Cyber Wednesdays Edition 9.0 – October 15, 2025 | 🚨 This week: New zero-days, record DDoS attacks, supply chain breaches, and critical patching prior

HEADLINE ALERTS

• →Three new Microsoft zero-days (CVE-2025-24990, CVE-2025-59230, CVE-2025-47827) under active exploitation. RasMan and Secure Boot flaws affect Windows and IGEL OS thin clients in global healthcare/retail deployments. Full Patch Tuesday report
• →Clop ransomware exploits Oracle EBS zero-day (CVE-2025-61882) – $50 million demands, Harvard University and dozens hit, attacks confirmed as early as July, mass extortion underway. Senthorus Week in Review
• →Red Hat GitLab breach exposes 28,000+ repos, client secrets (incl. Walmart, Amex, HSBC) – Crimson Collective leaks over 570GB data, attackers cash in on consulting arm credentials. Senthorus
• →SonicWall cloud backup breach affects ALL MySonicWall customers – Firewall config/backups exposed, including credentials and domain settings; SonicWall/Mandiant remediation ongoing. Senthorus
• →Aisuru botnet launches world-record 29.6 Tbps DDoS attacks – Most firepower comes from compromised US IoT devices; Minecraft ecosystem suffers major collateral damage. Senthorus

Featured Data Breaches & Supply Chain Incidents

• →Qantas leak: 5.7M customer records dumped after ransom deadline, affecting Salesforce user accounts across 39 global brands (including Toyota, Disney, HBO Max). BrightDefense
• →GoAnywhere MFT exploited: Medusa ransomware affiliates attacked Fortra using CVE-2025-10035; compromised systems before patch deployment, remote code exec and admin backdoor creation. Senthorus
• →UNFI supply chain attack: Network shut down, fulfillment/logistics disruption continues for Whole Foods and 250k+ grocery items. BrightDefense
• →Sugar Land, TX municipal breach: Online services down statewide after internal infrastructure hit; emergency services (911/police/fire) remain operational. Texas cities continue to be targeted.

AI & Automation Risk Spotlight

• →51% of all confirmed breaches this quarter involved AI-driven exfiltration or attack automation. Automated scripts expediting recon, credential stuffing, and evasion. The Hacker News

Global Patching & Defensive Priorities

• →Microsoft Patch Tuesday: 167 CVEs addressed, 7 critical, 3 zero-days exploited. Windows 10 end-of-life confirmed (Oct 14); organizations must enroll for ESU to get future patches. Tenable
• →SAP/Adobe/Oracle/Red Hat updates: Urgent patches issued for supply chain/enterprise platforms – check CISO lead indicators below!
• →NCSC UK: 129% YoY increase in cyber attacks; focus on critical sectors—retail, infra, education. NCSC
• →India: CERT-IN coordinates accelerated patching; renewed focus on supply chain and malware automation defense.

Closure & Continuity from Previous Edition

• →Cisco ASA/VMware zero-day rampage: Widespread patching improved post-emergency directives; no new mass exploits in last 7 days, but legacy device issues remain (see SecurityWeek).
• →Asahi Group OT supply chain: Japanese brewery launches phased restoration of supply/production after cyberattack disruptions; highlights importance of OT segmentation, recovery runbooks. Reuters

Key VCISO Takeaways

• →Treat zero-days and supply chain breaches as board-level events; rehearse offline recovery.
• →AI-driven automation attacks are the new normal—focus threat hunting, credential hygiene, and rapid containment.
• →Patching velocity and segmentation are now resilience metrics.
• →Incident reporting, supplier tabletop exercises, and multi-source intelligence validation must be continuous.

• →Microsoft Patch Tuesday
• →Senthorus Week in Review
• →BrightDefense Data Breaches
• →The Hacker News – AI Exfiltration
• →NCSC UK Annual Review
• →Reuters – Asahi Brewery
• →VCISO Services