Clop Exploits Oracle Zero-Day; CISA Catalogs Multiple Actively Exploited Flaws

Scattered Lapsus$ Hunters Collective Launches Leak Site, Extorting Salesforce and 39 High-Profile Customers

A new cybercriminal collective calling itself 'Scattered Lapsus$ Hunters' has emerged, claiming to be a merger of members from Scattered Spider, Lapsus$, and ShinyHunters. The group launched a dark web data leak site over the weekend of October 4-5, listing 39 major companies, including Cisco, Toyota, and Marriott, as victims of a massive data breach affecting their Salesforce instances. The actors claim to have exfiltrated nearly one billion records and have set an October 10 deadline for ransoms to be paid. In an unusual tactic, they have also demanded that Salesforce pay a ransom to spare the listed victims, threatening to release documents proving alleged security negligence. The breaches are suspected to have originated from vishing attacks targeting IT help desks.

ExtortionData LeakSalesforceScattered SpiderLapsus$ +2 more

New 'Scattered Lapsus$ Hunters' Gang Extorts 39 Salesforce Customers on Leak Site

Threat Actor

Data Breach

Ransomware

Signal Threatens to Exit EU Market if "Chat Control" Mass Surveillance Bill Passes

INFORMATIONAL

Signal Vows to Cease Operations in European Union Over Proposed "Chat Control" Encryption-Breaking Law

Meredith Whittaker, the president of the Signal Foundation, has declared that the encrypted messaging service will withdraw from the European Union if the controversial 'Chat Control' legislation is enacted. The proposed law, which faces a critical vote on October 14, would mandate that communication platforms like Signal and WhatsApp scan all user content, including private messages and photos, for illicit material before it is encrypted. Critics, including Signal, argue this would create a backdoor for mass surveillance, fundamentally break end-to-end encryption, and create a dangerous cybersecurity precedent. The statement is a direct appeal to EU member states, particularly Germany, to vote against the measure.

EncryptionPrivacyEURegulationChat Control +1 more

Signal Threatens to Exit EU Market if "Chat Control" Mass Surveillance Bill Passes

Policy and Compliance

Regulatory

CISA Warns of Actively Exploited Windows Privilege Escalation Flaw (CVE-2021-43226)

CISA Adds Windows CLFS Driver Privilege Escalation Vulnerability (CVE-2021-43226) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-43226, a high-severity privilege escalation vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver, to its Known Exploited Vulnerabilities (KEV) catalog. The action, taken on October 6, 2025, confirms the flaw is being actively exploited in the wild. The vulnerability allows a local, authenticated attacker to execute code with SYSTEM-level privileges by leveraging a buffer overflow. The flaw affects a wide range of Windows versions, including Windows 10, 11, and Server editions. Federal agencies have been directed to patch the vulnerability by October 27, 2025.

Privilege EscalationWindowsCISAKEVPatch Management

CISA Warns of Actively Exploited Windows Privilege Escalation Flaw (CVE-2021-43226)

Patch Management

Jaguar Land Rover Begins Phased Restart a Month After Crippling Cyberattack

Jaguar Land Rover Initiates Phased Production Restart Following Month-Long Shutdown from Cyberattack

On October 7, 2025, Jaguar Land Rover (JLR) announced it is beginning a phased restart of its manufacturing plants, more than a month after a major cyberattack on August 31 halted its global operations. The attack disrupted everything from production lines and parts flow to retail systems. The restart is beginning cautiously, with engine plants and stamping operations coming online first, and full production is hoped for by the end of October. The incident has caused a significant financial blow, with sales dropping sharply in all markets. In response to the crisis, JLR has also launched a new financing program to support its struggling suppliers who have lost weeks of orders.

CyberattackIncident ResponseManufacturingJLRRansomware +1 more

Cyberattack

Incident Response

Industrial Control Systems

CISA Adds Actively Exploited Zimbra XSS Zero-Day (CVE-2025-27915) to KEV Catalog

Actively Exploited Zero-Day XSS Vulnerability in Zimbra Collaboration Suite (CVE-2025-27915) Added to CISA KEV

On October 7, 2025, CISA added CVE-2025-27915, a high-severity zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a stored cross-site scripting (XSS) issue in the ZCS Classic Web Client that can be triggered with no user interaction beyond viewing a malicious email. An attacker can craft a malicious iCalendar invitation that, when processed, executes arbitrary JavaScript in the victim's authenticated session. This allows for account takeover, data exfiltration, and redirection of sensitive emails. Federal agencies are mandated to apply mitigations by October 28, 2025.

Zero-DayXSSZimbraCISAKEV +1 more

CISA Adds Actively Exploited Zimbra XSS Zero-Day (CVE-2025-27915) to KEV Catalog

Phishing

AI Risk Disclosures Skyrocket Among S&P 500, Cybersecurity a Top Concern

INFORMATIONAL

Report: Over 70% of S&P 500 Companies Now Cite AI as a Material Risk, Up from 12% in 2023

A new report from The Conference Board, released on October 7, 2025, reveals a dramatic shift in corporate risk perception, with over 70% of S&P 500 companies now formally disclosing AI-related risks in their public filings. This is a massive jump from just 12% in 2023. Reputational damage is the most cited concern (38%), followed closely by cybersecurity risks (20%). Companies are increasingly worried about how AI expands the attack surface, introduces new vulnerabilities through third-party tools, and creates new legal and regulatory challenges. The findings highlight that while AI adoption is accelerating, corporate governance and oversight are still struggling to keep pace.

AIArtificial IntelligenceRisk ManagementCorporate GovernanceCompliance

AI Risk Disclosures Skyrocket Among S&P 500, Cybersecurity a Top Concern

Policy and Compliance

Cloud Security

Redis Patches Critical "RediShell" RCE Flaw (CVE-2025-49844) in Lua Sandbox

CRITICAL

Critical "RediShell" RCE Vulnerability (CVE-2025-49844) in Redis Allows Sandbox Escape

Redis has released patches for CVE-2025-49844, a critical use-after-free vulnerability nicknamed "RediShell" by the Wiz researchers who discovered it. The flaw, announced on October 7, 2025, allows an authenticated attacker to escape the Lua sandbox and achieve remote code execution (RCE) on the underlying server. The risk is especially high for the estimated 330,000 internet-exposed Redis instances, around 60,000 of which are believed to have no authentication enabled. Because official Redis container images disable authentication by default, these instances are vulnerable to unauthenticated RCE. Security agencies like Germany's BSI are warning of imminent exploitation.

RCERedisSandbox EscapeVulnerabilityWiz +1 more

Redis Patches Critical "RediShell" RCE Flaw (CVE-2025-49844) in Lua Sandbox

Cloud Security

Digicloud Africa to Distribute Google's AI-Powered SecOps Platform Across Continent

INFORMATIONAL

Digicloud Africa Becomes Official Distributor for Google Security Operations in Africa

Digicloud Africa, a major Google Cloud distributor, announced on October 6, 2025, that it has partnered with Google Security Operations. This collaboration will make Google's advanced, AI-driven cybersecurity solutions, including its cloud-native SIEM and SOAR platform, available to enterprises and organizations across the African continent. The partnership aims to help African businesses modernize their security posture, moving from reactive to proactive, intelligence-driven defense strategies to combat the growing complexity of cyber threats in the region.

GoogleSecOpsSIEMSOARAfrica +1 more

3 min read

Digicloud Africa to Distribute Google's AI-Powered SecOps Platform Across Continent

Security Operations

Cloud Security

Updated Articles (2)

CISA Warns of Widespread Flaws in Industrial Control Systems from Major Vendors

CISA Issues Multiple Advisories for Vulnerabilities in Rockwell, Hitachi, and Mitsubishi ICS Products

Update:

CISA has issued specific advisories for vulnerabilities previously mentioned in a broader warning. Advisory ICSA-25-280-01 details flaws in Delta Electronics DIAScreen HMI software, potentially leading to remote code execution or denial of service. Additionally, ICSA-25-226-31 (Update B) provides updated information on vulnerabilities in Rockwell Automation's 1756-EN4TR and 1756-EN4TRXT ControlLogix communication modules, which could allow attackers to intercept or manipulate communications, causing physical disruption. These updates provide more granular technical details for asset owners to prioritize mitigations.

October 6, 2025

Updated: October 7, 2025

ICSOT SecurityCISAVulnerabilityCritical Infrastructure +2 more

Industrial Control Systems

Regulatory

Cl0p Ransomware Exploits Oracle E-Business Suite Zero-Day in Mass Attack

CRITICAL

Cl0p Ransomware Gang Exploits Unauthenticated RCE Zero-Day (CVE-2025-61882) in Oracle E-Business Suite

Update:

International cybersecurity agencies, including CISA and NCSC, have issued urgent warnings regarding the Clop ransomware group's active exploitation of CVE-2025-61882 in Oracle E-Business Suite. The vulnerability, now confirmed with a CVSS score of 9.8, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by October 28, 2025. Reports indicate public exploit code became available on October 6, significantly increasing the threat. Mandiant has officially attributed the campaign to Clop, which is now sending extortion emails directly to victim executives, employing a double-extortion tactic after data exfiltration.

October 6, 2025

Updated: October 7, 2025

Cl0pRansomwareZero-DayOracleData Breach +1 more

Ransomware