In partnership with
This week the spotlight is on a critical Oracle E‑Business Suite zero-day being actively exploited by Cl0p, underscoring the rising risk of supply‑chain–adjacent enterprise software. Also in focus: VMware zero-day patching, Unity engine’s LFI, and surging scans on Palo Alto portals. The stakes: high exposure in business‑critical systems.
🚨 Top Stories
1. Oracle EBS Zero‑Day Exploited by Cl0p, Emergency Patch Released
Oracle published an emergency alert for CVE‑2025‑61882, a remote code execution flaw in E‑Business Suite that requires no authentication — and there is evidence it’s already being exploited in Cl0p data theft campaigns. The Hacker News
💡 Key Takeaway: Prioritize patching all exposed Oracle EBS instances immediately. Use IOCs from Oracle’s advisory and Tenable’s FAQ to hunt for signs of compromise.
2. Broadcom Patches VMware Zero‑Day Used by State-Aligned Threat Actor
Broadcom released fixes for CVE‑2025‑41244 in VMware Tools / Aria Operations, a privilege escalation bug exploited by UNC5174. TechRadar
💡 Key Takeaway: Update all VMware Tools / Aria components promptly, especially in VMs exposed to untrusted users, and validate no unauthorized root escalation has occurred.
3. Unity Engine Fixes Decade‑Old LFI, Developers Must Recompile
Unity disclosed a serious Local File Inclusion (LFI) vulnerability dating back to version 2017.1. A patched version and runtime patcher are available for affected platforms (Android, macOS, Windows) — though some Linux / anti-cheat builds may remain vulnerable. PC Gamer
💡 Key Takeaway: Audit Unity‑based applications (especially cross‑platform) and recompile / republish with the patch. For non‑recompilable builds, apply vendor patchers where supported.
🛠️ Vulnerability Spotlight
CVE‑2025‑61882 (Oracle EBS Remote Code Execution)
Severity / Exposure: 9.8 CVSS, exploited in the wild. The Hacker News
Attack vector: Unauthenticated HTTP access to EBS Concurrent Processing / BI Publisher integration component. Cyber Security News
• QNAP NetBak Replicator Code Execution Flaw
A newly disclosed local code execution vulnerability in QNAP’s NetBak Replicator utility allows a local attacker to execute unauthorized code. Cyber Security News
💡 Key Takeaway: For QNAP deployments, restrict access to NetBak Replicator functionality, isolate affected appliances, and patch as soon as vendor updates arrive.
📊 Trend to Watch
Prompt injection attacks in production LLM systems (zero-click) are here
The EchoLeak study (CVE‑2025‑32711) revealed a zero-click prompt injection exploit in Microsoft 365 Copilot that chain‑exfiltrated data without any user interaction. arXiv
💡 Key Takeaway: LLM systems, even in trusted environments, must be treated as attack surfaces — enforce prompt isolation, content sanitization, and provenance validation aggressively.
🏛️ Policy & Regulation Watch
Expiration of the Cybersecurity Information Sharing Act (CISA)
As of October 1, 2025, the CISA (information sharing incentive law) has lapsed amid the U.S. government shutdown. Industry observers warn this may reduce cross-sector intelligence sharing by up to 80%. World Economic Forum
💡 Key Takeaway: Organizations should bolster internal threat intelligence channels and reconsider direct vendor / partner sharing agreements now that federal protections are unclear.
🧰 Tool / Resource of the Week
Tenable’s CVE‑2025‑61882 FAQ & detection guidance
Tenable published a detailed FAQ and detection approach for the Oracle EBS zero‑day, including mappings of affected versions, recommended controls, and plugin availability. Tenable💡 Key Takeaway: Use Tenable’s guidance to configure IDS/IPS rules, detection scanning, and verification steps specifically for CVE‑2025‑61882.
⚡ Quick Hits
Spike in Palo Alto login portal scans: Addresses hitting PAN-OS login pages increased ~500% on Oct 3, per GreyNoise. The Hacker News
Windows 10 end-of-support approaches: Microsoft ends support on October 14, 2025 — many organizations still have unpatched endpoints. UTIA Security
London nursery chain Kido breached: Radiant group exfiltrated data of over 8,000 children via a ransomware-style attack. Applied Tech
Renault data impacted via third-party breach: Customer data compromised through an external provider. HackRead
🛡️ Actionable Defense Move of the Week
Deploy dynamic-layered isolation + active hunt for enterprise app exploitation
Segment and firewall critical enterprise apps (Oracle EBS, VMware management consoles) behind minimal access zones.
Launch threat hunts targeting lateral movement, unexpected processes, and abnormal HTTP requests into these systems.
Apply host‑based detection (EPP / EDR) rules tuned for known IOCs and anomalous behaviors around EBS components and VMware Tools.
📝 Final Word
This week highlights a shifting battleground: not just infrastructure, but the business logic layer itself (Oracle EBS), and the emerging attack surface in AI systems. Defenders must pivot from reactive patching to proactive isolation, detection, and anticipation — because adversaries are reaching deeper than ever.
That’s it for this week — stay sharp. Share InfoSec.Watch with a teammate so they don’t fall behind.
The Gold standard for AI news
AI keeps coming up at work, but you still don't get it?
That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.
Here's what you get:
Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.
Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.
New AI tools tested and reviewed - We try everything to deliver tools that drive real results.
All in just 3 minutes a day