Daily Briefing for 10.07.25

Attacks, Threats, and Vulnerabilities

Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) (WatchTowr Labs) Today, we’re going to walk through the exploit chain (that we’ve verified, nerds) being used to compromise Oracle E-Business Suite deployments (and was used as a zero-day) - now tagged as CVE-2025-61882.

Ransomware Group “Trinity of Chaos” Launches Data Leak Site (Infosecurity Magazine) A new TOR data leak site published by the Trinity of Chaos ransomware group unveils 39 firms’ data and threatens Salesforce litigation

Trends

Deloitte refunds Australian government over AI in report (The Register) Big Four consultancy billed Canberra top dollar, only for investigators to find bits written by a chatbot.

Research and Development

The Nobel Prize for physics is awarded for discoveries in quantum mechanical tunneling (NPR) The Nobel committee said that the laureates' work provides opportunities to develop "the next generation of quantum technology, including quantum cryptography, quantum computers, and quantum sensors."

Litigation, Investigation, and Law Enforcement

EyeMed Agrees to Pay $5M to Settle Email Breach Litigation (Gov Info Security) Benefits provider EyeMed Vision Care has agreed to pay $5 million and improve its security practices to settle class action litigation involving a 2020 phishing

LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data (BleepingComputer) LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts.

For a complete running list of events, please visit the Event Tracker.

Events

CyberArk IMPACT25 World Tour Identity Security Summit (Long Beach, California, USA, Oct 7, 2025) We're bringing best-in-class insights from CyberArk IMPACT to a city near you! Join us in Long Beach for IMPACT World Tour, where you'll gain exclusive access to the latest advancements, technologies, and trends shaping the future of identity security. Engage with CyberArk experts and industry peers through strategic presentations and deep-dive discussions — all designed to arm you with the right tools and knowledge to strengthen your identity security program.

DTEX NEXT (Virtual, Oct 7, 2025) DTEX NEXT is where the future of proactive security takes shape. Join us as we unveil our latest advancements in DTEX Insider Risk Management (IRM) and DTEX Risk-Adaptive Data Loss Prevention (DLP), powered by industry-leading behavioral science, advanced AI, and our strategic collaboration with AWS.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

AI Agent Security Summit in San Francisco (San Franciso, California, USA, Oct 8, 2025) After launching in NYC, the AI Agent Security Summit heads to San Francisco to continue shaping how enterprises secure the next wave of AI. On Wednesday, October 8, join us at the historic Commonwealth Club in San Francisco.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!