October 11, 2025 - Red Dot Security

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

This was not a good week for some of the major players in the industry. Microsoft had portions, if not their entire network, go down several times, Oracle E-Business suite came under attack, SonicWall’s recent breach got worse, Salesforce extortion is astronomic, and dozens of other high-profile companies were reported about.

Headline NEWS:

Discord warns users after data is stolen in a third-party breach. Reports are that the breach was via their Zendesk portal. Zendesk has responded to the report and has said that this was not done via a vulnerability in their systems. Quite a lot of data appears to have been taken. If you’re a Discord user, rotate your credentials and check what information may have been exposed.
Juniper Networks wins for the greatest number of vulnerabilities this week with their October 2025 security advisories, unleashing patches for 220 defects, nine of which are critical. In scanning the CVE numbers, it seems that some may have been out there since at least 2019, so patch quickly.
Oracle has released emergency updates to fix a critical defect in E-Business Suite that the evil group named Cl0p has been actively exploiting. The software and hosting giant discovered the flaw when their customers started receiving emails demanding ransom payments to not expose stolen data. This particular defect allows unauthenticated remote compromise and may have been exposed since July or August. Since this is a retroactive fix, clients need to investigate whether they’ve been compromised already, and if so, determine what was taken. Oracle has released IoC’s and is highly recommending that customers apply the patch as soon as possible.
Redis 13-year-old defect found and patched. This open-source product that’s used by 75% of cloud environments for in-memory database, caching, efficient communication between servers, and more, has a vulnerability that allows an attacker to escape the Lua sandbox and gain remote code execution access. Once that’s achieved, the dirt bags can do anything they want on the compromised system. Redis urges any internet-exposed systems to prioritize applying the updates. Wiz researchers, which dubbed this exploit RediShell, found at least 60,000 Redis instances online that required no authentication, making them a prime target for this defect.
SonicWall: 100% of Firewall Backups Were Breached. It was not a good day for SonicWall administrators on Wednesday when the firewall company reported the results of Mandiant’s investigation into their Cloud Backup breach. Initial reports from September 17^th were that only 5% of their cloud backup customers had their backup files exfiltrated. It is now known that 100% of were affected. While the backups are theoretically encrypted, threat actors are financially motivated evil geniuses, so it is likely just a matter of time before they find a way to crack open their ill-gotten treasure chests of secrets. Any and every SonicWall that was ever backed up to SonicWall’s Cloud Backup, that is still in active use, now needs to have all credentials reset, and should have additional hardening performed. SonicWall, and many others have guidance on next steps. This will keep admins busy for a while. And if that wasn’t enough, Huntress Labs is reporting that they’re seeing increasing successful intrusions into corporate networks via SSL VPNs on what appear to be fully-patched SonicWall firewalls.

In Ransomware, Malware, and Vulnerabilities News:

Salesforce breach by Scattered LAPSUS$ Hunters claims 1 billion records. The evil entities’ leak site lists FexEd, Hulu, and Toyota motors. Other companies known to have been hit via a recent third-party breach are Alianz Life, Google, Kering, Stellanis, TransUnion, Quantas, and Workday. The sheer amount of data is mind-boggling. For their part, Salesforce has asserted that they will not pay any ransoms. The lack of some known affected companies in the leak site being listed is leading to speculation that some may have paid for data suppression. We’ve linked to an article named “The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025”, while it is a sales-pitch for their product, it also is a great breakdown of this massive win by the threat actors.

In Other News Events of Note and Interest:

Microsoft is endorsing the use of personal Copilot in workplaces. In a yet another “you’ve got to be kidding me” move, Microsoft is encouraging corporate users that have their own Copilot plan through their Microsoft 365 Family Plan to use the AI in their workplace. So even if the corporation hasn’t purchased an AI license for the user, Microsoft wants them to be able to use their personal one. Naturally, this “multiple account” functionality is on by default and IT Admins must disable it if they don’t want it in their enterprise. Yet another potential hole to plug.

Musings:

I find that I’m still surprised by the lack of cyber hygiene of many people. People reuse passwords. They willingly give up their password reset questions in online surveys. They’ll eagerly click on the first link that shows up in a search engine advertising incredible deals or fail to check if their “friend” actually did send them that email asking, “Did you see what your husband did?”. They just seem to be willingly ignorant. But if I just look around at the non-cyber world, I see the exact same dynamic at play. Have you watched people leaving a public restroom? How many wash their hands? How many people use a paper towel or their shoe to open the door? And what about regular showers? And don’t get me started on postal mail scams for solar panels, home refinance, and the latest rebate program. Sigh, you can’t fix it if people aren’t willing to do their part. But that’s why I’m here, and you’re here. We’re doing our part. Keep it up and…

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: