Risky Bulletin: Redis Vulnerability Impacts All Versions Released in the Last 13 Years
Date: October 7, 2025
Host: Claire Airdrop (prepared by Catalin Kim Panu)
Episode Overview
This episode delivers a concise yet comprehensive roundup of the latest global cybersecurity news, with a top focus on a severe Redis remote code execution vulnerability affecting all releases over the last 13 years. Other discussed topics include urgent Oracle and Fortra patches, U.S. and EU policy changes, major breaches, and new defensive technologies.
Key Discussion Points and Insights
1. Redis Remote Code Execution Vulnerability [00:04]
- Severity: Redis patched a 13-year-old critical “use-after-free” bug in the LUA scripting runtime (supports
evalin Redis). - Details:
- LUA is enabled by default in Redis.
- The vulnerability enables remote code execution (RCE).
- Rated 10 out of 10 on the severity scale.
- Impact:
- Redis is in 75% of all cloud environments (per Wiz/Google).
- Over 60,000 internet-facing instances with no authentication are potentially exposed.
- Quote:
“Redis has patched a 13 year old vulnerability that could enable remote code execution attacks.” — Claire Airdrop [00:06]
2. Critical Oracle Out-of-Band Zero Day Fix [01:00]
- Issue: Oracle issued an urgent patch for a zero day in the E-Business Suite.
- Exploit: Attackers leverage this bug to bypass authentication and run code.
- Consequences:
- Used in recent live extortion campaigns.
- Victims' data stolen by hackers, linked to the CLOP extortion group.
3. Medusa Ransomware Group and Fortra Exploit [01:30]
- Background: Medusa ransomware was behind the Fortra GoAnywhere zero day.
- Action:
- Fortra patched the vulnerability two+ weeks after initial attacks.
- Note: Attackers focused on data theft rather than deploying ransomware, per Microsoft findings.
4. Pentagon Reduces Staff Cyber Training [02:00]
- Change:
- New directive reduces required cybersecurity training for U.S. military staff.
- Focus shifts to combat preparedness.
- Training on classified materials, human trafficking, and privacy/civil liberties will also be reduced.
5. U.S. & International Cyber Policy Updates [02:20]
- US Department of State:
- Considering reviving anti-disinformation units mostly closed under the Trump administration, which previously labeled these as censorship efforts.
- ICE Surveillance Initiatives:
- Hiring ~30 investigators for tracking deportation leads via social media.
- Prohibited from fake profiles or direct online interactions.
- Deploying cell tower simulators for mobile communication interception.
6. Estonia and Ukraine Cyber Training Partnership [03:00]
- Focus: Over 500 cyber specialists to be jointly trained.
- Funding: Estonia providing €1 million.
- Progress: Initial sessions held in Kyiv.
7. Russia's Anti-Drone SIM Card Restriction [03:20]
- Action: Russia will block foreign SIM cards for 24 hours after network registration.
- Purpose: Counter Ukrainian drone strikes relying on Russian mobile networks for navigation.
8. France Investigates Apple over Siri Data [03:40]
- Background:
- French prosecutors are investigating after whistleblower Thomas Leboniek revealed Siri recordings may contain identifying data.
- Implication: Concerns over privacy for Apple device users.
9. European Tech Pushback on EU "Chat Control" [04:00]
- Details:
- 40+ tech companies signed an open letter opposing mandatory client-side content scanning for CSAM.
- Argument:
- Claim regulation would push users towards U.S./Chinese services, harming European tech companies.
10. DraftKings Credential Stuffing Breach [04:30]
- Incident:
- Attackers accessed accounts using passwords stolen from other services.
- No public disclosure of number affected.
11. India Tax Filing System Flaw [05:00]
- Discovery:
- Direct object reference bug in Indian tax portal.
- Exposed full names, contacts, and bank accounts—simply changing account numbers revealed other users’ data.
12. Breaches at U.S. Technology Firms [05:20]
- BK Technologies:
- Makes radios for U.S. military/law enforcement.
- Statement of breach and subsequent eviction of attacker.
- Avnet:
- Global electronic component supplier.
- Data theft from internal tool; reportedly, global operations unaffected.
13. Abracadabra Finance Crypto Theft [06:00]
- Hack:
- $1.7 million in crypto stolen via a smart contract exploit allowing over-lending.
- Notable for earlier losses—$13 million in March, $6.5 million in January 2024.
14. Google’s AI Code Security Agent [06:30]
- Release:
- “Codemender” agent, built on Gemini LLM, for automated vulnerability identification and patching.
- Achievements:
- 72 security fixes to open source projects in 2025 so far.
Notable Quotes & Memorable Moments
-
On Redis vulnerability:
“Redis has patched a 13 year old vulnerability that could enable remote code execution attacks.” — Claire Airdrop [00:06]
-
On impact:
“Scans suggest more than 60,000 deployments are internet-facing with no authentication.” — Claire Airdrop [00:15]
-
On Oracle zero day usage:
“...used by hackers to steal data and extort Oracle customers. This attacks have been linked to the CLOP extortion group.” — Claire Airdrop [01:05]
-
On ICE surveillance:
“The staff will be forbidden from creating fake profiles or interacting with people online.” — Claire Airdrop [02:40]
Timestamps of Key Segments
- [00:04] Redis RCE vulnerability and cloud exposure
- [01:00] Oracle zero day, active exploitation, ties to CLOP
- [01:30] Medusa ransomware leverages Fortra zero day
- [02:00] US Pentagon’s new cyber training reduction policy
- [02:20] US State Dept. considers reviving anti-disinformation units
- [02:40] ICE hires new social media investigations team
- [03:00] Estonia-Ukraine cross-border cyber training
- [03:20] Russian SIM block for drones
- [03:40] France probes Apple Siri voice recording privacy
- [04:00] EU ‘chat control’ tech industry backlash
- [04:30] DraftKings credential stuffing breach
- [05:00] India’s tax portal exposes personal data
- [05:20] U.S. tech company breaches: BK Technologies and Avnet
- [06:00] Abracadabra Finance DeFi breach
- [06:30] Google AI “Codemender” for code security
Summary Tone and Style
Straightforward, fact-driven, and concise—delivering rapid-fire updates designed for cybersecurity professionals who need to keep current on evolving threats, new policy, and notable breaches.
This episode of Risky Bulletin provided broad yet detail-rich coverage of urgent vulnerabilities, cyber policy changes, ongoing breach incidents, and emergent technology in security.
