In partnership with

This week’s biggest risk spans both core enterprise apps and critical infrastructure: Oracle shipped an emergency fix for a new E-Business Suite zero-day (CVE-2025-61884) amid ongoing exploitation, F5 disclosed a year-long breach with source-code theft, and Microsoft’s Patch Tuesday landed with one of the largest CVE tallies of the year.

🚨Top Stories

  1. F5 breach: year-long intrusion with source code and vuln research stolen
    Reuters reports the F5 compromise persisted for over a year and involved theft of source code and sensitive vulnerability information; U.S. officials link it to a state-backed actor. CISA issued an emergency directive to federal agencies in response. Reuters
    💡 Key Takeaway: Treat this as supply-chain + infrastructure risk. Inventory F5 gear, apply vendor updates, rotate any credentials/keys that may interact with F5 systems, and monitor for exploit attempts that leverage leaked insight.

  2. Oracle ships emergency patch for new E-Business Suite flaw (CVE-2025-61884)
    Oracle’s Security Alert addresses unauthenticated network access to sensitive EBS resources (v12.2.3–12.2.14). This follows the separate CVE-2025-61882 RCE fixed earlier this month and comes amid active extortion campaigns. Oracle
    💡 Key Takeaway: Even if you patched 61882, add 61884 to your priority queue now. Restrict/segment EBS HTTP entry points until fully remediated and hunted.

  3. Microsoft Patch Tuesday (Oct 2025): ~170–180 CVEs, multiple criticals
    This month’s update is one of the year’s largest, spanning Windows, Azure, Office, and more; guidance highlights urgent items and zero-days addressed. Qualys
    💡 Key Takeaway: Fast-track patching on domain controllers, WSUS/management infra, and internet-facing Windows services. Validate rollout with scans—don’t assume compliance.

🛠️ Vulnerability Spotlight

  • CVE-2025-61884 — Oracle E-Business Suite (Configurator) unauthenticated access
    Official Oracle advisory confirms unauthenticated network exploitation to access sensitive resources. Oracle
    💡 Key Takeaway: Patch immediately, isolate EBS web components, and hunt logs for abnormal HTTP to Configurator/BI Publisher paths.

  • CVE-2025-11001 / CVE-2025-11002 — 7-Zip ZIP traversal → RCE
    ZDI advisories detail path-traversal behavior in crafted archives enabling overwrite and potential code execution; users often lack auto-updates. Zero Day Initiative
    💡 Key Takeaway: Push 7-Zip v25.01+ across endpoints; sandbox archive handling and block extraction in high-risk paths.

📈 Trend to Watch

Cross-layer pressure: enterprise apps + infrastructure + utilities
Attackers are mixing application zero-days (Oracle EBS) with infra targets (F5 breach insights, Windows services) and “mundane” utilities (7-Zip) to broaden initial access and persistence.
💡 Key Takeaway: Expand patch governance beyond “big apps” to include infra services and ubiquitous tools; weakest-link exploitation is the norm.

🏛️ Policy & Regulation Watch

CISA adds five more entries to the KEV Catalog (Oct 20)
CISA’s latest update flags additional actively exploited CVEs—intended to drive near-term remediation. CISA
💡 Key Takeaway: If a CVE enters KEV, elevate it to must-fix status in your backlog.

🧰 Tool / Resource of the Week

Oracle Security Alert — CVE-2025-61884 (canonical patch & details)
The official advisory lists affected versions, risk matrix, and patching steps—use it as your source of truth for remediation and validation. Oracle
💡 Key Takeaway: Align detection content and change control to this advisory to avoid gaps between perceived and actual patch state.

⚡ Quick Hits

  • CISA: “Five new KEV entries” (Oct 20)—re-prioritize any matching assets. CISA

  • Taiwan notes 17% rise in PRC cyberattacks YTD—2.8M/day attempts on gov’t networks. Reuters

  • Patch Tuesday coverage—independent breakdowns summarize urgent Microsoft items. Qualys

  • Oracle EBS exploit guidance—Google/Mandiant detail active abuse of the earlier 61882 flaw (context for sustained EBS targeting). Google Cloud

🛡️ Actionable Defense Move

Run a 72-hour “Core Apps & Infra” patch + hunt sprint

  1. Oracle EBS: Patch 61884, confirm 61882 already deployed; restrict EBS web access, add WAF rules; hunt for suspicious Configurator/BI Publisher requests using Oracle’s indicators. Oracle

  2. F5 footprint: Inventory BIG-IP/F5OS devices, apply vendor updates, rotate associated secrets/keys, and increase telemetry around F5 mgmt and data-plane traffic. Reuters

  3. Windows estate: Apply Oct updates with priority on DCs, WSUS/management hosts; verify with vulnerability scanning/patch compliance tools. Qualys

  4. Utilities: Push 7-Zip v25.01+; enforce safe extraction locations and block write-outside-target behavior. Zero Day Initiative

💡 Key Takeaway: Treat EBS + F5 + Windows management as a single blast-radius—close all three to prevent chained compromise.

🏁 Final Word

Defenders can’t win by patching “big apps” alone. This week shows how adversaries stitch enterprise zero-days, infra weaknesses, and everyday tools into one attack path. Close the loop across all three, validate relentlessly, and assume scans and probing are early warnings—not noise.

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

Dynamic Voice guides users in the moment
Picture-in-Picture stay visible across your site and others
Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

That’s it for this week — stay sharp. Share InfoSec.Watch with a teammate so they don’t fall behind.

Subscribe

Keep Reading

No posts found

© 2025 InfoSec.Watch.

Privacy policy

Terms of use

Powered by beehiiv