CyberWire Daily — "Oracle zero-day serves up persistent access"

Date: October 6, 2025
Host: Dave Bittner, N2K Networks

Overview

This episode centers on major cybersecurity news, with headline focus on a critical zero-day affecting Oracle E-Business Suite now under active exploitation, alongside a sweep of current cyber threats, vendor vulnerabilities, and industry trends. It features a substantive interview with Volker Wagner (Chief Information Security Officer, BASF) on industrial cyber resilience, innovation, and collaborative defense.

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

(00:12 – 01:53)

Vulnerability Details: Oracle E-Business Suite zero-day (CVSS 9.8) is being exploited in the wild. Allows unauthenticated remote code execution (RCE) over HTTP.
Exploitation & Attribution: Attackers use reverse shell commands to establish persistence. Forensic links tie the toolkit to high-profile threat actors: Scattered Spider, Lapsus$, Clop.
Mitigation: Oracle urges immediate patching; only supported systems will receive fixes. Detection possible via Nuclei templates or Shodan queries.
Analyst Commentary: “Continuous monitoring and patch validation are essential to mitigate this active threat.”

2. ICE Plans Major Social Media Surveillance Expansion

(01:54 – 03:37)

Scope: ICE is seeking up to 30 contractors to monitor social media (Facebook, TikTok, YouTube) for intelligence on deportation and raids.
Techniques: Contractors will use open-source intel, databases (LexisNexis, Clear), and possibly AI/automation.
Privacy Concerns: Groups including the ACLU and EPIC warn of potential civil liberties violations and blurred lines between immigration and political monitoring.
Government Status: ICE has not commented; project remains in early stages.

3. Discord Data Breach through Third-party Vendor

(03:38 – 04:33)

Incident: Compromise affected users contacting Discord support or trust/safety teams via a third-party vendor.
Data Exposed: Names, emails, billing info, some government IDs, IP addresses, messages, attachments.
Response: Discord cut off vendor access, involved law enforcement, and claims core systems weren’t breached. Full affected user count undisclosed.

4. Unity Game Engine Vulnerability

(04:34 – 05:29)

Issue: Critical flaw allows RCE via Unity-built apps (affecting Android, Windows, Linux, macOS).
Impact: Exploits app permissions to access confidential data; execution limited to app’s privileges.
Mitigation: Patches available. Microsoft advises updating and Defender protection. Steam blocks risky parameters.
Research: Discovered by “Ryotac” of GMO Flat Security; highlights Unity’s wide global risk.

5. Xworm RAT: New Variants in the Wild

(05:30 – 06:47)

Current Activity: Xworm RAT, despite original author abandonment, is used by several threat actors via phishing.
Capabilities: Now features 35+ plugins (data theft, ransomware, surveillance, credential theft).
Delivery: Infection via malicious JS, Excel macros, fake executables.
Advice: Layered defenses, EDR monitoring, strict email filtering remain critical.

6. Dell Unity VSA: Critical Command Injection

(06:48 – 07:29)

Vulnerability: Unauthenticated attackers can execute arbitrary commands via login logic flaw (Perl URI mishandling).
Severity: Dell rates 7.3 (high), but external researchers score it as 9.8 (critical).
Remediation: Patch available; immediate upgrades recommended.

7. Surge in Scanning of Palo Alto Network Login Portals

(07:30 – 08:21)

Observation: GreyNoise reports 500% spike (to 1,300+ IPs) in scans targeting Palo Alto login portals.
Trend: Similar surges have preceded disclosures elsewhere; attackers focus on high-value network entry points.
Ongoing Monitoring: GreyNoise monitoring for links to new vulnerabilities or coordinated action.

8. $4.5M Cloud/AI Hacking Competition Launched

(08:22 – 09:10)

Event: Wiz launches “Zero Day Cloud”, with backing from AWS, Google Cloud, Microsoft.
Prize: $4.5M, top reward $300K; targets cloud, AI, Kubernetes, web server and DevOps exploits.
Industry Note: Trend Micro accuses Wiz of copying “Pwn2Own” rules verbatim.

9. Business Brief: M&A and Investment Activity

(09:11 – 13:15)

Notable Deals:
- Accenture to acquire Idomey (Japan)
- HoneyBook acquires Fine.dev
- Harness buys Quiet AI
- Taoping purchases Skyladder Group ($21.3M)
- Liatrio purchases Superorbital IP
Investments:
- Cerebras raises $1.1B for AI chips
- Vercel raises $300M for AI cloud
- Dscope ($88M), Xania ($18M), Mondu ($17.5M), Gelt ($13M), Long I ($5M), Hupside ($1.7M)

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

(“Afternoon Cyber Tea” segment)
Begins 14:17

Wagner’s Path to Security Leadership

[14:30]

"Like for many of us it was an incident which brought me into the cyber arena… More than 20 years back I worked in internal audit… I wanted to go to the front seat… from the reactive to the proactive side…"
— Volker Wagner (14:30)

Transitioned from audit/control to security by design.
Now leads security for 110,000+ employees in 150 countries at BASF.
Biggest Threats:
1. Espionage/APT attacks on business secrets.
2. Destructive (ransomware) attacks on plants, systems, supply chain.

Cyber Resilience Philosophy & Zero Trust

[16:15]

Adopted zero trust with three principles:
- Assume the breach: “We never ever can go for 100% prevention. We have to assume that… some elements of our networks might be compromised.” (16:15)
- Never trust, always verify: Controls must be always on.
- Least privilege: Access tightly limited.
Practical Steps:
- Devices not on latest OS/version lose remote access rights.
- Zero trust being deployed across four major business domains.

Innovation vs. Security: The BASF Approach

[17:38]

"Innovation is key … We are heavily working on this to explore for sure AI tools… AI for data labeling, incident playbooks, AI-supported pen tests… Awareness and phishing simulations, third party risk assessment."
— Volker Wagner (17:38)

AI used for: data labeling/classification, incident response playbooks, pen tests, T1 SoC alert triage (“an AI tool is never tired”), reducing bias and error.
Acknowledges the challenge: Security can introduce friction, but sees innovation and security as complementary.

The Importance of Real Industry Collaboration

[18:54]

"Firstly it starts with our heads, our own mindsets… If we strive for collective defense, we have to go into partnerships, we have to share not only threats and risks, but we really have to do. We have to collaborate real time in incidents…"
— Volker Wagner (18:54)

Calls for shifting from defensive “castle” mentalities to open, experience-based trust and collective defense.
Applauds joint initiatives in Germany and Europe for shared cyber resilience.

Notable Quotes & Memorable Moments

On Accepting Breach Reality:
"We never ever can go for 100% prevention. We have to assume that already some elements of our networks might be compromised."
— Volker Wagner (16:15)
On the Need for Real Collaboration:
“Trust will increase by shared experiences and close interaction.”
— Volker Wagner (18:54)
On AI’s Role in Security Operations:
“An AI tool is never tired, is less nevertheless concentrated and we can eliminate the human bias as well.”
— Volker Wagner (17:38)
Humorous Wrap-up on the ParkMobile Settlement:
“After nearly four years and a $32.8 million settlement, ParkMobile has finally compensated victims… to the tune of one whole dollar. Yes, affected users are receiving a dollar in app credit dispensed as four dazzling 25 cent discounts…”
— Dave Bittner (20:44)

Timestamps for Major Segments

Oracle Zero-Day & Initial Headlines: 00:12 – 13:15
Afternoon Cyber Tea (Interview with Volker Wagner): 14:17 – 19:54
ParkMobile Breach Settlement & Lighthearted News: 20:44 – End

Summary

This episode provides actionable intelligence on active threats (Oracle, Unity, Dell, Xworm), state cyber policy trends (ICE’s surveillance), and the impact of supply chain and vendor vulnerabilities (Discord). The Volker Wagner interview delivers an authentic, candid look at enterprise security leadership—in particular, the necessity of zero trust, the balancing act of innovation and defense, and the value of industry collaboration. The show’s style—authoritative but approachable—ends with a wry take on the realities of breach settlements for everyday users.

Listeners gain both up-to-minute analysis and enduring lessons from leaders on the cyber front lines.

Transcript

A (0:02)

You're listening to the Cyberwire network, powered by N2K.

B (0:12)

And now a word from our sponsor. The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science in Security Informatics degree program. Study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU. Edu MSSI A Critical Zero Day in Oracle business suite is under active exploitation ICE plans a major expansion of its social media surveillance operations. Discord confirms a third party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the X Worm remote access Trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell storage appliances. There's been a sharp surge in reconnaissance scans targeting Palo Alto Network's login portals. A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. We got our Monday business brief on our afternoon Cyber Tea segment with Microsoft's Ann Johnson. Ann and guest Volker Wagner, Chief Information Officer at basf, share some lessons from the front lines of industrial security and don't spend that Park Mobile settlement all in one. Foreign October 6, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Happy Monday. It is great as always to have you with us. A critical zero day vulnerability in Oracle E Business suite is being actively exploited after Proof of Concept code was released. The flaw, rated 9.8, enables unauthenticated remote code execution over HTTP. Attackers are using reverse shell commands to gain persistent access. Forensic evidence links the exploit toolkit to groups such as Scattered Spider, Lapsus and Clop. Oracle urges immediate patching, noting only supported systems will receive fixes. Organizations can detect exposure using nuclei templates or shodan queries. Continuous monitoring and patch validation are essential to mitigate this active threat. U.S. immigration and Customs Enforcement, you know them as ICE is planning a major expansion of its social media surveillance operations, seeking to hire nearly 30 private contractors to monitor platforms such as Facebook, TikTok and YouTube for intelligence that could inform deportation raids and arrests. According to federal contracting records reviewed by Wired. The program would operate from ICE's targeting centers in Vermont and Southern California, running 24. 7 and processing cases within hours Contractors will use open source intelligence and commercial databases like LexisNexis and Clear to assemble digital dossiers. Planning documents also invite proposals incorporating artificial intelligence and automated data collection. Privacy groups, including the ACLU and the Electronic Privacy Information center, warn that ice's growing use of surveillance technologies and data brokers threatens civil liberties and may blur the line between immigration enforcement and political monitoring. ICE has not yet commented on the proposal, which remains in early planning stages. Discord has confirmed a data breach affecting users who contacted its support or trust and safety teams after a third party customer service vendor was compromised. Exposed data includes names, emails, billing details and in some cases, government ID images. Attackers also accessed IP addresses, messages and attachments allegedly seeking ransom. Discord emphasized its own systems were not breached, cut off vendor access and alerted law enforcement. The company calls the impact limited, though it hasn't disclosed how many users were affected. A critical vulnerability in the Unity game engine could allow attackers to execute arbitrary code through compromised Unity built apps affecting Android, Windows, Linux and macOS users. The flaw lets malicious files exploit app permissions to access confidential data, though Unity says any code execution remains limited to the app's privilege level. No active exploitation has been detected and patches are now available. Microsoft urged users to keep games updated and ensure defender protection is enabled while Steam is blocking risky launch parameters. The bug discovered by researcher Ryotac of GMO Flat Security underscores the vast risk tied to Unity's global footprint, powering major titles like Pokemon Go and the mobile version of Call of Duty. New variants of the Xwyrm Remote Access Trojan are spreading through phishing campaigns months after its creator, Xcoder, abandoned the product. The latest versions are being adopted by multiple threat actors and now include over 35 modular plugins for data theft, remote control, file encryption and ransomware. Researchers at Trellix report new infection chains combining social engineering and technical exploits, including malicious JavaScript, Excel macros and fake executables. The ransomware module encrypts user files and demands payment via Bitcoin. Exworm's architecture supports extensive surveillance and credential theft across browsers, email clients and crypto wallets. Despite its origins as a cracked underground tool, it remains a growing multipurpose threat across global campaigns, emphasizing the need for layered defenses, EDR monitoring, and strict email filtering. Researchers at Watchtower uncovered a critical command injection flaw in Dell Unity VSA storage appliance. The bug allows unauthenticated attackers to execute arbitrary commands by exploiting a flaw in the system's login redirection Logic, where unsanitized URIs are passed into a Perl command string. The latest version fixes the issue. Dell rates it with a high severity of 7.3, although others call it critical with a 9.8. Organizations should upgrade immediately. Security Researchers at Greynoise report a sharp 500% surge in reconnaissance scans targeting Palo Alto network's login portals, with activity peaking at 1300 IPs on October 3, compared to a typical volume below 200. Most scanning originated in the US and 93% of IPs were flagged as suspicious. Grainoise noted that similar surges have sometimes preceded new vulnerability disclosures, though no direct link has been established here. The activity mirrors recent spikes in Cisco, ASA and other remote access product scans showing overlapping tooling and TLS fingerprints. The increase underscores continued attacker interest in security appliances, which often serve as high value network entry points. Graynoise is continuing to monitor whether this surge signals emerging vulnerabilities or coordinated reconnaissance efforts. Cloud security firm Wiz has launched Zero Day Cloud, a new hacking competition offering $4.5 million in prizes for exploits targeting major cloud and AI software backed by aws, Google Cloud and Microsoft. The contest runs live at Black Hat Europe, with entries due December 1st. Categories include AI Kubernetes, containers, web servers, databases and DevOp tools, with top rewards reaching $300,000. Despite strong industry support, Trend Micro has accused Wiz of copying PWN to own rules verbatim. This week's Monday Business brief highlights a surge of mergers, acquisitions and investments shaping the global AI and cloud landscape. Accenture announced plans to acquire Japan's Idomey Inc. To strengthen its Learn Vantage service, while HoneyBook bought Fine.dev to expand its AI development capabilities Harness acquired Quiet AI to enhance application security, and taoping finalized a $21.3 million deal for Skyladder Group. Meanwhile, Liatrio purchased Superorbital's IP to merge consulting with advanced training. On the investment front, cerebras Systems raised $1.1 billion to expand AI chip innovation, while Vercel secured $300 million to scale its AI cloud platform. Other notable rounds include Dscope at $88 million, Xania at $18 million, Mondu with $17.5 million, Gelt with $13 million, Long I at $5 million and Hupside at $1.7 million. Clearwater and Inorbit AI also received undisclosed strategic and Series A funding, respectively. Ethan Cook is the editor of our Cyberwire Pro Business Brief newsletter. You can learn more and subscribe at. Coming up after the break, what does it really Take to defend one of the world's largest chemical companies Guest Volker Wagner joins N2K CyberWire's afternoon Cyber Tea podcast with Microsoft's and Johnson and don't spend that park mobile settlement all in one place. Stick around at Thales. They know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and health care companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales. T H A L E S learn more@thalesgroup.com Cyber what's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber Microsoft's Ann Johnson is host of the Afternoon Cybertea podcast, which you can find right here on the N2K CyberWire Network. Anne recently got together with her guest Volker Wagner, Chief Information Security Officer at basf, to share some lessons from the front lines of industrial security.

CyberWire Daily — "Oracle zero-day serves up persistent access"

Date: October 6, 2025
Host: Dave Bittner, N2K Networks

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

(00:12 – 01:53)

Vulnerability Details: Oracle E-Business Suite zero-day (CVSS 9.8) is being exploited in the wild. Allows unauthenticated remote code execution (RCE) over HTTP.
Exploitation & Attribution: Attackers use reverse shell commands to establish persistence. Forensic links tie the toolkit to high-profile threat actors: Scattered Spider, Lapsus$, Clop.
Mitigation: Oracle urges immediate patching; only supported systems will receive fixes. Detection possible via Nuclei templates or Shodan queries.
Analyst Commentary: “Continuous monitoring and patch validation are essential to mitigate this active threat.”

2. ICE Plans Major Social Media Surveillance Expansion

(01:54 – 03:37)

Scope: ICE is seeking up to 30 contractors to monitor social media (Facebook, TikTok, YouTube) for intelligence on deportation and raids.
Techniques: Contractors will use open-source intel, databases (LexisNexis, Clear), and possibly AI/automation.
Privacy Concerns: Groups including the ACLU and EPIC warn of potential civil liberties violations and blurred lines between immigration and political monitoring.
Government Status: ICE has not commented; project remains in early stages.

3. Discord Data Breach through Third-party Vendor

(03:38 – 04:33)

Incident: Compromise affected users contacting Discord support or trust/safety teams via a third-party vendor.
Data Exposed: Names, emails, billing info, some government IDs, IP addresses, messages, attachments.
Response: Discord cut off vendor access, involved law enforcement, and claims core systems weren’t breached. Full affected user count undisclosed.

4. Unity Game Engine Vulnerability

(04:34 – 05:29)

Issue: Critical flaw allows RCE via Unity-built apps (affecting Android, Windows, Linux, macOS).
Impact: Exploits app permissions to access confidential data; execution limited to app’s privileges.
Mitigation: Patches available. Microsoft advises updating and Defender protection. Steam blocks risky parameters.
Research: Discovered by “Ryotac” of GMO Flat Security; highlights Unity’s wide global risk.

5. Xworm RAT: New Variants in the Wild

(05:30 – 06:47)

Current Activity: Xworm RAT, despite original author abandonment, is used by several threat actors via phishing.
Capabilities: Now features 35+ plugins (data theft, ransomware, surveillance, credential theft).
Delivery: Infection via malicious JS, Excel macros, fake executables.
Advice: Layered defenses, EDR monitoring, strict email filtering remain critical.

6. Dell Unity VSA: Critical Command Injection

(06:48 – 07:29)

Vulnerability: Unauthenticated attackers can execute arbitrary commands via login logic flaw (Perl URI mishandling).
Severity: Dell rates 7.3 (high), but external researchers score it as 9.8 (critical).
Remediation: Patch available; immediate upgrades recommended.

7. Surge in Scanning of Palo Alto Network Login Portals

(07:30 – 08:21)

Observation: GreyNoise reports 500% spike (to 1,300+ IPs) in scans targeting Palo Alto login portals.
Trend: Similar surges have preceded disclosures elsewhere; attackers focus on high-value network entry points.
Ongoing Monitoring: GreyNoise monitoring for links to new vulnerabilities or coordinated action.

8. $4.5M Cloud/AI Hacking Competition Launched

(08:22 – 09:10)

Event: Wiz launches “Zero Day Cloud”, with backing from AWS, Google Cloud, Microsoft.
Prize: $4.5M, top reward $300K; targets cloud, AI, Kubernetes, web server and DevOps exploits.
Industry Note: Trend Micro accuses Wiz of copying “Pwn2Own” rules verbatim.

9. Business Brief: M&A and Investment Activity

(09:11 – 13:15)

Notable Deals:
- Accenture to acquire Idomey (Japan)
- HoneyBook acquires Fine.dev
- Harness buys Quiet AI
- Taoping purchases Skyladder Group ($21.3M)
- Liatrio purchases Superorbital IP
Investments:
- Cerebras raises $1.1B for AI chips
- Vercel raises $300M for AI cloud
- Dscope ($88M), Xania ($18M), Mondu ($17.5M), Gelt ($13M), Long I ($5M), Hupside ($1.7M)

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

(“Afternoon Cyber Tea” segment)
Begins 14:17

Wagner’s Path to Security Leadership

[14:30]

"Like for many of us it was an incident which brought me into the cyber arena… More than 20 years back I worked in internal audit… I wanted to go to the front seat… from the reactive to the proactive side…"
— Volker Wagner (14:30)

Transitioned from audit/control to security by design.
Now leads security for 110,000+ employees in 150 countries at BASF.
Biggest Threats:
1. Espionage/APT attacks on business secrets.
2. Destructive (ransomware) attacks on plants, systems, supply chain.

Cyber Resilience Philosophy & Zero Trust

[16:15]

Adopted zero trust with three principles:
- Assume the breach: “We never ever can go for 100% prevention. We have to assume that… some elements of our networks might be compromised.” (16:15)
- Never trust, always verify: Controls must be always on.
- Least privilege: Access tightly limited.
Practical Steps:
- Devices not on latest OS/version lose remote access rights.
- Zero trust being deployed across four major business domains.

Innovation vs. Security: The BASF Approach

[17:38]

"Innovation is key … We are heavily working on this to explore for sure AI tools… AI for data labeling, incident playbooks, AI-supported pen tests… Awareness and phishing simulations, third party risk assessment."
— Volker Wagner (17:38)

AI used for: data labeling/classification, incident response playbooks, pen tests, T1 SoC alert triage (“an AI tool is never tired”), reducing bias and error.
Acknowledges the challenge: Security can introduce friction, but sees innovation and security as complementary.

The Importance of Real Industry Collaboration

[18:54]

"Firstly it starts with our heads, our own mindsets… If we strive for collective defense, we have to go into partnerships, we have to share not only threats and risks, but we really have to do. We have to collaborate real time in incidents…"
— Volker Wagner (18:54)

Calls for shifting from defensive “castle” mentalities to open, experience-based trust and collective defense.
Applauds joint initiatives in Germany and Europe for shared cyber resilience.

Notable Quotes & Memorable Moments

On Accepting Breach Reality:
"We never ever can go for 100% prevention. We have to assume that already some elements of our networks might be compromised."
— Volker Wagner (16:15)
On the Need for Real Collaboration:
“Trust will increase by shared experiences and close interaction.”
— Volker Wagner (18:54)
On AI’s Role in Security Operations:
“An AI tool is never tired, is less nevertheless concentrated and we can eliminate the human bias as well.”
— Volker Wagner (17:38)
Humorous Wrap-up on the ParkMobile Settlement:
“After nearly four years and a $32.8 million settlement, ParkMobile has finally compensated victims… to the tune of one whole dollar. Yes, affected users are receiving a dollar in app credit dispensed as four dazzling 25 cent discounts…”
— Dave Bittner (20:44)

Timestamps for Major Segments

Oracle Zero-Day & Initial Headlines: 00:12 – 13:15
Afternoon Cyber Tea (Interview with Volker Wagner): 14:17 – 19:54
ParkMobile Breach Settlement & Lighthearted News: 20:44 – End

Summary

Listeners gain both up-to-minute analysis and enduring lessons from leaders on the cyber front lines.

Oracle zero-day serves up persistent access.

Summary

CyberWire Daily — "Oracle zero-day serves up persistent access"

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

2. ICE Plans Major Social Media Surveillance Expansion

3. Discord Data Breach through Third-party Vendor

4. Unity Game Engine Vulnerability

5. Xworm RAT: New Variants in the Wild

6. Dell Unity VSA: Critical Command Injection

7. Surge in Scanning of Palo Alto Network Login Portals

8. $4.5M Cloud/AI Hacking Competition Launched

9. Business Brief: M&A and Investment Activity

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

Wagner’s Path to Security Leadership

Cyber Resilience Philosophy & Zero Trust

Innovation vs. Security: The BASF Approach

The Importance of Real Industry Collaboration

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Summary

Transcript

Summary

CyberWire Daily — "Oracle zero-day serves up persistent access"

Overview

Key Headlines & Discussion Points

1. Critical Oracle Zero-Day Actively Exploited

2. ICE Plans Major Social Media Surveillance Expansion

3. Discord Data Breach through Third-party Vendor

4. Unity Game Engine Vulnerability

5. Xworm RAT: New Variants in the Wild

6. Dell Unity VSA: Critical Command Injection

7. Surge in Scanning of Palo Alto Network Login Portals

8. $4.5M Cloud/AI Hacking Competition Launched

9. Business Brief: M&A and Investment Activity

Expert Interview: Volker Wagner (CISO, BASF) with Ann Johnson

Wagner’s Path to Security Leadership

Cyber Resilience Philosophy & Zero Trust

Innovation vs. Security: The BASF Approach

The Importance of Real Industry Collaboration

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Summary