![Cybersecurity News | Daily Recap [13 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [13 Oct 2025]")
Daily Recap, Australia launches CI Fortify program to bolster critical infrastructure security, and Oracle issues an emergency E-Business Suite patch tied to high-severity vulnerabilities and alleged Cl0p-style activity affecting Harvard. The week also highlights the RondoDox botnet, ChaosBot’s Discord-based C2, and Astaroth abusing GitHub for persistence, underscoring ongoing extortion and supply-chain concerns.
#CIFortify #RondoDox #ChaosBot #Astaroth #Harvard #Cl0p #Salesforce #Unity #TwoNet
#CIFortify #RondoDox #ChaosBot #Astaroth #Harvard #Cl0p #Salesforce #Unity #TwoNet
Government & Policy
- Australia launches a new CI Fortify program to strengthen cybersecurity for critical infrastructure. – CI Fortify
Oracle E-Business
- Oracle issues an emergency patch after a high-severity E-Business Suite bug (CVE-2025-61884) that can expose data without login has been linked to active exploitation and a possible breach at Harvard and suspected Cl0p-style payloads. – Oracle Patch, Oracle Bug, Harvard Breach
Malware & Botnets
- Researchers warn the RondoDox botnet is weaponizing over 50 flaws across 30+ vendors to build a widespread botnet. – RondoDox Botnet
- New Rust-based ChaosBot malware uses Discord channels as covert C2 to control victims’ PCs. – ChaosBot Malware
- Astaroth banking trojan abuses GitHub to remain operational after takedowns, adapting its persistence and distribution. – Astaroth Abuse
Breaches & Extortion
- Medical provider SimonMed confirms a data breach impacting approximately 1.2 million patients. – SimonMed Breach
- Qantas confirms a cyberattack that released customer data and prompted enhanced security measures. – Qantas Breach
- An extortion group has leaked millions of records stemming from Salesforce compromises as part of ongoing extortion operations. – Salesforce Leak
- Kearney Public Schools suffers a cyberattack that knocked networks and phones offline ahead of classes. – Kearney Attack
Vulnerabilities & Exploits
- Attackers are actively targeting SonicWall SSL VPN accounts, increasing risk for remote-access environments. – SonicWall VPN
- Microsoft acknowledges the Windows 11 Media Creation Tool is broken on many Windows 10 PCs, potentially disrupting upgrades and installs. – Media Tool Bug
Supply Chain & Web Skimming
- Malicious code on the Unity website skimmed information from hundreds of customers via third-party/script abuse. – Unity Skimmer
- Experts warn that unmonitored third-party JavaScript is a top holiday security risk, enabling skimming and supply-chain attacks. – Unmonitored JS
Law Enforcement & Scams
- Spain dismantled the GXC Team Crime-as-a-Service syndicate—arrests and seizures follow global targeting—while related smishing campaigns (fake “Inflation Refund” texts) continue to target New Yorkers. – GXC Takedown, GXC Takedown, Inflation Scam
Products & Security
- Varonis launches Interceptor, an AI-native email security product aimed at improving threat detection and response in email systems. – Varonis Interceptor
Disinformation & Attribution
- Pro‑Russian hacktivist group TwoNet was exposed for fabricating critical infrastructure attacks to inflate its reputation. – TwoNet Fake
Regulation & Enforcement
- The UK fines 4chan for noncompliance with the Online Safety Act, signaling stricter enforcement on platforms. – 4chan Fine
Threat Trends
- This weekly threat recap highlights rising trends like package-manager abuse, covert C2 channels (including Discord), extortion/double-extortion, and active exploitation of high-severity vulnerabilities—emphasizing detection challenges and CTI needs. – Threat Recap