Critical Oracle Zero-Day Exploited by TA505 &amp; Cl0p; Discord Vendor Breach Exposes 70,000 IDs

Third-Party Breach at Discord Vendor 5CA Exposes Government IDs and Personal Data of 70,000 Users

The communication platform Discord has disclosed a significant data breach originating from a third-party customer service vendor, 5CA. The incident, which occurred in early October 2025, resulted in unauthorized access to the sensitive data of approximately 70,000 users who had interacted with Discord's support teams. Exposed information includes photos of government-issued IDs, names, email addresses, IP addresses, and partial billing data. The breach highlights the persistent and growing risk of supply chain attacks, where attackers target less secure partners to access data from larger organizations.

Discord5CAData BreachSupply Chain AttackPII +2 more

Data Breach

Supply Chain Attack

Ransomware Groups Pivot to Healthcare Vendors, Attacks Surge 30%

Healthcare Ransomware Attacks Shift to Vendors, Surging 30% in 2025 as Criminals Target Supply Chain

A new report from Comparitech reveals a significant strategic shift in ransomware attacks targeting the healthcare sector. While attacks on direct care providers remained steady, incidents involving healthcare-affiliated businesses and vendors surged by 30% in the first nine months of 2025. Threat actors like Qilin and INC are increasingly targeting less-secure partners such as medical billing services and pharmaceutical manufacturers to disrupt the healthcare supply chain, leading to the breach of over 6 million records from confirmed attacks on these adjacent businesses alone.

RansomwareHealthcareSupply Chain AttackQilinINC Ransomware +2 more

Ransomware

Supply Chain Attack

Threat Actor

Russian APT Seashell Blizzard Targets European Critical Infrastructure

Sandworm Subgroup 'Seashell Blizzard' Targets European Critical Infrastructure with Custom Malware

A subgroup of the Russian state-sponsored threat actor Sandworm, tracked as Seashell Blizzard, is conducting a new campaign against critical infrastructure in Ukraine and Europe. The attacks leverage phishing emails with malicious XLL attachments to deliver a custom downloader, CheapShot, which in turn deploys a backdoor called ShroudDoor. The campaign targets organizations in the agricultural, defense, transportation, and manufacturing sectors, highlighting ongoing espionage and disruptive efforts by Russian APTs.

Seashell BlizzardSandwormAPT28RussiaCritical Infrastructure +4 more

Russian APT Seashell Blizzard Targets European Critical Infrastructure

Threat Actor

Cyberattack

Malware

LastPass Warns of Active Phishing Campaign Impersonating Brand

MEDIUM

LastPass Issues Alert on Active Phishing Campaign Falsely Claiming a Hack

Password manager LastPass issued an alert on October 13, 2025, about an active phishing campaign targeting its users. The attackers are sending emails from a fraudulent domain with subject lines like "We Have Been Hacked," creating a false sense of urgency to trick users into clicking a malicious link. The link directs victims to a convincing phishing site designed to steal their master password. LastPass has confirmed it was not hacked and is working to take down the malicious infrastructure.

LastPassPhishingCredential TheftSocial EngineeringMFA

Security Operations

New Android Spyware "ClayRat" Spreads via Telegram, Hijacks SMS

Android Spyware "ClayRat" Targets Russian Users via Telegram, Stealing SMS and Spreading to Contacts

A new Android spyware named "ClayRat" is targeting Russian users through fake applications distributed on phishing sites and Telegram. The malware uses sophisticated techniques to bypass Android 13+ security restrictions, install itself as the default SMS handler to intercept 2FA codes, and exfiltrate a wide range of data including call logs and photos. A key feature of ClayRat is its self-propagation mechanism, where it automatically sends malicious links via SMS to all contacts on the victim's device, rapidly expanding the infection.

AndroidSpywareClayRatMalwareTelegram +3 more

New Android Spyware "ClayRat" Spreads via Telegram, Hijacks SMS

Malware

Mobile Security

Ivanti Discloses 13 Vulnerabilities in Endpoint Manager, Two High-Severity

Ivanti Publishes Advisory for 13 Vulnerabilities in Endpoint Manager (EPM), Including High-Severity RCE and Privilege Escalation Flaws

Ivanti has released a security advisory for its Endpoint Manager (EPM) software, detailing 13 new vulnerabilities. The batch includes two high-severity flaws—one allowing for local privilege escalation and another for remote code execution with user interaction—and eleven medium-severity bugs, many of which are SQL injection vulnerabilities. While none of the flaws are known to be actively exploited, Ivanti is urging customers to upgrade from the now end-of-life EPM 2022 to the more secure 2024 version and apply forthcoming patches.

IvantiVulnerabilityPatch ManagementEPMRCE +2 more

Ivanti Discloses 13 Vulnerabilities in Endpoint Manager, Two High-Severity

Vulnerability

Patch Management

New York Inflation Refund Program Exploited in Phishing Scams

MEDIUM

Scammers Exploit New York State Inflation Refund Program with Phishing and Smishing Campaigns

The New York State Department of Taxation and Finance is warning residents about phishing and smishing (SMS phishing) campaigns that are exploiting a legitimate state inflation relief program. Scammers are sending fraudulent messages claiming that recipients must submit personal and payment information via a malicious link to receive their refund. In reality, the legitimate program sends checks automatically to eligible taxpayers with no action required. The scams use social engineering to create urgency and trick victims into giving up sensitive data.

PhishingSmishingScamNew YorkSocial Engineering +1 more

3 min read