Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.

The identity attack surface is expanding faster than ever. Every new cloud application, remote login, and digital touchpoint creates another entryway threat actors can exploit, targeting the very credentials that give employees, customers, and partners access to critical systems. One of the top, tried-and-true identity attack techniques threat actors have utilized with great success is called an account takeover.

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. As of October 8, 2025, the investigation has concluded and SonicWall has updated their advisory accordingly.

On October 4, 2025, Oracle released a fix for a newly disclosed critical vulnerability, tracked as CVE-2025-61882, linked to recent extortion emails received by some Oracle E-Business Suite (EBS) customers. This vulnerability allows unauthenticated remote threat actors to achieve remote code execution and resides in the BI Publisher component of Oracle Concurrent Processing.

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update. The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors.

In today’s cybersecurity landscape, one thing remains constant: humans are both our greatest asset and our biggest risk. Despite increasingly sophisticated technology, human risk, insider threats, and social engineering attacks like phishing,continue to lead the charge when it comes to successful breaches.

In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation. This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.

Endpoint security offers immense value to organizations looking to harden their attack surface and reduce overall risk. But endpoint security has evolved considerably over the decades, and not all endpoint security is created equal. Aurora Endpoint Security delivers market-leading AI-driven prevention, detection, and response, stopping threats before they disrupt your business.

On September 25, 2025, Cisco released fixes for two vulnerabilities in Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) that are currently being actively exploited by a sophisticated threat actor. The US Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 requiring Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities by 12 PM EDT on September 26.

On September 23, 2025, SolarWinds released a hotfix for a critical vulnerability impacting Web Help Desk (WHD), tracked as CVE-2025-26399. The vulnerability arises from a deserialization flaw in the AjaxProxy component that could allow a remote unauthenticated threat actor to achieve remote code execution. CVE-2025-26399 is the second bypass of a flaw originally disclosed last year as CVE-2024-28986 within WHD, with the first bypass being CVE-2024-28988.