CyberWire Daily — "Oracle zero-day serves up persistent access"

Date: October 6, 2025
Host: Dave Bittner, N2K Networks

Overview

This episode centers on major cybersecurity news, with headline focus on a critical zero-day affecting Oracle E-Business Suite now under active exploitation, alongside a sweep of current cyber threats, vendor vulnerabilities, and industry trends. It features a substantive interview with Volker Wagner (Chief Information Security Officer, BASF) on industrial cyber resilience, innovation, and collaborative defense.

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

(00:12 – 01:53)

Vulnerability Details: Oracle E-Business Suite zero-day (CVSS 9.8) is being exploited in the wild. Allows unauthenticated remote code execution (RCE) over HTTP.
Exploitation & Attribution: Attackers use reverse shell commands to establish persistence. Forensic links tie the toolkit to high-profile threat actors: Scattered Spider, Lapsus$, Clop.
Mitigation: Oracle urges immediate patching; only supported systems will receive fixes. Detection possible via Nuclei templates or Shodan queries.
Analyst Commentary: “Continuous monitoring and patch validation are essential to mitigate this active threat.”

2. ICE Plans Major Social Media Surveillance Expansion

(01:54 – 03:37)

Scope: ICE is seeking up to 30 contractors to monitor social media (Facebook, TikTok, YouTube) for intelligence on deportation and raids.
Techniques: Contractors will use open-source intel, databases (LexisNexis, Clear), and possibly AI/automation.
Privacy Concerns: Groups including the ACLU and EPIC warn of potential civil liberties violations and blurred lines between immigration and political monitoring.
Government Status: ICE has not commented; project remains in early stages.

3. Discord Data Breach through Third-party Vendor

(03:38 – 04:33)

Incident: Compromise affected users contacting Discord support or trust/safety teams via a third-party vendor.
Data Exposed: Names, emails, billing info, some government IDs, IP addresses, messages, attachments.
Response: Discord cut off vendor access, involved law enforcement, and claims core systems weren’t breached. Full affected user count undisclosed.

4. Unity Game Engine Vulnerability

(04:34 – 05:29)

Issue: Critical flaw allows RCE via Unity-built apps (affecting Android, Windows, Linux, macOS).
Impact: Exploits app permissions to access confidential data; execution limited to app’s privileges.
Mitigation: Patches available. Microsoft advises updating and Defender protection. Steam blocks risky parameters.
Research: Discovered by “Ryotac” of GMO Flat Security; highlights Unity’s wide global risk.

5. Xworm RAT: New Variants in the Wild

(05:30 – 06:47)

Current Activity: Xworm RAT, despite original author abandonment, is used by several threat actors via phishing.
Capabilities: Now features 35+ plugins (data theft, ransomware, surveillance, credential theft).
Delivery: Infection via malicious JS, Excel macros, fake executables.
Advice: Layered defenses, EDR monitoring, strict email filtering remain critical.

6. Dell Unity VSA: Critical Command Injection

(06:48 – 07:29)

Vulnerability: Unauthenticated attackers can execute arbitrary commands via login logic flaw (Perl URI mishandling).
Severity: Dell rates 7.3 (high), but external researchers score it as 9.8 (critical).
Remediation: Patch available; immediate upgrades recommended.

7. Surge in Scanning of Palo Alto Network Login Portals

(07:30 – 08:21)

Observation: GreyNoise reports 500% spike (to 1,300+ IPs) in scans targeting Palo Alto login portals.
Trend: Similar surges have preceded disclosures elsewhere; attackers focus on high-value network entry points.
Ongoing Monitoring: GreyNoise monitoring for links to new vulnerabilities or coordinated action.

8. $4.5M Cloud/AI Hacking Competition Launched

(08:22 – 09:10)

Event: Wiz launches “Zero Day Cloud”, with backing from AWS, Google Cloud, Microsoft.
Prize: $4.5M, top reward $300K; targets cloud, AI, Kubernetes, web server and DevOps exploits.
Industry Note: Trend Micro accuses Wiz of copying “Pwn2Own” rules verbatim.

9. Business Brief: M&A and Investment Activity

(09:11 – 13:15)

Notable Deals:
- Accenture to acquire Idomey (Japan)
- HoneyBook acquires Fine.dev
- Harness buys Quiet AI
- Taoping purchases Skyladder Group ($21.3M)
- Liatrio purchases Superorbital IP
Investments:
- Cerebras raises $1.1B for AI chips
- Vercel raises $300M for AI cloud
- Dscope ($88M), Xania ($18M), Mondu ($17.5M), Gelt ($13M), Long I ($5M), Hupside ($1.7M)

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

(“Afternoon Cyber Tea” segment)
Begins 14:17

Wagner’s Path to Security Leadership

[14:30]

"Like for many of us it was an incident which brought me into the cyber arena… More than 20 years back I worked in internal audit… I wanted to go to the front seat… from the reactive to the proactive side…"
— Volker Wagner (14:30)

Transitioned from audit/control to security by design.
Now leads security for 110,000+ employees in 150 countries at BASF.
Biggest Threats:
1. Espionage/APT attacks on business secrets.
2. Destructive (ransomware) attacks on plants, systems, supply chain.

Cyber Resilience Philosophy & Zero Trust

[16:15]

Adopted zero trust with three principles:
- Assume the breach: “We never ever can go for 100% prevention. We have to assume that… some elements of our networks might be compromised.” (16:15)
- Never trust, always verify: Controls must be always on.
- Least privilege: Access tightly limited.
Practical Steps:
- Devices not on latest OS/version lose remote access rights.
- Zero trust being deployed across four major business domains.

Innovation vs. Security: The BASF Approach

[17:38]

"Innovation is key … We are heavily working on this to explore for sure AI tools… AI for data labeling, incident playbooks, AI-supported pen tests… Awareness and phishing simulations, third party risk assessment."
— Volker Wagner (17:38)

AI used for: data labeling/classification, incident response playbooks, pen tests, T1 SoC alert triage (“an AI tool is never tired”), reducing bias and error.
Acknowledges the challenge: Security can introduce friction, but sees innovation and security as complementary.

The Importance of Real Industry Collaboration

[18:54]

"Firstly it starts with our heads, our own mindsets… If we strive for collective defense, we have to go into partnerships, we have to share not only threats and risks, but we really have to do. We have to collaborate real time in incidents…"
— Volker Wagner (18:54)

Calls for shifting from defensive “castle” mentalities to open, experience-based trust and collective defense.
Applauds joint initiatives in Germany and Europe for shared cyber resilience.

Notable Quotes & Memorable Moments

On Accepting Breach Reality:
"We never ever can go for 100% prevention. We have to assume that already some elements of our networks might be compromised."
— Volker Wagner (16:15)
On the Need for Real Collaboration:
“Trust will increase by shared experiences and close interaction.”
— Volker Wagner (18:54)
On AI’s Role in Security Operations:
“An AI tool is never tired, is less nevertheless concentrated and we can eliminate the human bias as well.”
— Volker Wagner (17:38)
Humorous Wrap-up on the ParkMobile Settlement:
“After nearly four years and a $32.8 million settlement, ParkMobile has finally compensated victims… to the tune of one whole dollar. Yes, affected users are receiving a dollar in app credit dispensed as four dazzling 25 cent discounts…”
— Dave Bittner (20:44)

Timestamps for Major Segments

Oracle Zero-Day & Initial Headlines: 00:12 – 13:15
Afternoon Cyber Tea (Interview with Volker Wagner): 14:17 – 19:54
ParkMobile Breach Settlement & Lighthearted News: 20:44 – End

Summary

This episode provides actionable intelligence on active threats (Oracle, Unity, Dell, Xworm), state cyber policy trends (ICE’s surveillance), and the impact of supply chain and vendor vulnerabilities (Discord). The Volker Wagner interview delivers an authentic, candid look at enterprise security leadership—in particular, the necessity of zero trust, the balancing act of innovation and defense, and the value of industry collaboration. The show’s style—authoritative but approachable—ends with a wry take on the realities of breach settlements for everyday users.

Listeners gain both up-to-minute analysis and enduring lessons from leaders on the cyber front lines.

CyberWire Daily — "Oracle zero-day serves up persistent access"

Date: October 6, 2025
Host: Dave Bittner, N2K Networks

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

(00:12 – 01:53)

Vulnerability Details: Oracle E-Business Suite zero-day (CVSS 9.8) is being exploited in the wild. Allows unauthenticated remote code execution (RCE) over HTTP.
Exploitation & Attribution: Attackers use reverse shell commands to establish persistence. Forensic links tie the toolkit to high-profile threat actors: Scattered Spider, Lapsus$, Clop.
Mitigation: Oracle urges immediate patching; only supported systems will receive fixes. Detection possible via Nuclei templates or Shodan queries.
Analyst Commentary: “Continuous monitoring and patch validation are essential to mitigate this active threat.”

2. ICE Plans Major Social Media Surveillance Expansion

(01:54 – 03:37)

Scope: ICE is seeking up to 30 contractors to monitor social media (Facebook, TikTok, YouTube) for intelligence on deportation and raids.
Techniques: Contractors will use open-source intel, databases (LexisNexis, Clear), and possibly AI/automation.
Privacy Concerns: Groups including the ACLU and EPIC warn of potential civil liberties violations and blurred lines between immigration and political monitoring.
Government Status: ICE has not commented; project remains in early stages.

3. Discord Data Breach through Third-party Vendor

(03:38 – 04:33)

Incident: Compromise affected users contacting Discord support or trust/safety teams via a third-party vendor.
Data Exposed: Names, emails, billing info, some government IDs, IP addresses, messages, attachments.
Response: Discord cut off vendor access, involved law enforcement, and claims core systems weren’t breached. Full affected user count undisclosed.

4. Unity Game Engine Vulnerability

(04:34 – 05:29)

Issue: Critical flaw allows RCE via Unity-built apps (affecting Android, Windows, Linux, macOS).
Impact: Exploits app permissions to access confidential data; execution limited to app’s privileges.
Mitigation: Patches available. Microsoft advises updating and Defender protection. Steam blocks risky parameters.
Research: Discovered by “Ryotac” of GMO Flat Security; highlights Unity’s wide global risk.

5. Xworm RAT: New Variants in the Wild

(05:30 – 06:47)

Current Activity: Xworm RAT, despite original author abandonment, is used by several threat actors via phishing.
Capabilities: Now features 35+ plugins (data theft, ransomware, surveillance, credential theft).
Delivery: Infection via malicious JS, Excel macros, fake executables.
Advice: Layered defenses, EDR monitoring, strict email filtering remain critical.

6. Dell Unity VSA: Critical Command Injection

(06:48 – 07:29)

Vulnerability: Unauthenticated attackers can execute arbitrary commands via login logic flaw (Perl URI mishandling).
Severity: Dell rates 7.3 (high), but external researchers score it as 9.8 (critical).
Remediation: Patch available; immediate upgrades recommended.

7. Surge in Scanning of Palo Alto Network Login Portals

(07:30 – 08:21)

Observation: GreyNoise reports 500% spike (to 1,300+ IPs) in scans targeting Palo Alto login portals.
Trend: Similar surges have preceded disclosures elsewhere; attackers focus on high-value network entry points.
Ongoing Monitoring: GreyNoise monitoring for links to new vulnerabilities or coordinated action.

8. $4.5M Cloud/AI Hacking Competition Launched

(08:22 – 09:10)

Event: Wiz launches “Zero Day Cloud”, with backing from AWS, Google Cloud, Microsoft.
Prize: $4.5M, top reward $300K; targets cloud, AI, Kubernetes, web server and DevOps exploits.
Industry Note: Trend Micro accuses Wiz of copying “Pwn2Own” rules verbatim.

9. Business Brief: M&A and Investment Activity

(09:11 – 13:15)

Notable Deals:
- Accenture to acquire Idomey (Japan)
- HoneyBook acquires Fine.dev
- Harness buys Quiet AI
- Taoping purchases Skyladder Group ($21.3M)
- Liatrio purchases Superorbital IP
Investments:
- Cerebras raises $1.1B for AI chips
- Vercel raises $300M for AI cloud
- Dscope ($88M), Xania ($18M), Mondu ($17.5M), Gelt ($13M), Long I ($5M), Hupside ($1.7M)

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

(“Afternoon Cyber Tea” segment)
Begins 14:17

Wagner’s Path to Security Leadership

[14:30]

"Like for many of us it was an incident which brought me into the cyber arena… More than 20 years back I worked in internal audit… I wanted to go to the front seat… from the reactive to the proactive side…"
— Volker Wagner (14:30)

Transitioned from audit/control to security by design.
Now leads security for 110,000+ employees in 150 countries at BASF.
Biggest Threats:
1. Espionage/APT attacks on business secrets.
2. Destructive (ransomware) attacks on plants, systems, supply chain.

Cyber Resilience Philosophy & Zero Trust

[16:15]

Adopted zero trust with three principles:
- Assume the breach: “We never ever can go for 100% prevention. We have to assume that… some elements of our networks might be compromised.” (16:15)
- Never trust, always verify: Controls must be always on.
- Least privilege: Access tightly limited.
Practical Steps:
- Devices not on latest OS/version lose remote access rights.
- Zero trust being deployed across four major business domains.

Innovation vs. Security: The BASF Approach

[17:38]

"Innovation is key … We are heavily working on this to explore for sure AI tools… AI for data labeling, incident playbooks, AI-supported pen tests… Awareness and phishing simulations, third party risk assessment."
— Volker Wagner (17:38)

AI used for: data labeling/classification, incident response playbooks, pen tests, T1 SoC alert triage (“an AI tool is never tired”), reducing bias and error.
Acknowledges the challenge: Security can introduce friction, but sees innovation and security as complementary.

The Importance of Real Industry Collaboration

[18:54]

"Firstly it starts with our heads, our own mindsets… If we strive for collective defense, we have to go into partnerships, we have to share not only threats and risks, but we really have to do. We have to collaborate real time in incidents…"
— Volker Wagner (18:54)

Calls for shifting from defensive “castle” mentalities to open, experience-based trust and collective defense.
Applauds joint initiatives in Germany and Europe for shared cyber resilience.

Notable Quotes & Memorable Moments

On Accepting Breach Reality:
"We never ever can go for 100% prevention. We have to assume that already some elements of our networks might be compromised."
— Volker Wagner (16:15)
On the Need for Real Collaboration:
“Trust will increase by shared experiences and close interaction.”
— Volker Wagner (18:54)
On AI’s Role in Security Operations:
“An AI tool is never tired, is less nevertheless concentrated and we can eliminate the human bias as well.”
— Volker Wagner (17:38)
Humorous Wrap-up on the ParkMobile Settlement:
“After nearly four years and a $32.8 million settlement, ParkMobile has finally compensated victims… to the tune of one whole dollar. Yes, affected users are receiving a dollar in app credit dispensed as four dazzling 25 cent discounts…”
— Dave Bittner (20:44)

Timestamps for Major Segments

Oracle Zero-Day & Initial Headlines: 00:12 – 13:15
Afternoon Cyber Tea (Interview with Volker Wagner): 14:17 – 19:54
ParkMobile Breach Settlement & Lighthearted News: 20:44 – End

Summary

Listeners gain both up-to-minute analysis and enduring lessons from leaders on the cyber front lines.

Oracle zero-day serves up persistent access.

Powered by Wave AI

Summary

CyberWire Daily — "Oracle zero-day serves up persistent access"

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

2. ICE Plans Major Social Media Surveillance Expansion

3. Discord Data Breach through Third-party Vendor

4. Unity Game Engine Vulnerability

5. Xworm RAT: New Variants in the Wild

6. Dell Unity VSA: Critical Command Injection

7. Surge in Scanning of Palo Alto Network Login Portals

8. $4.5M Cloud/AI Hacking Competition Launched

9. Business Brief: M&A and Investment Activity

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

Wagner’s Path to Security Leadership

Cyber Resilience Philosophy & Zero Trust

Innovation vs. Security: The BASF Approach

The Importance of Real Industry Collaboration

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Summary

Summary

CyberWire Daily — "Oracle zero-day serves up persistent access"

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

2. ICE Plans Major Social Media Surveillance Expansion

3. Discord Data Breach through Third-party Vendor

4. Unity Game Engine Vulnerability

5. Xworm RAT: New Variants in the Wild

6. Dell Unity VSA: Critical Command Injection

7. Surge in Scanning of Palo Alto Network Login Portals

8. $4.5M Cloud/AI Hacking Competition Launched

9. Business Brief: M&A and Investment Activity

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

Wagner’s Path to Security Leadership

Cyber Resilience Philosophy & Zero Trust

Innovation vs. Security: The BASF Approach

The Importance of Real Industry Collaboration

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Summary