Jul 07, 2025
Android Root Exploit, Oracle EBS Flaw, Crypto Logins, and Cisco Access Posted for Sale
SOCRadar’s Dark Web Team has identified several new posts on underground forums offering high-value exploits, access credentials, and corporate network access. The listings include alleged zero-day vulnerabilities targeting Android and Oracle E-Business Suite, a massive cache of login credentials linked to cryptocurrency users, and unauthorized Cisco system access for a German electronics company. While the validity of these claims remains unverified, the volume and diversity of the offers highlight continued threat actor interest in targeting both infrastructure and user-level assets across industries.
Receive a Free Dark Web Report for Your Organization:
Alleged 0-Day Exploit for Android is on Sale
SOCRadar Dark Web Team detected a new post advertising an alleged 0-day exploit targeting Android devices. The threat actor claims the exploit affects Chrome browsers on Android versions up to 15, allowing remote code execution through a one-click payload. According to the post, successful exploitation grants full root access (UID 0) and kernel-level memory read/write capabilities. The actor highlights a 100% success rate in 30 test runs, with an execution time of 1.5 to 2 seconds and no visible crashes, suggesting a stealthy impact and clean browser recovery.
Alleged 0-Day of Oracle is on Sale
SOCRadar Dark Web Team detected a new post offering an alleged 0-day exploit targeting Oracle E-Business Suite (EBS). The threat actor claims the vulnerability enables pre-authentication remote code execution on version 12.2.14. The exploit is priced at $70,000 and was reportedly tested only in a controlled test environment, not on external systems. The
Alleged User Login Credentials of Crypto Platforms are on Sale
SOCRadar Dark Web Team detected a new post offering alleged login credentials linked to users of various cryptocurrency platforms. The threat actor claims to hold over 40 million email and password pairs associated with crypto users worldwide, describing the data as suitable for phishing and mass email campaigns. No specific price is mentioned, and buyers are encouraged to negotiate directly. Given the nature and scale of the offering, the dataset likely consists of previously leaked credentials or stealer log collections rather than data from a single breach. Nevertheless, it warrants careful analysis to assess potential risks and overlaps with past incidents.
Alleged Unauthorized Cisco Access Sale is Detected for a German Electric Company
SOCRadar Dark Web Team detected a post advertising unauthorized access to a Cisco system allegedly belonging to a company in the electronics industry based in Germany. The actor claims the targeted organization has an annual revenue of approximately $3.5 billion. The sale is structured as an auction, with a starting price of $2,500, incremental bids of $500, and a buy-now price of $4,500.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
Related Articles
Subscribe to our newsletter and stay updated on the latest insights!