Urgent WSUS Patch Mandated Amidst Wave of Zero-Day Exploits Targeting Oracle, Chrome, and AI Agents

Publication Date: October 29, 2025

Summary

This cybersecurity brief for October 29, 2025, covers a series of critical threats, led by an urgent CISA directive to patch an actively exploited, wormable RCE vulnerability in Windows Server Update Services (CVE-2025-59287). The threat landscape is further defined by major zero-day attacks, with the FIN11/Clop ransomware group targeting Oracle EBS systems at industrial giants, and the 'Mem3nt0 mori' APT exploiting a Chrome zero-day. New malware strains have also emerged, including 'Airstalk' in a suspected nation-state supply chain attack and 'Herodotus', an Android trojan that mimics human behavior. Additionally, a report highlights the destructive impact of the 'Scattered Spider' group and a massive surge in AI-powered vishing attacks.

Today New Articles

"Shadow Escape": New Zero-Click Attack Steals Data from ChatGPT, Claude, and Gemini

A novel zero-click attack vector named "Shadow Escape" has been discovered by researchers at Operant, capable of silently exfiltrating sensitive data from popular AI agents like OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini. The attack exploits the...

Massive 70TB Data Leak at Tata Motors from Exposed AWS Keys

A colossal security failure at Tata Motors has resulted in the exposure of over 70 terabytes of sensitive corporate data, customer information, and infrastructure details. The breach, which was first identified in 2023, stemmed from multiple critical misconfig...

New "Airstalk" Malware Abuses VMware API in Nation-State Supply Chain Attack

A newly identified malware strain, "Airstalk," has been deployed in a sophisticated supply chain attack believed to be sponsored by a nation-state actor. The activity, tracked as the cluster CL-STA-1009, is notable for its novel command-and-control (C2) techni...

Herodotus Android Malware Mimics Human Typing to Bypass Biometric Security

A new Android banking trojan named Herodotus has emerged, offered as a Malware-as-a-Service (MaaS) by a threat actor known as 'K1R0'. The malware is notable for its novel evasion technique: it mimics human typing behavior by introducing random delays during re...

Chrome Zero-Day Exploited by "Mem3nt0 mori" APT to Deploy Spyware

A critical zero-day vulnerability in Google Chrome, CVE-2025-2783, has been actively exploited in a targeted espionage campaign dubbed "Operation ForumTroll." The campaign, which began in March 2025, is attributed to the advanced persistent threat (APT) group...

Article Updates

Qantas Data Breach: 5.7M Customer Records Leaked in Salesforce Supply Chain Attack

Update:A new KnowBe4 report details the escalating threat from 'Scattered Spider' (UNC3944), the group involved in the Qantas breach. Their social engineering, vishing (up 449%), MFA fatigue, and deepfake audio tactics have led to hundreds of millions in losses for U...

Clop Ransomware Breaches American Airlines Subsidiary Envoy Air, Exploiting Oracle EBS Flaw

Update:The Clop ransomware campaign exploiting Oracle E-Business Suite vulnerabilities has expanded, now attributed to the FIN11 threat group and confirmed to leverage a zero-day flaw. New high-profile victims include industrial giants Schneider Electric and Emerson,...