![Cybersecurity News | Daily Recap [14 Oct 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [14 Oct 2025]")
Daily Recap, A new 8-byte write called RMPocalypse targets AMD SEV-SNP and an array of exploits including CVE-2025-61927 and a CL0P-linked Oracle EBS zero-day affecting Harvard, while threats persist across NTDS.dit credential harvesting and geo-mapping persistence. Threat actors also exploit SonicWall VPNs, mass RDP botnets target the US, and a UK rise in nationally significant attacks highlights evolving risk in critical infrastructure #RMPocalypse #CVE-2025-61927 #NTDSdit #OracleEBS #Harvard #SonicWall #RDPBotnet #UKAttacks
Vulnerabilities & Exploits
- CVE-2025-61927 in the DOM parsing engine allows VM context escape and remote code execution. – Happy DOM
- Active Directory attack techniques target the NTDS.dit file to harvest domain credentials and escalate access. – AD Attack
- A single 8-byte write dubbed RMPocalypse undermines AMD SEV-SNP confidential computing protections. – AMD SEV
- New Pixnapping Android flaw lets rogue apps capture **2FA** codes without special permissions. – Pixnapping Bug
- Oracle E-Business Suite zero-day exploited by actors claiming CL0P impacted Harvard (reported as a limited number) while Oracle issues patches. – Oracle EBS, Oracle Patch, Harvard Notice
Incidents & Breaches
- Chinese threat actors abused a geo-mapping tool to maintain year-long persistence in targeted environments. – Geo-mapping Abuse
- A massive multi-country botnet is scanning and attacking RDP services in the US while widespread campaigns abused stolen credentials to compromise SonicWall VPN accounts. – RDP Botnet, SonicWall Breach
- 1.2 million patients were reportedly impacted in the January data breach at SimonMed. – SimonMed Breach
- The UK recorded a new high in the number of “nationally significant” cyberattacks reported to authorities. – UK Attacks
- Microsoft restricted IE mode access in Edge after zero-day activity and is investigating an outage affecting Microsoft 365 apps. – IE Mode, M365 Outage
Policy & Investment
- JPMorgan plans to invest up to $10 billion in US companies with ties to national security. – JPMorgan Invest
- New issuer Born Defense mixes cybersecurity investment strategy with Just War principles to back deterrence and defense firms. – Born Defense
- Fraud-prevention firm Resistant AI raised $25 million to advance AI-driven fraud defenses. – Resistant AI
- The Netherlands invoked special powers to restrict operations of Chinese-owned semiconductor firm Nexperia. – Nexperia Powers
- Ukraine is taking steps to form a dedicated cyber force authorized for offensive operations. – Ukraine Cyberforce
- Discussion on building trust and governance around AI stresses oversight and transparency for high-risk systems. – AI Governance
Threat Research & Readiness
- Guidance on moving beyond awareness explains how proactive threat hunting measurably builds organizational readiness. – Threat Hunting
- Windows 10 reached end of life, leaving roughly 200 million PCs exposed to increasing security risks unless upgraded. – Win10 EOL