Cyber Security Headlines – October 7, 2025

Host: Lauren Verno, CISO Series
Episode Theme:
A fast-paced roundup of the day’s most significant cybersecurity threats, vulnerabilities, and headline-grabbing attacks, with a focus on ongoing and newly discovered breaches affecting popular software, platforms, and cloud services.

Key Discussion Points & Insights

1. Unity Vulnerability Threatens Popular Games

Summary:
A high-severity bug in Unity, the popular game development platform, threatens major titles including Pokémon Go and Genshin Impact across Android, Windows, macOS, and Linux.
Attack Vector:
Exploitable via affected apps, allows attackers to execute arbitrary code.
Industry Response:
- Microsoft is flagging potentially vulnerable apps and games.
- Steam has blocked launches containing risky command line parameters.
Developer Guidance:
Unity urges all developers to patch editors or replace runtime files immediately to keep players safe.
Memorable Line:

“Unity built games like Pokémon Go and Genshin Impact are affected by a high severity bug that could let attackers execute code through affected apps.”
— Lauren Verno [00:11]
[00:07 – 01:20]

2. Oracle Zero-Day Patched after CLOP Ransomware Attacks

Summary:
The CLOP Ransomware group exploited a critical zero-day (CVSS 9.8) in Oracle’s E-Business Suite (EBS), stealing data and launching extortion campaigns.
Affected Versions:
Oracle EBS v12.14.
Company Response:
Oracle has released security patches and indicators of compromise.
Expert Warning:
Even with patches released, “security experts warn other threat actors could exploit the same vulnerability.”
Pattern:
This follows CLOP’s recent pattern of attacking widely used enterprise platforms (Clio, MoveIt, Fortra).
Notable Quote:

"The flaw allows remote code execution on EBS versions 12.14 and carries a critical severity rating of 9.8."
— Lauren Verno [01:22]
[01:21 – 02:07]

3. Discord Breach Exposes Support User Info

Summary:
A third-party support vendor breach exposed personal info of Discord users who contacted support or trust and safety teams.
Exposed Data:
Names, emails, IP addresses, billing information, and government ID images (submitted for age verification).
Discord’s Actions:
Revoked breached vendor’s access. Not disclosing provider’s name or number of impacted users, but notifying those affected.
Notable Quote:

“The incident only impacts users who contacted Discord’s support or trusted safety teams, exposing personal information…”
— Lauren Verno [02:10]
[02:08 – 02:46]

4. GoAnywhere MFT Flaw Used in Medusa Ransomware Attacks

Summary:
The Storm-1175 group is exploiting a critical Fortra GoAnywhere MFT vulnerability for ransomware attacks (Medusa) and lateral movement.
Impact:
Allows remote command execution without user interaction. Over 500 exposed instances tracked.
Advice:
Microsoft and Fortra urge immediate patching and log inspection for compromise indicators.
Notable Moment:

“…enabling lateral movement, file exfiltration and ransomware deployment.”
— Lauren Verno [02:47]
[02:47 – 03:37]

5. WhatsApp Malware Campaign Targets South American Orgs

Summary:
Malware spreading via WhatsApp phishing, primarily affects government agencies and businesses in Brazil.
Propagation:
Phishing disguises as receipts/forms, then automatically spreads to contacts through hijacked WhatsApp Web sessions.
Objective:
Rapid spread appears prioritized over data theft; some payloads can steal banking credentials.
Memorable Line:

“The malware arrives in phishing messages, disguises receipts or forms, and hijacks WhatsApp Web to automatically send itself to all contacts.”
— Lauren Verno [04:18]
[04:18 – 04:55]

6. Crowdsourced Ransomware: Scattered Lapsis Hunters

Summary:
Crime group offers $10 in Bitcoin for anyone to harass executives at companies allegedly breached, seeking crowdsourced extortion.
Victims:
39 named, mostly with Salesforce integrations.
Instructions & Rewards:
Higher rewards for use of personal email accounts or “exceptionally well” executed harassment campaigns.
Notable Quote:

“Followers are urged to email executives until they pay with higher rewards for using personal accounts or doing a quote, an exceptionally well job.”
— Lauren Verno [05:30]
[04:56 – 05:50]

7. Chinese Cybercrime Group Runs Global SEO Fraud Operation

Summary:
UAT8099, a Chinese-speaking group, uses compromised Microsoft IIS servers to run global SEO fraud, steal credentials, and manipulate search results.
Target Regions:
India, Thailand, Vietnam, Canada, Brazil (including universities and telecoms).
Tactics:
Tools like Cobalt Strike, IIS malware, and locking out rival attackers.
Memorable Line:

“Researchers say the group uses tools like Cobalt Strike and bad IIS malware to hijack search results and steal credentials…”
— Lauren Verno [06:06]
[05:51 – 06:23]

8. Wiz Launches $4.5M Zero-Day Cloud Bug Bounty Competition

Summary:
Wiz announces the “Zero Day Dot Cloud” bug bounty at Black Hat Europe, December in London — up to $300,000 top prizes for exploits on popular cloud components (web servers, AI containers, databases, DevOps platforms).
Entry Link:
Available via CISOseries.com show notes.
Notable Moment:

“Top prizes reach $300,000 for web server exploits, with AI containers, databases and DevOps platforms also in play.”
— Lauren Verno [06:45]
[06:24 – 07:00]

Notable Quotes & Memorable Moments

On reporting widespread vulnerabilities:

“Unity has patched the flaw and urges developers to update editors or replace runtime files in existing games to keep players safe.”
— Lauren Verno [01:11]
Caution after zero-day exploitation:

“…security experts warn other threat actors who could exploit the same vulnerability.”
— Lauren Verno [01:48]
On Discord breach transparency:

“The company is actively notifying affected users, but did not disclose how many were impacted.”
— Lauren Verno [02:29]
Scale of MFT vulnerability exposure:

“The Shadow Server Foundation has already tracked over 500 exposed instances online…”
— Lauren Verno [03:25]
On ransomware crowd-sourcing:

“…the crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies it claims to have breached.”
— Lauren Verno [05:05]

Additional Links

For more details, links to bug bounty application, event info, and story deep-dives, visit cisoseries.com.

This episode offered a whirlwind tour of major risks facing both consumers and enterprises — from gaming bugs and support vendor breaches to ransomware groups innovating with crowdsourcing, and new bug bounty incentives shaping cloud security research.

Stay informed. Stay secure.

Cyber Security Headlines – October 7, 2025

Key Discussion Points & Insights

1. Unity Vulnerability Threatens Popular Games

Summary:
A high-severity bug in Unity, the popular game development platform, threatens major titles including Pokémon Go and Genshin Impact across Android, Windows, macOS, and Linux.
Attack Vector:
Exploitable via affected apps, allows attackers to execute arbitrary code.
Industry Response:
- Microsoft is flagging potentially vulnerable apps and games.
- Steam has blocked launches containing risky command line parameters.
Developer Guidance:
Unity urges all developers to patch editors or replace runtime files immediately to keep players safe.
Memorable Line:

“Unity built games like Pokémon Go and Genshin Impact are affected by a high severity bug that could let attackers execute code through affected apps.”
— Lauren Verno [00:11]
[00:07 – 01:20]

2. Oracle Zero-Day Patched after CLOP Ransomware Attacks

Summary:
The CLOP Ransomware group exploited a critical zero-day (CVSS 9.8) in Oracle’s E-Business Suite (EBS), stealing data and launching extortion campaigns.
Affected Versions:
Oracle EBS v12.14.
Company Response:
Oracle has released security patches and indicators of compromise.
Expert Warning:
Even with patches released, “security experts warn other threat actors could exploit the same vulnerability.”
Pattern:
This follows CLOP’s recent pattern of attacking widely used enterprise platforms (Clio, MoveIt, Fortra).
Notable Quote:

"The flaw allows remote code execution on EBS versions 12.14 and carries a critical severity rating of 9.8."
— Lauren Verno [01:22]
[01:21 – 02:07]

3. Discord Breach Exposes Support User Info

Summary:
A third-party support vendor breach exposed personal info of Discord users who contacted support or trust and safety teams.
Exposed Data:
Names, emails, IP addresses, billing information, and government ID images (submitted for age verification).
Discord’s Actions:
Revoked breached vendor’s access. Not disclosing provider’s name or number of impacted users, but notifying those affected.
Notable Quote:

“The incident only impacts users who contacted Discord’s support or trusted safety teams, exposing personal information…”
— Lauren Verno [02:10]
[02:08 – 02:46]

4. GoAnywhere MFT Flaw Used in Medusa Ransomware Attacks

Summary:
The Storm-1175 group is exploiting a critical Fortra GoAnywhere MFT vulnerability for ransomware attacks (Medusa) and lateral movement.
Impact:
Allows remote command execution without user interaction. Over 500 exposed instances tracked.
Advice:
Microsoft and Fortra urge immediate patching and log inspection for compromise indicators.
Notable Moment:

“…enabling lateral movement, file exfiltration and ransomware deployment.”
— Lauren Verno [02:47]
[02:47 – 03:37]

5. WhatsApp Malware Campaign Targets South American Orgs

Summary:
Malware spreading via WhatsApp phishing, primarily affects government agencies and businesses in Brazil.
Propagation:
Phishing disguises as receipts/forms, then automatically spreads to contacts through hijacked WhatsApp Web sessions.
Objective:
Rapid spread appears prioritized over data theft; some payloads can steal banking credentials.
Memorable Line:

“The malware arrives in phishing messages, disguises receipts or forms, and hijacks WhatsApp Web to automatically send itself to all contacts.”
— Lauren Verno [04:18]
[04:18 – 04:55]

6. Crowdsourced Ransomware: Scattered Lapsis Hunters

Summary:
Crime group offers $10 in Bitcoin for anyone to harass executives at companies allegedly breached, seeking crowdsourced extortion.
Victims:
39 named, mostly with Salesforce integrations.
Instructions & Rewards:
Higher rewards for use of personal email accounts or “exceptionally well” executed harassment campaigns.
Notable Quote:

“Followers are urged to email executives until they pay with higher rewards for using personal accounts or doing a quote, an exceptionally well job.”
— Lauren Verno [05:30]
[04:56 – 05:50]

7. Chinese Cybercrime Group Runs Global SEO Fraud Operation

Summary:
UAT8099, a Chinese-speaking group, uses compromised Microsoft IIS servers to run global SEO fraud, steal credentials, and manipulate search results.
Target Regions:
India, Thailand, Vietnam, Canada, Brazil (including universities and telecoms).
Tactics:
Tools like Cobalt Strike, IIS malware, and locking out rival attackers.
Memorable Line:

“Researchers say the group uses tools like Cobalt Strike and bad IIS malware to hijack search results and steal credentials…”
— Lauren Verno [06:06]
[05:51 – 06:23]

8. Wiz Launches $4.5M Zero-Day Cloud Bug Bounty Competition

Summary:
Wiz announces the “Zero Day Dot Cloud” bug bounty at Black Hat Europe, December in London — up to $300,000 top prizes for exploits on popular cloud components (web servers, AI containers, databases, DevOps platforms).
Entry Link:
Available via CISOseries.com show notes.
Notable Moment:

“Top prizes reach $300,000 for web server exploits, with AI containers, databases and DevOps platforms also in play.”
— Lauren Verno [06:45]
[06:24 – 07:00]

Notable Quotes & Memorable Moments

On reporting widespread vulnerabilities:

“Unity has patched the flaw and urges developers to update editors or replace runtime files in existing games to keep players safe.”
— Lauren Verno [01:11]
Caution after zero-day exploitation:

“…security experts warn other threat actors who could exploit the same vulnerability.”
— Lauren Verno [01:48]
On Discord breach transparency:

“The company is actively notifying affected users, but did not disclose how many were impacted.”
— Lauren Verno [02:29]
Scale of MFT vulnerability exposure:

“The Shadow Server Foundation has already tracked over 500 exposed instances online…”
— Lauren Verno [03:25]
On ransomware crowd-sourcing:

“…the crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies it claims to have breached.”
— Lauren Verno [05:05]

Additional Links

For more details, links to bug bounty application, event info, and story deep-dives, visit cisoseries.com.

Stay informed. Stay secure.

wavePod

Unity vulnerability, Oracle zero-day patched, Discord user info exposed

Powered by Wave AI

Summary

Cyber Security Headlines – October 7, 2025

Key Discussion Points & Insights

1. Unity Vulnerability Threatens Popular Games

2. Oracle Zero-Day Patched after CLOP Ransomware Attacks

3. Discord Breach Exposes Support User Info

4. GoAnywhere MFT Flaw Used in Medusa Ransomware Attacks

5. WhatsApp Malware Campaign Targets South American Orgs

6. Crowdsourced Ransomware: Scattered Lapsis Hunters

7. Chinese Cybercrime Group Runs Global SEO Fraud Operation

8. Wiz Launches $4.5M Zero-Day Cloud Bug Bounty Competition

Notable Quotes & Memorable Moments

Additional Links

Summary

Cyber Security Headlines – October 7, 2025

Key Discussion Points & Insights

1. Unity Vulnerability Threatens Popular Games

2. Oracle Zero-Day Patched after CLOP Ransomware Attacks

3. Discord Breach Exposes Support User Info

4. GoAnywhere MFT Flaw Used in Medusa Ransomware Attacks

5. WhatsApp Malware Campaign Targets South American Orgs

6. Crowdsourced Ransomware: Scattered Lapsis Hunters

7. Chinese Cybercrime Group Runs Global SEO Fraud Operation

8. Wiz Launches $4.5M Zero-Day Cloud Bug Bounty Competition

Notable Quotes & Memorable Moments

Additional Links