Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 4, 2025, Oracle released a fix for a newly disclosed critical vulnerability, tracked as CVE-2025-61882, linked to recent extortion emails received by some Oracle E-Business Suite (EBS) customers. This vulnerability allows unauthenticated remote threat actors to achieve remote code execution and resides in the BI Publisher component of Oracle Concurrent Processing.

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update. The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors.

In today’s cybersecurity landscape, one thing remains constant: humans are both our greatest asset and our biggest risk. Despite increasingly sophisticated technology, human risk, insider threats, and social engineering attacks like phishing,continue to lead the charge when it comes to successful breaches.

In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation. This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.

Endpoint security offers immense value to organizations looking to harden their attack surface and reduce overall risk. But endpoint security has evolved considerably over the decades, and not all endpoint security is created equal. Aurora Endpoint Security delivers market-leading AI-driven prevention, detection, and response, stopping threats before they disrupt your business.

On September 25, 2025, Cisco released fixes for two vulnerabilities in Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) that are currently being actively exploited by a sophisticated threat actor. The US Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 requiring Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities by 12 PM EDT on September 26.