Daily Digest

Massive Supply Chain Attacks Expose Millions; Clop Ransomware Targets Harvard and Oracle

Massive Supply Chain Attacks Expose Millions; Clop Ransomware Targets Harvard and Oracle

October 12, 2025
7 articles (7 new)
21 min read

Summary

In the period covering October 12, 2025, the cybersecurity landscape was dominated by large-scale supply chain attacks and aggressive ransomware campaigns. A hacker collective dubbed 'Scattered Lapsus$ Hunters' leaked data for 5.7 million Qantas customers and 7.3 million Vietnam Airlines customers after compromising a shared Salesforce environment. Concurrently, the Clop ransomware gang claimed a breach of Harvard University and was found actively exploiting a zero-day in Oracle E-Business Suite, for which Oracle released an emergency patch for a separate, newly discovered high-severity flaw. Other significant events include the abuse of the Velociraptor DFIR tool to deploy ransomware and reports of North Korean hackers stealing a record $2 billion in crypto assets in 2025.

Filter by Category

New Articles (7)

Clop Ransomware Claims Harvard University Breach, Threatens Data Leak

HIGH

Notorious Ransomware Group Clop Adds Harvard University to its Dark Web Leak Site

The prolific Russian-speaking ransomware group Clop has claimed responsibility for a cyberattack against Harvard University, adding the prestigious institution to its data leak site on October 12, 2025. The group, known for its 'big-game hunting' and exploitation of zero-day vulnerabilities, threatened to publish stolen data, stating that a torrent link would be available soon. The claim has not yet been confirmed by Harvard. Clop, also known as TA505, has a history of high-profile attacks using double-extortion tactics, including the mass exploitation of flaws in MOVEit Transfer and GoAnywhere MFT, which affected hundreds of organizations worldwide.

October 12, 2025
5 min read
RansomwareClopTA505Harvard UniversityData Leak +2 more
Clop Ransomware Claims Harvard University Breach, Threatens Data Leak

Oracle Issues Emergency Patch for High-Severity EBS Flaw Amid Active Clop Attacks

HIGH

Oracle Patches Unauthenticated Data Exposure Flaw (CVE-2025-61884) in E-Business Suite

Oracle has released an emergency security patch for a high-severity vulnerability, CVE-2025-61884, in its E-Business Suite (EBS). The flaw, which has a CVSS score of 7.5, allows an unauthenticated, remote attacker to access sensitive data within the Oracle Configurator module. It affects EBS versions 12.2.3 through 12.2.14. This alert is especially critical as it comes while the Clop ransomware group is actively exploiting a separate, critical zero-day (CVE-2025-61882) in EBS for an executive extortion campaign. While there's no confirmed link, the active targeting of EBS by Clop significantly increases the risk that this new vulnerability will be weaponized. Administrators are urged to apply the patch immediately.

October 12, 2025
4 min read
VulnerabilityOracleE-Business SuiteCVE-2025-61884CVE-2025-61882 +3 more
Oracle Issues Emergency Patch for High-Severity EBS Flaw Amid Active Clop Attacks

Discord Denies Massive Breach Claim After Hackers Allege 1.5TB Data Leak

MEDIUM

Discord Refutes Claims of a Major Data Breach and Leak of Government-Issued IDs

Discord is publicly denying claims that it suffered a major data breach. On October 11, 2025, an unknown group of hackers alleged they had exfiltrated and leaked 1.5 terabytes of user data, including highly sensitive government-issued identification documents. Some reports suggested the breach was linked to Discord's Zendesk customer support portal, an allegation Zendesk also refuted, stating its systems were not vulnerable. Discord maintains that its services were not compromised and that the claims are unverified. The significant discrepancy between the hackers' claims and the company's denial leaves the situation unclear, but the mere allegation of leaked IDs poses a serious concern for users.

October 12, 2025
5 min read
DiscordData BreachZendeskUnconfirmedIdentity Theft
Discord Denies Massive Breach Claim After Hackers Allege 1.5TB Data Leak

North Korean Hackers Shatter Records, Stealing $2 Billion in Crypto in 2025

HIGH

North Korean State-Sponsored Hackers Steal Record-Breaking $2 Billion in Cryptocurrency Assets in 2025

North Korean state-sponsored hacking groups have stolen over $2 billion in cryptocurrency assets in 2025 so far, marking the largest annual total ever recorded for the regime. A report highlighted on October 11, 2025, points to the increasing scale and sophistication of these financially motivated cyber operations. The single largest heist of the year was the February 2025 attack on the Bybit cryptocurrency exchange, which accounted for $1.46 billion of the total losses. These attacks on crypto exchanges and DeFi platforms are a critical source of revenue for North Korea, allowing it to circumvent international sanctions and fund its weapons programs.

October 12, 2025
5 min read
North KoreaLazarus GroupCryptocurrencyCyber HeistBybit +2 more
North Korean Hackers Shatter Records, Stealing $2 Billion in Crypto in 2025

North Korean IT Worker Fraud Scheme Expands, Targeting 5,000 Companies

HIGH

Global Alert: North Korean Scheme Using Fake IT Workers Infiltrates Thousands of Companies

A sophisticated North Korean scheme using fraudulent IT worker personas to infiltrate companies has expanded into a massive global operation. According to a report from October 11, 2025, researchers have identified over 130 fake identities used in more than 6,500 job interviews with approximately 5,000 companies over a four-year period. These state-sponsored operatives pose as skilled freelance IT workers to secure remote employment, then use their insider access to conduct espionage, steal intellectual property, and divert funds. The campaign, previously thought to be focused on the U.S., is now confirmed to be global, prompting warnings for businesses to enhance their hiring and verification processes for remote workers.

October 12, 2025
5 min read
North KoreaInsider ThreatEspionageHiring FraudRemote Work +1 more
North Korean IT Worker Fraud Scheme Expands, Targeting 5,000 Companies

Critical RCE Flaw in WooCommerce Designer Pro Plugin Puts WordPress Sites at Risk

CRITICAL

Critical Path Traversal Vulnerability (CVE-2025-6439) in WooCommerce Designer Pro Allows Unauthenticated File Deletion

A critical vulnerability, CVE-2025-6439, has been disclosed in the WooCommerce Designer Pro WordPress plugin. The flaw, rated 9.8 out of 10 on the CVSS scale, is a path traversal issue that allows an unauthenticated attacker to delete arbitrary files on the web server. This could lead to complete data loss, website destruction, or even remote code execution (RCE) by deleting critical files like wp-config.php and re-running the WordPress installation. The vulnerability affects all versions up to and including 1.9.26 and is also present in the 'Pricom' theme which bundles the plugin. Users are urged to update immediately.

October 12, 2025
4 min read
WordPressVulnerabilityCVE-2025-6439WooCommercePath Traversal +2 more
Critical RCE Flaw in WooCommerce Designer Pro Plugin Puts WordPress Sites at Risk

WordPress Plugin 'Contest Gallery' Vulnerable to CSV Injection Attacks

MEDIUM

Medium-Severity CSV Injection Flaw (CVE-2025-11254) Disclosed in Contest Gallery WordPress Plugin

A medium-severity CSV injection vulnerability, CVE-2025-11254, has been disclosed in the 'Contest Gallery' plugin for WordPress. The flaw affects all versions up to and including 27.0.3. It allows an unauthenticated attacker to embed malicious formulas into data fields that are later exported as a CSV file by a site administrator. If the administrator opens the malicious CSV file in a spreadsheet program like Microsoft Excel, the formulas can execute, potentially leading to arbitrary code execution on their local machine. The vulnerability has a CVSS score of 4.3 and has been patched in version 28.0.0 of the plugin.

October 12, 2025
4 min read
WordPressVulnerabilityCSV InjectionCVE-2025-11254Contest Gallery
WordPress Plugin 'Contest Gallery' Vulnerable to CSV Injection Attacks

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.