact: negative (ripples through tech and cybersecurity community)
Identity Theft Risk: potential (employee data exposed)
Incident : data breach BRO4981349111725
Data Compromised: Birthdates, Email addresses, Phone numbers, Home addresses, National id numbers, National health insurance id numbers, Health insurance policy numbers, Financial account numbers, Salary details, Employment termination dates
Brand Reputation Impact: potential reputational harm due to sensitive employee data exposure
Identity Theft Risk: high (due to exposure of PII and financial data)
Payment Information Risk: high (financial account numbers compromised)
Incident : ransomware BRO0893008112125
Systems Affected: Oracle E-Business Suitesupply chain operationsfinancial systemscustomer datamanufacturing operationsresearch data
Operational Impact: potential disruption of manufacturing operationssupply chain interruptionsglobal infrastructure risks
Brand Reputation Impact: high (targeting a $300B+ company)potential loss of trust in supply chain security
Legal Liabilities: potential regulatory compliance violations (e.g., data protection laws)
Incident : Ransomware BRO3105131112625
Systems Affected: Oracle E-Business Suite (EBS) versions 12.2.3–12.2.14
Operational Impact: Significant (data exfiltration, potential system compromise)
Brand Reputation Impact: High (public disclosure of breaches, ransom demands)
Identity Theft Risk: High (PII and sensitive corporate data exfiltrated)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Passwords, List Of Symantec Clients, Government Agencies, List Of Clients Using Symantec'S Cloudsoc Services, Account Managers, Account Numbers, , Employee Data, , Personally Identifiable Information (Pii), Financial Data, Employment Records, Health Insurance Details, , Potential: Corporate Data (Supply Chain, Financial, Customer), Intellectual Property (Research Data), , Corporate Data, Customer Data, Sensitive Business Information and .
Which entities were affected by each incident ?
Incident : Data Breach SYM1336271222
Entity Name: Symantec
Entity Type: Security Firm
Industry: Cybersecurity
Incident : Vulnerability Exploit SYM44121823
Entity Name: Symantec
Entity Type: Company
Industry: Cybersecurity
Incident : Vulnerability BRO809071525
Entity Name: Broadcom
Entity Type: Organization
Industry: Technology
Incident : Privilege Escalation BRO4592445093025
Entity Name: Broadcom (VMware)
Entity Type: Technology Corporation
Industry: Software/Cloud Infrastructure
Location: United States (Global Operations)
Size: Large Enterprise
Incident : Privilege Escalation BRO4592445093025
Entity Name: U.S. Defense Contractors (via UNC5174 access sales)
Entity Type: Private/Government Contractors
Industry: Defense
Location: United States
Incident : Privilege Escalation BRO4592445093025
Entity Name: UK Government Entities (via UNC5174 access sales)
Entity Type: Government
Industry: Public Sector
Location: United Kingdom
Incident : Privilege Escalation BRO4592445093025
Entity Name: Asian Institutions (via UNC5174 access sales)
Entity Type: Government/Private
Industry: Multiple Sectors
Location: Asia
Incident : Privilege Escalation BRO4592445093025
Entity Name: U.S. and Canadian Institutions (via CVE-2024-1709 exploitation)
Entity Type: Multiple
Industry: Multiple Sectors
Location: United States, Canada
Customers Affected: Hundreds (per February 2024 attacks)
Incident : ransomware BRO3362533111725
Entity Name: Broadcom Inc.
Entity Type: multinational corporation
Industry: semiconductor, infrastructure software
Location: global (HQ in San Jose, California, USA)
Incident : ransomware BRO3362533111725
Entity Name: Business Systems House (BSH)
Entity Type: regional payroll service provider
Industry: payroll services
Location: Middle East
Customers Affected: Broadcom employees (data compromised)
Incident : ransomware BRO3362533111725
Entity Name: ADP (Automatic Data Processing)
Entity Type: payroll services giant
Industry: HR and payroll services
Location: global (HQ in Roseland, New Jersey, USA)
Incident : data breach BRO4981349111725
Entity Name: Broadcom Inc.
Entity Type: public company
Industry: semiconductor manufacturing
Location: United States (global operations, breach impacted Middle Eastern employees)
Size: large (multinational)
Incident : data breach BRO4981349111725
Entity Name: Business Systems House (BSH)
Entity Type: private company (ADP partner)
Industry: payroll services
Location: Middle East
Customers Affected: small subset of clients (including Broadcom)
Incident : data breach BRO4981349111725
Entity Name: ADP (Automatic Data Processing)
Entity Type: public company
Industry: payroll and HR services
Location: United States (global operations)
Size: large
Customers Affected: small subset of Middle Eastern clients
Incident : ransomware BRO0893008112125
Entity Name: Broadcom Inc.
Entity Type: public company
Industry: semiconductor manufacturing, infrastructure software
Location: global (HQ: San Jose, California, USA)
Size: $300+ billion market cap
Incident : Ransomware BRO3105131112625
Entity Name: Oracle
Entity Type: Corporation
Industry: Technology (Enterprise Software)
Location: United States
Size: Large (Fortune 500)
Incident : Ransomware BRO3105131112625
Entity Name: Broadcom
Entity Type: Corporation
Industry: Semiconductors/Technology
Location: United States
Size: Large (Fortune 500)
Incident : Ransomware BRO3105131112625
Entity Name: Estée Lauder Companies
Entity Type: Corporation
Industry: Cosmetics/Retail
Location: United States
Size: Large (Fortune 500)
Incident : Ransomware BRO3105131112625
Entity Name: Mazda
Entity Type: Corporation
Industry: Automotive
Location: Japan
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Canon
Entity Type: Corporation
Industry: Technology/Imaging
Location: Japan
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Michelin
Entity Type: Corporation
Industry: Automotive/Tires
Location: France
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Humana
Entity Type: Corporation
Industry: Healthcare/Insurance
Location: United States
Size: Large (Fortune 500)
Incident : Ransomware BRO3105131112625
Entity Name: Fruit of the Loom
Entity Type: Corporation
Industry: Apparel
Location: United States
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Abbott Laboratories
Entity Type: Corporation
Industry: Healthcare/Pharmaceuticals
Location: United States
Size: Large (Fortune 500)
Incident : Ransomware BRO3105131112625
Entity Name: Grupo Bimbo
Entity Type: Corporation
Industry: Food/Baking
Location: Mexico
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: A10 Networks
Entity Type: Corporation
Industry: Technology/Networking
Location: United States
Size: Mid-Large
Incident : Ransomware BRO3105131112625
Entity Name: Envoy
Entity Type: Corporation
Industry: Technology/Workplace Solutions
Location: United States
Size: Mid-Large
Incident : Ransomware BRO3105131112625
Entity Name: Greater Cleveland RTA
Entity Type: Government Agency
Industry: Transportation
Location: United States
Size: Mid
Incident : Ransomware BRO3105131112625
Entity Name: Frontrol
Entity Type: Corporation
Industry: Technology/Security
Incident : Ransomware BRO3105131112625
Entity Name: MAS Holdings
Entity Type: Corporation
Industry: Apparel/Manufacturing
Location: Sri Lanka
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Trane Technologies
Entity Type: Corporation
Industry: HVAC/Manufacturing
Location: United States
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Treet Corp
Entity Type: Corporation
Industry: Manufacturing
Incident : Ransomware BRO3105131112625
Entity Name: University of Phoenix
Entity Type: Educational Institution
Industry: Education
Location: United States
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: L&L Products
Entity Type: Corporation
Industry: Automotive/Manufacturing
Location: United States
Size: Mid-Large
Incident : Ransomware BRO3105131112625
Entity Name: Worley
Entity Type: Corporation
Industry: Engineering/Consulting
Location: Australia
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Fleet Management Limited
Entity Type: Corporation
Industry: Logistics/Transportation
Incident : Ransomware BRO3105131112625
Entity Name: Alshaya Group
Entity Type: Corporation
Industry: Retail/Hospitality
Location: Kuwait
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Bechtel Corporation
Entity Type: Corporation
Industry: Construction/Engineering
Location: United States
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: WellBiz Brands, Inc.
Entity Type: Corporation
Industry: Retail/Wellness
Location: United States
Size: Mid
Incident : Ransomware BRO3105131112625
Entity Name: Dooney & Bourke
Entity Type: Corporation
Industry: Luxury Accessories
Location: United States
Size: Mid
Incident : Ransomware BRO3105131112625
Entity Name: Greenball
Entity Type: Corporation
Industry: Manufacturing
Incident : Ransomware BRO3105131112625
Entity Name: Sumitomo Chemical
Entity Type: Corporation
Industry: Chemicals
Location: Japan
Size: Large
Incident : Ransomware BRO3105131112625
Entity Name: Aljomaih Automotive Company (AAC)
Entity Type: Corporation
Industry: Automotive
Location: Saudi Arabia
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability BRO809071525
Containment Measures: Block port 4011 on firewallsConfigure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service
Remediation Measures: Limit .NET Remoting access to localhost-only in upcoming releases
Incident : Privilege Escalation BRO4592445093025
Incident Response Plan Activated: Yes (Broadcom patch release)
Third Party Assistance: Nviso (Vulnerability Reporting And Poc), Google Mandiant (Threat Actor Analysis).
Containment Measures: Patch release for CVE-2025-41244Previous patches for CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 (March 2024)NSX vulnerabilities patched (November 2024)
Incident : data breach BRO4981349111725
Communication Strategy: public disclosure via The Register; ADP issued a statement clarifying limited impact and no ransom payment
Incident : ransomware BRO0893008112125
Network Segmentation: ['recommended for organizations using Oracle E-Business Suite']
Enhanced Monitoring: recommended: review security logs for unauthorized access, deploy EDR solutions
Incident : Ransomware BRO3105131112625
Incident Response Plan Activated: True
Third Party Assistance: Mandiant (Google-Owned Cybersecurity Firm).
Containment Measures: Oracle security patches (CVE-2025-61882, CVE-2025-21884)
Remediation Measures: Patch application for Oracle EBS vulnerabilities
Communication Strategy: Oracle security alerts to customersPublic disclosure via media
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (Broadcom patch release), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through NVISO (vulnerability reporting and PoC), Google Mandiant (threat actor analysis), , Mandiant (Google-owned cybersecurity firm), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SYM1336271222
Type of Data Compromised: Passwords, List of symantec clients, Government agencies, List of clients using symantec's cloudsoc services, Account managers, Account numbers
Incident : ransomware BRO3362533111725
Type of Data Compromised: Employee data
Sensitivity of Data: high (employee records)
Data Exfiltration: yes (leaked online in December 2024)
Personally Identifiable Information: likely (employee data)
Incident : data breach BRO4981349111725
Type of Data Compromised: Personally identifiable information (pii), Financial data, Employment records, Health insurance details
Sensitivity of Data: high (includes national IDs, financial accounts, and health insurance details)
Incident : ransomware BRO0893008112125
Type of Data Compromised: Potential: corporate data (supply chain, financial, customer), Intellectual property (research data)
Sensitivity of Data: high (enterprise resource planning data)potentially confidential (manufacturing, R&D)
Data Exfiltration: claimed by Cl0p (typical tactic before ransomware deployment)
Incident : Ransomware BRO3105131112625
Type of Data Compromised: Corporate data, Customer data, Sensitive business information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Limit .NET Remoting access to localhost-only in upcoming releases, , Patch application for Oracle EBS vulnerabilities, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by block port 4011 on firewalls, configure the irm_hostedserviceurl core setting with an empty value and restart the altiris inventory rule management service, , patch release for cve-2025-41244, previous patches for cve-2025-22224, cve-2025-22225, cve-2025-22226 (march 2024), nsx vulnerabilities patched (november 2024), , oracle security patches (cve-2025-61882, cve-2025-21884) and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : data breach BRO4981349111725
Ransomware Strain: El Dorado (linked to BlackLock)
Data Exfiltration: True
Incident : ransomware BRO0893008112125
Ransomware Strain: Cl0p
Data Encryption: ['likely (standard Cl0p tactic post-exfiltration)']
Data Exfiltration: ['claimed (pre-ransomware deployment)']
Incident : Ransomware BRO3105131112625
Ransom Demanded: True
Ransomware Strain: Cl0p (Clop)
Data Exfiltration: True
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Privilege Escalation BRO4592445093025
Lessons Learned: 1. State-sponsored actors like UNC5174 are increasingly exploiting zero-day vulnerabilities in enterprise software (VMware, F5 BIG-IP, ConnectWise, SAP) for espionage and financial gain. 2. Privilege escalation vulnerabilities in widely used tools (e.g., VMware Aria Operations) can lead to full system compromise if left unpatched. 3. Collaboration with threat intelligence firms (NVISO, Mandiant, Microsoft) is critical for timely detection and mitigation. 4. Regular patching of high-severity vulnerabilities reported by entities like NSA and Microsoft Threat Intelligence is essential to prevent exploitation.
Incident : ransomware BRO0893008112125
Lessons Learned: Zero-day vulnerabilities in enterprise software (e.g., Oracle E-Business Suite) pose severe risks due to lack of patches at exploitation time., High-value targets (e.g., semiconductor manufacturers) are prioritized by ransomware groups like Cl0p for maximum impact., Proactive measures (e.g., network segmentation, EDR, threat intelligence monitoring) are critical for mitigating zero-day risks., Supply chain and ERP systems are attractive targets due to their central role in business operations.
Incident : Ransomware BRO3105131112625
Lessons Learned: Supplier vulnerabilities in enterprise software (e.g., Oracle EBS) can cascade into large-scale breaches across industries. Proactive patch management and supply chain risk monitoring (e.g., via SCRM platforms like Z2Data) are critical to mitigating third-party risks. Cl0p’s delayed data leak strategy highlights the importance of rapid incident response to prevent public exposure of sensitive data.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability BRO809071525
Recommendations: Block port 4011 on firewalls, Configure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service, Limit .NET Remoting access to localhost-only in upcoming releasesBlock port 4011 on firewalls, Configure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service, Limit .NET Remoting access to localhost-only in upcoming releasesBlock port 4011 on firewalls, Configure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service, Limit .NET Remoting access to localhost-only in upcoming releases
Incident : Privilege Escalation BRO4592445093025
Recommendations: Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors.
Incident : ransomware BRO0893008112125
Recommendations: Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Implement network segmentation to limit lateral movement in case of breach., Deploy endpoint detection and response (EDR) solutions for early threat detection., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Prepare incident response plans specifically for ransomware and zero-day scenarios.
Incident : Ransomware BRO3105131112625
Recommendations: Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Conduct regular audits of enterprise software for zero-day vulnerabilities., Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Evaluate the need for network segmentation to limit lateral movement in case of breaches.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are 1. State-sponsored actors like UNC5174 are increasingly exploiting zero-day vulnerabilities in enterprise software (VMware, F5 BIG-IP, ConnectWise, SAP) for espionage and financial gain. 2. Privilege escalation vulnerabilities in widely used tools (e.g., VMware Aria Operations) can lead to full system compromise if left unpatched. 3. Collaboration with threat intelligence firms (NVISO, Mandiant, Microsoft) is critical for timely detection and mitigation. 4. Regular patching of high-severity vulnerabilities reported by entities like NSA and Microsoft Threat Intelligence is essential to prevent exploitation.Zero-day vulnerabilities in enterprise software (e.g., Oracle E-Business Suite) pose severe risks due to lack of patches at exploitation time.,High-value targets (e.g., semiconductor manufacturers) are prioritized by ransomware groups like Cl0p for maximum impact.,Proactive measures (e.g., network segmentation, EDR, threat intelligence monitoring) are critical for mitigating zero-day risks.,Supply chain and ERP systems are attractive targets due to their central role in business operations.Supplier vulnerabilities in enterprise software (e.g., Oracle EBS) can cascade into large-scale breaches across industries. Proactive patch management and supply chain risk monitoring (e.g., via SCRM platforms like Z2Data) are critical to mitigating third-party risks. Cl0p’s delayed data leak strategy highlights the importance of rapid incident response to prevent public exposure of sensitive data.
References
Where can I find more information about each incident ?
Incident : Vulnerability BRO809071525
Source: Broadcom PSIRT
Incident : Vulnerability BRO809071525
Source: LRQA security researchers
Incident : Privilege Escalation BRO4592445093025
Source: NVISO Research (Maxime Thiebaut)
Date Accessed: 2024-11-04
Incident : Privilege Escalation BRO4592445093025
Source: Google Mandiant (UNC5174 Analysis)
Incident : Privilege Escalation BRO4592445093025
Source: Broadcom Security Advisory for CVE-2025-41244
Date Accessed: 2024-11-05
Incident : Privilege Escalation BRO4592445093025
Source: Microsoft Threat Intelligence (VMware Zero-Days, March 2024)
Incident : ransomware BRO3362533111725
Source: The Register
Incident : data breach BRO4981349111725
Source: The Register
Incident : ransomware BRO0893008112125
Source: GBHackers (GBH)
Incident : Ransomware BRO3105131112625
Source: U.S. Cybersecurity and Infrastructure Security Agency (CISA)
Incident : Ransomware BRO3105131112625
Source: UK National Cyber Security Centre (NCSC)
Incident : Ransomware BRO3105131112625
Source: Mandiant (Google-owned cybersecurity firm)
Incident : Ransomware BRO3105131112625
Source: Oracle Security Alerts (CVE-2025-61882, CVE-2025-21884)
Incident : Ransomware BRO3105131112625
Source: Z2Data Supplier Risk Analysis
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Broadcom PSIRT, and Source: LRQA security researchers, and Source: BleepingComputerDate Accessed: 2024-11-05, and Source: NVISO Research (Maxime Thiebaut)Date Accessed: 2024-11-04, and Source: Google Mandiant (UNC5174 Analysis), and Source: Broadcom Security Advisory for CVE-2025-41244Date Accessed: 2024-11-05, and Source: Microsoft Threat Intelligence (VMware Zero-Days, March 2024), and Source: The Register, and Source: The Register, and Source: GBHackers (GBH), and Source: U.S. Cybersecurity and Infrastructure Security Agency (CISA), and Source: UK National Cyber Security Centre (NCSC), and Source: Mandiant (Google-owned cybersecurity firm), and Source: Oracle Security Alerts (CVE-2025-61882, CVE-2025-21884), and Source: Z2Data Supplier Risk AnalysisUrl: https://www.z2data.com.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Privilege Escalation BRO4592445093025
Investigation Status: Ongoing (patch released; threat actor activity under monitoring)
Incident : ransomware BRO3362533111725
Investigation Status: disclosed (May 2025)
Incident : data breach BRO4981349111725
Investigation Status: ongoing (limited details disclosed)
Incident : ransomware BRO0893008112125
Investigation Status: unverified (claimed by Cl0p, no official statement from Broadcom; independent verification pending)
Incident : Ransomware BRO3105131112625
Investigation Status: Ongoing (Cl0p’s data leak timeline suggests delayed public exposure)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through public disclosure via The Register; ADP issued a statement clarifying limited impact and no ransom payment, Oracle Security Alerts To Customers and Public Disclosure Via Media.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Privilege Escalation BRO4592445093025
Customer Advisories: Broadcom urged customers to apply patches immediately; no detailed advisory provided in the article.
Incident : Ransomware BRO3105131112625
Stakeholder Advisories: Oracle Security Alerts Urging Immediate Patching, Mandiant’S Analysis Of Cl0P’S Modus Operandi.
Customer Advisories: Companies advised to monitor for data leaks on Cl0p’s blog or dark web marketplaces
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Broadcom urged customers to apply patches immediately; no detailed advisory provided in the article., Oracle Security Alerts Urging Immediate Patching, Mandiant’S Analysis Of Cl0P’S Modus Operandi, Companies Advised To Monitor For Data Leaks On Cl0P’S Blog Or Dark Web Marketplaces and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploit SYM44121823
Entry Point: Executable File
Incident : Vulnerability BRO809071525
Entry Point: Port 4011
Incident : Privilege Escalation BRO4592445093025
Entry Point: Exploitation Of Cve-2025-41244 (Privilege Escalation Via /Tmp/Httpd), Previous Exploits: Cve-2023-46747 (F5 Big-Ip), Cve-2024-1709 (Connectwise Screenconnect), Cve-2025-31324 (Netweaver Visual Composer),
Backdoors Established: Likely (based on UNC5174's history of selling network access)
High Value Targets: U.S. Defense Contractors, Uk Government Entities, Asian Institutions, Critical Infrastructure (Uk/Us Via Sap Netweaver Attacks),
Data Sold on Dark Web: U.S. Defense Contractors, Uk Government Entities, Asian Institutions, Critical Infrastructure (Uk/Us Via Sap Netweaver Attacks),
Incident : ransomware BRO3362533111725
High Value Targets: Broadcom Employee Data,
Data Sold on Dark Web: Broadcom Employee Data,
Incident : data breach BRO4981349111725
High Value Targets: employee PII and financial data
Data Sold on Dark Web: employee PII and financial data
Incident : ransomware BRO0893008112125
Entry Point: unpatched zero-day vulnerability in Oracle E-Business Suite
Backdoors Established: ['likely (Cl0p tactic for persistence)']
High Value Targets: Broadcom'S Manufacturing Operations, Research Data, Customer Information, Supply Chain Systems,
Data Sold on Dark Web: Broadcom'S Manufacturing Operations, Research Data, Customer Information, Supply Chain Systems,
Incident : Ransomware BRO3105131112625
Entry Point: Zero-Day Vulnerabilities In Oracle Ebs (Cve-2025-61882, Cve-2025-21884),
Reconnaissance Period: Since late September 2023 (pre-exploitation activity)
High Value Targets: Fortune 500 Companies (E.G., Broadcom, Estée Lauder), Multinational Corporations With Oracle Ebs Dependencies,
Data Sold on Dark Web: Fortune 500 Companies (E.G., Broadcom, Estée Lauder), Multinational Corporations With Oracle Ebs Dependencies,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability BRO809071525
Root Causes: Insecure deserialization of .NET objects through the BinaryServerFormatterSinkProvider with TypeFilterLevel set to Full
Corrective Actions: Block Port 4011 On Firewalls, Configure The Irm Hostedserviceurl Core Setting With An Empty Value And Restart The Altiris Inventory Rule Management Service, Limit .Net Remoting Access To Localhost-Only In Upcoming Releases,
Incident : Privilege Escalation BRO4592445093025
Root Causes: Privilege Escalation Vulnerability In Vmware Service Discovery Mechanism (Broad Regex Path Matching)., Insufficient Validation Of Unprivileged User Processes Opening Listening Sockets., Delayed Public Disclosure Of In-The-Wild Exploitation (Attacks Began In October 2024; Patch/Report In November 2024)., Reuse Of Exploit Techniques Across Multiple Vulnerabilities (E.G., Cve-2023-46747, Cve-2024-1709) By Unc5174.,
Corrective Actions: Broadcom Released Patches For Cve-2025-41244 And Related Vmware Nsx Vulnerabilities., Nviso Published Poc To Aid Detection And Mitigation., Organizations Advised To Audit Vmware Environments For Signs Of Exploitation (E.G., Suspicious /Tmp/Httpd Binaries)., Enhanced Monitoring For Unc5174 Ttps (Tactics, Techniques, Procedures) Across Enterprise Software.,
Incident : ransomware BRO3362533111725
Root Causes: Third-Party Vendor Vulnerability (Bsh), Supply Chain Risk During Transition Period,
Incident : data breach BRO4981349111725
Root Causes: Third-Party Vulnerability (Bsh Compromise), Supply Chain Risk During Payroll Provider Transition,
Incident : ransomware BRO0893008112125
Root Causes: Use Of Unpatched Enterprise Software (Oracle E-Business Suite) With Zero-Day Vulnerability., Potential Lack Of Network Segmentation Allowing Lateral Movement., Targeting By A Sophisticated Threat Actor (Cl0P) With A History Of Exploiting Zero-Days.,
Incident : Ransomware BRO3105131112625
Root Causes: Unpatched Zero-Day Vulnerabilities In Oracle Ebs (Cve-2025-61882, Cve-2025-21884)., Lack Of Real-Time Monitoring For Unauthenticated Http Requests Targeting Critical Components (Bi Publisher, Configurator Ui)., Supplier Risk Blind Spots In Enterprise Software Supply Chains.,
Corrective Actions: Immediate Application Of Oracle-Provided Security Patches., Enhanced Supplier Risk Assessments Using Scrm Platforms (E.G., Z2Data)., Implementation Of Behavioral Wafs Or Anomaly Detection For Oracle Ebs Environments., Review Of Third-Party Software Dependencies For Similar Vulnerabilities.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Nviso (Vulnerability Reporting And Poc), Google Mandiant (Threat Actor Analysis), , Recommended: Review Security Logs For Unauthorized Access, Deploy Edr Solutions, , Mandiant (Google-Owned Cybersecurity Firm), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Block Port 4011 On Firewalls, Configure The Irm Hostedserviceurl Core Setting With An Empty Value And Restart The Altiris Inventory Rule Management Service, Limit .Net Remoting Access To Localhost-Only In Upcoming Releases, , Broadcom Released Patches For Cve-2025-41244 And Related Vmware Nsx Vulnerabilities., Nviso Published Poc To Aid Detection And Mitigation., Organizations Advised To Audit Vmware Environments For Signs Of Exploitation (E.G., Suspicious /Tmp/Httpd Binaries)., Enhanced Monitoring For Unc5174 Ttps (Tactics, Techniques, Procedures) Across Enterprise Software., , Immediate Application Of Oracle-Provided Security Patches., Enhanced Supplier Risk Assessments Using Scrm Platforms (E.G., Z2Data)., Implementation Of Behavioral Wafs Or Anomaly Detection For Oracle Ebs Environments., Review Of Third-Party Software Dependencies For Similar Vulnerabilities., .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an UNC5174 (Chinese state-sponsored, linked to Ministry of State Security - MSS), El Dorado ransomware group, El Dorado ransomware gangBlackLock operation, Cl0p ransomware gang and Cl0p (Clop).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-02-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11-20.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were passwords, list of Symantec clients, government agencies, list of clients using Symantec's CloudSOC services, account managers, account numbers, , Broadcom employee data, , birthdates, email addresses, phone numbers, home addresses, national ID numbers, national health insurance ID numbers, health insurance policy numbers, financial account numbers, salary details, employment termination dates, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Symantec Enterprise Products and Symantec Endpoint Management Suite 8.6.x-8.8 and VMware Aria Operations (credential-based mode)VMware Tools (credential-less mode) and Oracle E-Business Suitesupply chain operationsfinancial systemscustomer datamanufacturing operationsresearch data and Oracle E-Business Suite (EBS) versions 12.2.3–12.2.14.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was nviso (vulnerability reporting and poc), google mandiant (threat actor analysis), , mandiant (google-owned cybersecurity firm), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Block port 4011 on firewallsConfigure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service, Patch release for CVE-2025-41244Previous patches for CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 (March 2024)NSX vulnerabilities patched (November 2024), Oracle security patches (CVE-2025-61882 and CVE-2025-21884).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were salary details, account numbers, Broadcom employee data, account managers, email addresses, financial account numbers, employment termination dates, government agencies, list of Symantec clients, national health insurance ID numbers, national ID numbers, health insurance policy numbers, home addresses, phone numbers, list of clients using Symantec's CloudSOC services, birthdates and passwords.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Supply chain and ERP systems are attractive targets due to their central role in business operations., Supplier vulnerabilities in enterprise software (e.g., Oracle EBS) can cascade into large-scale breaches across industries. Proactive patch management and supply chain risk monitoring (e.g., via SCRM platforms like Z2Data) are critical to mitigating third-party risks. Cl0p’s delayed data leak strategy highlights the importance of rapid incident response to prevent public exposure of sensitive data.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Block port 4011 on firewalls, Implement network segmentation to limit lateral movement in case of breach., Prepare incident response plans specifically for ransomware and zero-day scenarios., Monitor dark web markets for potential sales of network access linked to UNC5174 or similar actors., Apply Oracle security patches for CVE-2025-61882 and CVE-2025-21884 immediately., Monitor threat intelligence sources for zero-day disclosures related to enterprise software., Immediately review security logs for unauthorized access attempts in Oracle E-Business Suite environments., Apply security patches for Oracle E-Business Suite as soon as they are released., Limit .NET Remoting access to localhost-only in upcoming releases, Configure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management Service, Develop and test incident response plans for ransomware attacks, including data exfiltration scenarios., Implement supply chain risk management (SCRM) tools to assess third-party vendor vulnerabilities (e.g., Z2Data)., Immediately apply Broadcom's patches for CVE-2025-41244 and related VMware vulnerabilities., Review and harden VMware Aria Operations and Tools configurations, especially in credential-less modes., Monitor for suspicious binary staging in paths like /tmp/httpd or other broadly-matched regex locations., Conduct regular vulnerability assessments for critical ERP and supply chain systems., Restrict unprivileged user access to critical service discovery mechanisms in VMware environments., Deploy behavioral detection rules for privilege escalation attempts via service abuse (e.g., listening sockets opened by unprivileged processes)., Conduct threat hunting for indicators of UNC5174 activity, including backdoors or sold access credentials., Enhance monitoring for unauthenticated HTTP requests targeting Oracle EBS components., Deploy endpoint detection and response (EDR) solutions for early threat detection., Conduct regular audits of enterprise software for zero-day vulnerabilities. and Evaluate the need for network segmentation to limit lateral movement in case of breaches..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Mandiant (Google-owned cybersecurity firm), LRQA security researchers, UK National Cyber Security Centre (NCSC), Z2Data Supplier Risk Analysis, NVISO Research (Maxime Thiebaut), Microsoft Threat Intelligence (VMware Zero-Days, March 2024), The Register, GBHackers (GBH), Broadcom Security Advisory for CVE-2025-41244, Broadcom PSIRT, U.S. Cybersecurity and Infrastructure Security Agency (CISA), Oracle Security Alerts (CVE-2025-61882, CVE-2025-21884), BleepingComputer and Google Mandiant (UNC5174 Analysis).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.z2data.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (patch released; threat actor activity under monitoring).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Oracle security alerts urging immediate patching, Mandiant’s analysis of Cl0p’s modus operandi, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Broadcom urged customers to apply patches immediately; no detailed advisory provided in the article. and Companies advised to monitor for data leaks on Cl0p’s blog or dark web marketplaces.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Port 4011, Executable File and unpatched zero-day vulnerability in Oracle E-Business Suite.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Since late September 2023 (pre-exploitation activity).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Insecure deserialization of .NET objects through the BinaryServerFormatterSinkProvider with TypeFilterLevel set to Full, Privilege escalation vulnerability in VMware service discovery mechanism (broad regex path matching).Insufficient validation of unprivileged user processes opening listening sockets.Delayed public disclosure of in-the-wild exploitation (attacks began in October 2024; patch/report in November 2024).Reuse of exploit techniques across multiple vulnerabilities (e.g., CVE-2023-46747, CVE-2024-1709) by UNC5174., third-party vendor vulnerability (BSH)supply chain risk during transition period, third-party vulnerability (BSH compromise)supply chain risk during payroll provider transition, Use of unpatched enterprise software (Oracle E-Business Suite) with zero-day vulnerability.Potential lack of network segmentation allowing lateral movement.Targeting by a sophisticated threat actor (Cl0p) with a history of exploiting zero-days., Unpatched zero-day vulnerabilities in Oracle EBS (CVE-2025-61882, CVE-2025-21884).Lack of real-time monitoring for unauthenticated HTTP requests targeting critical components (BI Publisher, Configurator UI).Supplier risk blind spots in enterprise software supply chains..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Block port 4011 on firewallsConfigure the IRM_HostedServiceUrl core setting with an empty value and restart the Altiris Inventory Rule Management ServiceLimit .NET Remoting access to localhost-only in upcoming releases, Broadcom released patches for CVE-2025-41244 and related VMware NSX vulnerabilities.NVISO published PoC to aid detection and mitigation.Organizations advised to audit VMware environments for signs of exploitation (e.g., suspicious /tmp/httpd binaries).Enhanced monitoring for UNC5174 TTPs (tactics, techniques, procedures) across enterprise software., Immediate application of Oracle-provided security patches.Enhanced supplier risk assessments using SCRM platforms (e.g., Z2Data).Implementation of behavioral WAFs or anomaly detection for Oracle EBS environments.Review of third-party software dependencies for similar vulnerabilities..
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=broadcom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
