Cl0p Exploits Oracle Zero-Day; Threat Actors Weaponize Legitimate Security Tools in Widespread Attacks

Publication Date: October 9, 2025

Summary

This cybersecurity brief for October 9, 2025, covers a surge in critical threats, led by the Cl0p ransomware gang's exploitation of a zero-day vulnerability (CVE-2025-61882) in Oracle's E-Business Suite. A significant trend this period is the abuse of legitimate tools, with threat actors weaponizing the Velociraptor DFIR tool and exploiting a critical flaw (CVE-2025-10035) in Fortra's GoAnywhere MFT. Other major events include the Qilin ransomware attack on Japanese beverage giant Asahi, a sophisticated phishing campaign targeting marketing professionals, and new guidance from the G7 and UK's NCSC on managing AI risks and a sharp rise in national-level cyberattacks.

Today New Articles

Living Off the Land: Hackers Abuse Velociraptor DFIR Tool to Deploy Ransomware

A suspected China-based threat group, Storm-2603, is weaponizing the legitimate open-source digital forensics and incident response (DFIR) tool, Velociraptor. According to Cisco Talos, the attackers are using an outdated and vulnerable version of the tool (exp...

Perfect 10.0 CVSS Flaw in GoAnywhere MFT Exploited by Medusa Ransomware Group

Microsoft has linked the cybercrime group Storm-1175, known for deploying Medusa ransomware, to the active exploitation of a critical vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) solution. The flaw, CVE-2025-10035, is an unauthenticated rem...

Phishing Campaign Lures Marketing Professionals with Fake Jobs at Tesla, Google

Security firm Cofense has detailed a sophisticated phishing campaign that targets marketing and social media professionals with fake job opportunities from high-profile brands like Tesla, Google, Ferrari, and Red Bull. The campaign uses realistic emails and mu...

Financial Firms Tie CEO Pay to Cyber Performance Amid Budget Hikes, Moody's Finds

A new report from Moody's indicates a significant shift in how financial and insurance firms are managing cyber risk. Companies are increasing cybersecurity spending, with nearly half dedicating 8% or more of their IT budget to cyber. Governance is also streng...

Expert Advice on Securing Critical Infrastructure with Limited Budgets

In a recent podcast, cybersecurity expert Chetrice Romero from Ice Miller provided guidance for leaders responsible for protecting critical infrastructure, particularly those facing limited budgets. The discussion covered common cyber and physical threats to u...

Article Updates

UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year

Update:The NCSC's 2025 Annual Review, released on October 9, confirms a 129% surge in 'nationally significant' cyber incidents, rising to 204. In response to the escalating threat, the NCSC has launched a new 'Cyber Action Toolkit' specifically designed for small bus...

Clop Exploits Critical Oracle Zero-Day; CISA Issues Emergency Patch Directive

Update:Further analysis of the CVE-2025-61882 Oracle EBS zero-day reveals it is reportedly an SSRF issue escalating to RCE, affecting versions 12.2.3 through 12.2.14. The Clop group is also combining this zero-day with other previously patched vulnerabilities to maxi...

Qilin Ransomware Claims Disruptive Attack on Japanese Beverage Giant Asahi

Update:The Qilin ransomware group has escalated pressure on Asahi by posting samples of the stolen 27GB of data on their leak site, confirming the double extortion tactic. New technical details include specific cyber observables such as `powershell.exe -enc <base64_b...