Salesforce Defies Extortionists After Customer Data Heist; Cl0p Exploits Critical Oracle Zero-Day

Publication Date: October 8, 2025

Summary

This cybersecurity brief for October 8, 2025, covers several critical incidents. A threat actor alliance named 'Scattered LAPSUS$ Hunters' claims to have stolen data from over 40 Salesforce customers via social engineering, though Salesforce itself was not breached and refuses to pay the ransom. Concurrently, the Cl0p ransomware group is actively exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle's E-Business Suite. Other major events include a significant data breach at a Red Hat consulting GitLab instance exposing sensitive client data, a ransomware attack by the Qilin group on Japanese beverage giant Asahi, and CISA adding a Zimbra XSS flaw to its KEV catalog.

Today New Articles

Microsoft Warns of Attackers Abusing Teams for Session Hijacking

Microsoft has issued a warning about a threat actor group, tracked as Storm-2372, that is abusing legitimate Microsoft Teams features for cyberattacks. In a report on October 7, 2025, Microsoft detailed how the group uses social engineering within Teams chats...

Red Hat Consulting GitLab Breached; ShinyHunters Leaks Sensitive Client Data

Red Hat has confirmed a security breach affecting an internal GitLab server used by its consulting division. A group named 'Crimson Collective,' in collaboration with the notorious extortion group 'ShinyHunters,' claims to have stolen 570GB of data from over 2...

Methodist Homes Discloses Healthcare Data Breach Affecting Nearly 26,000

Methodist Homes of Alabama & Northwest Florida, a senior living and healthcare provider, announced on October 8, 2025, that it suffered a data breach affecting 25,579 individuals. The incident, which occurred over a 12-day period in October 2024, resulted in u...

Critical RCE Flaw (CVE-2025-53967) Patched in Figma AI Tool

A high-severity command injection vulnerability, CVE-2025-53967, has been discovered and patched in the 'figma-developer-mcp' Model Context Protocol server, a tool used with the Figma design platform. The flaw, rated with a CVSS score of 7.5, could allow an un...

Google Rolls Out October 2025 Security Update for Pixel Devices

Google has released its scheduled October 2025 security update for all supported Pixel devices. The update, detailed in the Pixel Update Bulletin on October 8, 2025, addresses numerous security vulnerabilities. It incorporates all patches from the broader Octo...

Atos Partners with Qevlar AI to Deploy "Virtual SOC Analyst"

On October 7, 2025, the global digital transformation and cybersecurity firm Atos announced a strategic partnership with Qevlar AI. The collaboration will integrate Qevlar's 'Virtual SOC Analyst,' an agentic AI technology, into Atos's global network of 17 Secu...

Article Updates

Clop Exploits Critical Oracle Zero-Day; CISA Issues Emergency Patch Directive

Update:New information confirms that Oracle E-Business Suite versions 12.2.3 through 12.2.14 are specifically affected by CVE-2025-61882. The public availability of exploit code on platforms like Telegram increases the likelihood that other threat actors, such as Sca...

New 'Scattered Lapsus$ Hunters' Gang Extorts 39 Salesforce Customers on Leak Site

Update:Salesforce has officially refused the ransom demand from 'Scattered LAPSUS$ Hunters'. New technical details reveal the attackers employed two primary methods: tricking employees via vishing into authorizing a malicious Salesforce Data Loader application, and a...

CISA Adds Actively Exploited Zimbra XSS Zero-Day (CVE-2025-27915) to KEV Catalog

Update:Further details on CVE-2025-27915 indicate an additional exploitation vector. While previously reported as a stored XSS via malicious iCalendar requiring only viewing, new information suggests attackers can also exploit the flaw by tricking users into clicking...