Summary5 min read

Cyber Security Headlines – October 7, 2025

Host: Lauren Verno, CISO Series
Episode Theme:
A fast-paced roundup of the day’s most significant cybersecurity threats, vulnerabilities, and headline-grabbing attacks, with a focus on ongoing and newly discovered breaches affecting popular software, platforms, and cloud services.

Key Discussion Points & Insights

1. Unity Vulnerability Threatens Popular Games

Summary:
A high-severity bug in Unity, the popular game development platform, threatens major titles including Pokémon Go and Genshin Impact across Android, Windows, macOS, and Linux.
Attack Vector:
Exploitable via affected apps, allows attackers to execute arbitrary code.
Industry Response:
- Microsoft is flagging potentially vulnerable apps and games.
- Steam has blocked launches containing risky command line parameters.
Developer Guidance:
Unity urges all developers to patch editors or replace runtime files immediately to keep players safe.
Memorable Line:

“Unity built games like Pokémon Go and Genshin Impact are affected by a high severity bug that could let attackers execute code through affected apps.”
— Lauren Verno [00:11]
[00:07 – 01:20]

2. Oracle Zero-Day Patched after CLOP Ransomware Attacks

Summary:
The CLOP Ransomware group exploited a critical zero-day (CVSS 9.8) in Oracle’s E-Business Suite (EBS), stealing data and launching extortion campaigns.
Affected Versions:
Oracle EBS v12.14.
Company Response:
Oracle has released security patches and indicators of compromise.
Expert Warning:
Even with patches released, “security experts warn other threat actors could exploit the same vulnerability.”
Pattern:
This follows CLOP’s recent pattern of attacking widely used enterprise platforms (Clio, MoveIt, Fortra).
Notable Quote:

"The flaw allows remote code execution on EBS versions 12.14 and carries a critical severity rating of 9.8."
— Lauren Verno [01:22]
[01:21 – 02:07]

3. Discord Breach Exposes Support User Info

Summary:
A third-party support vendor breach exposed personal info of Discord users who contacted support or trust and safety teams.
Exposed Data:
Names, emails, IP addresses, billing information, and government ID images (submitted for age verification).
Discord’s Actions:
Revoked breached vendor’s access. Not disclosing provider’s name or number of impacted users, but notifying those affected.
Notable Quote:

“The incident only impacts users who contacted Discord’s support or trusted safety teams, exposing personal information…”
— Lauren Verno [02:10]
[02:08 – 02:46]

4. GoAnywhere MFT Flaw Used in Medusa Ransomware Attacks

Summary:
The Storm-1175 group is exploiting a critical Fortra GoAnywhere MFT vulnerability for ransomware attacks (Medusa) and lateral movement.
Impact:
Allows remote command execution without user interaction. Over 500 exposed instances tracked.
Advice:
Microsoft and Fortra urge immediate patching and log inspection for compromise indicators.
Notable Moment:

“…enabling lateral movement, file exfiltration and ransomware deployment.”
— Lauren Verno [02:47]
[02:47 – 03:37]

5. WhatsApp Malware Campaign Targets South American Orgs

Summary:
Malware spreading via WhatsApp phishing, primarily affects government agencies and businesses in Brazil.
Propagation:
Phishing disguises as receipts/forms, then automatically spreads to contacts through hijacked WhatsApp Web sessions.
Objective:
Rapid spread appears prioritized over data theft; some payloads can steal banking credentials.
Memorable Line:

“The malware arrives in phishing messages, disguises receipts or forms, and hijacks WhatsApp Web to automatically send itself to all contacts.”
— Lauren Verno [04:18]
[04:18 – 04:55]

6. Crowdsourced Ransomware: Scattered Lapsis Hunters

Summary:
Crime group offers $10 in Bitcoin for anyone to harass executives at companies allegedly breached, seeking crowdsourced extortion.
Victims:
39 named, mostly with Salesforce integrations.
Instructions & Rewards:
Higher rewards for use of personal email accounts or “exceptionally well” executed harassment campaigns.
Notable Quote:

“Followers are urged to email executives until they pay with higher rewards for using personal accounts or doing a quote, an exceptionally well job.”
— Lauren Verno [05:30]
[04:56 – 05:50]

7. Chinese Cybercrime Group Runs Global SEO Fraud Operation

Summary:
UAT8099, a Chinese-speaking group, uses compromised Microsoft IIS servers to run global SEO fraud, steal credentials, and manipulate search results.
Target Regions:
India, Thailand, Vietnam, Canada, Brazil (including universities and telecoms).
Tactics:
Tools like Cobalt Strike, IIS malware, and locking out rival attackers.
Memorable Line:

“Researchers say the group uses tools like Cobalt Strike and bad IIS malware to hijack search results and steal credentials…”
— Lauren Verno [06:06]
[05:51 – 06:23]

8. Wiz Launches $4.5M Zero-Day Cloud Bug Bounty Competition

Summary:
Wiz announces the “Zero Day Dot Cloud” bug bounty at Black Hat Europe, December in London — up to $300,000 top prizes for exploits on popular cloud components (web servers, AI containers, databases, DevOps platforms).
Entry Link:
Available via CISOseries.com show notes.
Notable Moment:

“Top prizes reach $300,000 for web server exploits, with AI containers, databases and DevOps platforms also in play.”
— Lauren Verno [06:45]
[06:24 – 07:00]

Notable Quotes & Memorable Moments

On reporting widespread vulnerabilities:

“Unity has patched the flaw and urges developers to update editors or replace runtime files in existing games to keep players safe.”
— Lauren Verno [01:11]
Caution after zero-day exploitation:

“…security experts warn other threat actors who could exploit the same vulnerability.”
— Lauren Verno [01:48]
On Discord breach transparency:

“The company is actively notifying affected users, but did not disclose how many were impacted.”
— Lauren Verno [02:29]
Scale of MFT vulnerability exposure:

“The Shadow Server Foundation has already tracked over 500 exposed instances online…”
— Lauren Verno [03:25]
On ransomware crowd-sourcing:

“…the crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies it claims to have breached.”
— Lauren Verno [05:05]

Additional Links

For more details, links to bug bounty application, event info, and story deep-dives, visit cisoseries.com.

This episode offered a whirlwind tour of major risks facing both consumers and enterprises — from gaming bugs and support vendor breaches to ransomware groups innovating with crowdsourcing, and new bug bounty incentives shaping cloud security research.

Stay informed. Stay secure.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Tuesday, October 7, 2025. I'm Lauren Verno and I'm officially back Unity vulnerability puts popular games at risk Got to catch them all vulnerabilities, that is. Unity built games like Pokemon Go and Genshin Impact are affected by a high severity bug that could let attackers execute code through affected apps on Android, Windows, macOS and Linux. Microsoft and Steam are taking action, with Microsoft flagging potentially vulnerable apps and games, while Steam blocks launches containing risky command line parameters. Unity has patched the flaw and urges developers to update editors or replace runtime files in existing games to keep players safe. Oracle Zero Day exploit patched this is an update to a story we first brought to you last week. The CLOP Ransomware group is now the confirmed hackers behind a recently exploited Zero Day vulnerability in Oracle's Era E Business Suite or ebs, stealing data and sending extortion emails. The flaw allows remote code execution on EBS versions 12.14 and carries a critical severity rating of 9.8. Oracle has since released patches and shared indicators of compromise, but security experts warn other threat actors who could exploit the same vulnerability. This campaign follows a pattern seen in recent CLOP attacks on Clio, Move it and Fortra products. Third party breach claims Discord User info A compromised support vendor is to blame for a data breach at the popular social platform Discord. The incident only impacts users who contacted Discord's support or trusted safety teams, exposing personal information including names, emails, IP addresses, billing details and government ID images submitted for age verification appeals. Now Discord says it has revoked the vendor's access but did not name which provider was involved. The company is actively notifying affected users, but did not disclose how many were impacted. Critical MFT flaw exploited the cybercrime group Storm 1175 has been exploiting a critical go anywhere MFT vulnerability and Medusa ransomware attacks for the past month. Now Microsoft reports that the flaw allows remote command execution without user interaction, enabling lateral movement, file exfiltration and ransomware deployment. Microsoft and Fortra are urging admins to patch immediately and inspect logs for signs of compromise, while the Shadow Server foundation has already tracked over 500 exposed instances online, though it's unclear how many of those have already been patched. Huge, thanks to Today's episode sponsor ThreatLocker. Cybercriminals don't knock. They sneak in through cracks other tools miss. That's why organizations are turning to ThreatLocker as a zero trust endpoint protection platform ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust Security starts here with ThreatLocker and a quick reminder for fans of the CISO series and new York City based security professionals. You're all welcome to join us for a fun networking event in New York City on October 21, 2025 at 5:30pm it's free. Yes, free, so head on over to the events page@cisoseries.com to register. Malware campaign spreads via WhatsApp Hackers are using WhatsApp to spread a new malware targeting government agencies and businesses, primarily in Brazil. The malware arrives in phishing messages, disguises receipts or forms, and hijacks WhatsApp Web to automatically send itself to to all contacts. Rapidly propagating, researchers say it mainly spreads quickly rather than stealing data or encrypting files. Though related payloads can steal banking credentials, Crowdsourced ransomware campaign Scattered lapsis Hunters is letting anyone do their dirty work. The crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies it claims to have breached. The group, which recently claimed to be retiring, posted instructions on Telegram and a new data leak site listing 39 alleged victims, mostly linked to Salesforce integrations. Followers are urged to email executives until they pay with higher rewards for using personal accounts or or doing a quote an exceptionally well job. Chinese Hackers turn SEO Fraud into a Global hustle A new Chinese speaking cybercrime group called UAT8099 has been caught running a global search engine optimization ring, or SEO fraud ring, using compromised Microsoft IIS servers. The hackers target systems across India, Thailand, Vietnam, Canada and Brazil, hitting everything from universities to telecoms. Researchers say the group uses tools like Cobalt Strike and bad IIS malware to hijack search results and steal credentials, all while locking out rival attackers. Win big with Wiz Cloud security giant Wiz is offering $4.5 million in its new bug bounty contest, Zero Day Dot Cloud participants will demonstrate exploits against widely used cloud software live at Black Hat Europe in London this December. Top prizes reach $300,000 for web server exploits, with AI containers, databases and DevOps platforms also in play. Looking to apply? We've got that link in the show notes. Just head on over to the cisoseries.com no CISO cares about a vendor's technical innovation for its own sake. They care about how the vendor solution can help solve their problems. It's a simple concept, yet so many vendors miss the mark when they make their pitch. We dig into why on the latest episode of the CISO Series podcast. Look for the episode don't worry, we'll get to solving your problem on slide 87. And if you've made cybersecurity headlines part of your morning routine, remember to share it with a friend or coworker. We'd really appreciate it. Lauren I'm Lauren Verno, reporting for the CISO series.
[08:15]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories. Behind the headlines.