October 13, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What's Going On at Salesforce? - The 443 Podcast - Episode 347
This week on the podcast, we discuss the wave of extortion attacks targeting companies that use Salesforce. After that, we discuss Discord's breach involving their customer support application. Finally, we dive deep into the recent Oracle E-Business Suite zero-day vulnerability and how attackers chained together multiple low-severity findings into a critical issue.
How we built the Questionnaire Automation Browser Extension
Many of our customers ran into an issue where they’d receive questionnaires via third-party vendor portals and would need to import them into the Vanta app. Since these portals lacked spreadsheet export, their only option was to manually copy and paste questions into a spreadsheet before uploading it to Vanta.
CVE-2025-61884: Oracle Releases Emergency Patch for Information Disclosure Flaw
On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.
Fidelis Security's Collaboration with Palo Alto | Unparalleled Protection, Visibility & Control
Discover how Fidelis Security and Palo Alto Networks are joining forces to deliver a powerful, integrated cybersecurity solution that redefines network visibility and protection. In this collaboration, Fidelis Network enhances Palo Alto’s Prisma Access with advanced Network Detection and Response (NDR) capabilities—empowering security teams with deep network insights, automated threat detection, and unmatched visibility across hybrid environments.
How to Add MCP Servers to Windsurf
In this video, I’ll show you exactly how to add MCP (Model Context Protocol) servers to Windsurf step-by-step. Whether you’re setting up your first server or connecting custom ones for development, this guide will walk you through the entire process clearly and quickly.
MFA's
You double-check the stove, the locks, and your car keys… why not your logins? MFA is basically your account’s bestie who never lets you down.
Why you keep getting job scam texts
Job scam texts are blowing up phones everywhere, and they’re only getting sneakier. Stay one step ahead by keeping the fakes out, and help keep your information safe with Avast Mobile Security. You’re in line for coffee when your phone buzzes: “Hi! We reviewed your profile for a remote job. $1,200/week, no experience needed! Text YES to learn more.” Looks tempting at first glance, right? But if your scam radar isn't going off yet, it should be.
A Surge in Text Message Scams Targets Younger Americans
A new report warns of a significant spike in SMS phishing (smishing) scams targeting younger Americans between 18 and 29 years old. The report, released by Consumer Reports, Aspen Digital and the Global Cyber Alliance, also found that 30 percent of people who experienced a cyberattack or scam this year said it began over a text message or a messaging app, compared to 20 percent last year.
Warning: Job Scams Surge by More than 1000%
Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee. Job seekers are particularly vulnerable to scams, since they’re expecting to receive unsolicited messages and are more likely to overlook red flags. The researchers offer the following advice to help users avoid falling for these attacks: The researchers conclude that awareness is an essential layer of defense against social engineering attacks.