Cyber Brief: Oracle hack, VS Code malware, hotel phishing

Today’s Cyber Brief spotlights a new ransomware campaign targeting Oracle enterprise customers, malicious extensions inside Visual Studio Code, and a surge in phishing against hotel systems. Each case highlights how trusted platforms and familiar tools are being turned into entry points for attackers.

Oracle E-Business Suite hack hits major organisations

Cybercriminals associated with the Clop ransomware group have claimed responsibility for a widespread campaign targeting Oracle’s E-Business Suite customers. Nearly 30 companies are listed as victims, including several high-profile universities and airlines. Investigators believe the attacks may have stemmed from credential theft and lateral movement within enterprise resource-planning systems. The campaign has already led to the release of hundreds of gigabytes of stolen corporate data, and some victims have received extortion threats demanding payment to prevent further leaks.

Source: SecurityWeek

Why it matters:
For UK SMEs and regulated firms, this shows how attackers exploit enterprise software that often sits at the heart of operations. Businesses should apply vendor security updates immediately, review who can access ERP systems, and test backup integrity. Clear incident-response playbooks for data-extortion scenarios are now a necessity, not an option.

Malware hidden in Visual Studio Code extensions

Security researchers have discovered three malicious extensions for Visual Studio Code that install backdoors and enable remote command execution on developer machines. Collectively, these extensions were downloaded thousands of times before being removed. The malware, nicknamed “GlassWorm,” appears to have been designed for espionage and supply-chain compromise. Once installed, the extensions could access source code, credentials, and build environments, creating a pathway for deeper attacks.

Source: The Hacker News

Why it matters:
Development tools are now part of the corporate attack surface. UK organisations using Visual Studio Code or similar tools should enforce strict extension-approval policies, disable automatic installs, and restrict developer-machine privileges. Periodic testing of build pipelines through penetration testing or red-team exercises helps identify weak links before threat actors do.

Phishing surge targets hotel booking platforms

Security analysts have reported a large-scale spear-phishing campaign targeting hotel chains and independent properties worldwide. Attackers impersonate well-known booking sites to trick staff into opening attachments containing the PureRAT remote-access trojan. Once inside, the malware attempts to harvest guest data and payment details. The campaign has been ongoing since October and continues to evolve with new lure templates and domain registrations.

Source: The Hacker News

Why it matters:
Hotels and other customer-facing businesses are increasingly targeted through trusted brand impersonation. UK hospitality operators should deploy phishing-resistant authentication, ensure staff receive awareness training, and isolate guest-data systems from wider networks. Regular email-security assessments and SPF/DKIM/DMARC enforcement remain simple yet powerful defences.

Today’s Key Actions

1. Review ERP and vendor software access permissions and apply critical patches immediately.
2. Audit all developer environments for unauthorised extensions or unusual network activity.
3. Reinforce phishing-defence training and technical controls for customer-facing staff.

Secarma Insight

Today’s stories demonstrate how cybercriminals exploit routine business tools - from enterprise software and developer IDEs to online booking systems. At Secarma, we help organisations close these everyday gaps through practical testing, certification, and advisory services. Whether it’s supply-chain assurance, penetration testing, or Cyber Essentials certification, our focus is building resilience where real-world attacks start.

Get in touch with us to prioritise your next steps and strengthen your security posture.