CyberNews: 06/10/2025 Edition

Published by Dunateo on 2025-10-06

Today’s roundup

  • Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
  • Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
  • ENISA Threat Landscape 2025 Report: Converging Cyber Threats Across EU
  • Asahi Confirms Ransomware Attack, Data Stolen from Servers
  • Scanning of Palo Alto Portals Surges 500% Amid Attack Fears
  • Renault Informs Customers of Supply Chain Data Breach
  • Six out of 10 UK Secondary Schools Hit by Cyber-Attack or Breach in Past Year

    • Summary

    A critical Zimbra Collaboration Suite zero-day (CVE-2025-27915) was exploited via malicious ICS files to target Brazil's military, enabling session hijacking and data exfiltration. Oracle issued emergency patches for CVE-2025-61882 (CVSS 9.8) in its E-Business Suite after Cl0p ransomware group exploitation. The ENISA Threat Landscape 2025 report documented 4,900 EU incidents, highlighting ransomware's dominance, AI-powered phishing campaigns, and convergence of criminal-state-hacktivist operations. Asahi Group confirmed ransomware-induced operational disruption, with manual order processing implemented post-attack. Cybersecurity firms observed a 500% surge in Palo Alto Networks portal scans, indicating reconnaissance for potential exploits. Renault-Dacia disclosed a supply chain breach impacting customer data. UK government data revealed 60% of secondary schools suffered cyber incidents in 2025, with threat actors increasingly targeting educational institutions over private firms.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-27915 Medium
    CVE-2025-61882 Critical