Ivanti EPMM Backdoors, GitHub Impersonation, Oracle Scheduler Ransomware

CISA Reports Ivanti EPMM Exploit Sightings
Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May.
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
Lastpass Observes Impersonation on GitHub
Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware.
https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Oracle Scheduler Ransomware
Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service.
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/