In the news of the week ending October 10, 2025, are five major providers affected by critical failures this week.
A critical zero-day exploit chain has been identified that affects Cisco ASA (Adaptive Security Appliance) and FTD (Firepower Threat Defense) software, targeting its WebVPN module, allowing authentication bypass (CVE-2025-20362) followed by a buffer overflow (CVE-2025-20333) to achieve remote execution without authentication.
Cisco has already released patches (e.g., ASAv 9.16.4.85), and administrators are advised to apply the updates immediately, especially if they have the clientless VPN portal enabled.
Wiz Research discovered a remote code execution (RCE) vulnerability in Redis, called RediShell, which originates from a bug that has existed for about 13 years in the handling of Lua scripts. With a CVSS of 10.0, the flaw allows escaping the Lua sandbox and executing native code on the host.
Since Redis is used in approximately 75% of cloud environments, many instances are at risk, especially those that are publicly exposed or unauthenticated. Organizations are urged to patch immediately and as a priority.
Oracle has issued an emergency patch for a critical vulnerability in its E-Business Suite (CVE-2025-61882, with a CVSS score of 9.8) that is already being exploited by the Cl0p group for data theft. The flaw allows an unauthenticated attacker to compromise the Concurrent Processing component via HTTP. The company urged organizations to review possible previous compromises, as it could have been used before the patch.
A group calling itself Scattered LAPSUS$ Hunters claims to have stolen large volumes of data from dozens of companies using Salesforce instances and is demanding ransoms, citing up to 1 billion stolen records.
Salesforce states that it has not detected any recent intrusions into its platform and that the extortion attempts are linked to past or unconfirmed incidents. However, the attackers are also threatening to use existing legal litigation to put pressure on the provider.
A vulnerability has been discovered in Copilot Chat that combines Content Security Policy bypass and prompt injection: it allows AWS keys and zero-day vulnerabilities to be leaked and controls the responses received by the user.
The attacker can insert hidden comments that are not displayed but alter the context of the chat and extract data encoded via URL, exploiting the way Copilot handles commented HTML requests. GitHub has already disabled the use of Camo for these leaks.
Users are copying confidential information from their companies into AI tools such as ChatGPT, creating risks of deliberate or accidental leaks. It is clear that the ease of use and informal integration of these services create a significant internal leak vector that many organizations still do not adequately regulate.
Authorities have seized the BreachForums domain, associated with the Scattered LAPSUS$ Hunters group, which has been active in extortion and data theft campaigns. This move could temporarily hinder the group’s public operations, but it does not guarantee the interruption of its activities, which could migrate to other domains or clandestine networks.
In a world increasingly dependent on cloud computing, audits have become an essential component of…
In today’s digital world, data is the most valuable asset of any organization. Protecting information…
Introduction The System of Operational Research Activities (SORM) represents one of the most sophisticated and…
The cybersecurity landscape is constantly evolving, and cybercriminals are developing increasingly sophisticated techniques to bypass…
Cybersecurity is the practice of protecting systems, networks, applications and data from cyber threats. Organizations…
The KISS (keep it simple, stupid or keep it stxpid simple) principle encourages designers, developers,…