Oracle patches EBS zero-day exploited in Clop data-theft attacks

Source: BleepingComputer

Oracle fixed a critical E-Business Suite flaw (CVE-2025-61882) that Clop abused to steal data. The bug allows unauthenticated remote code execution, making it urgent for any company running Oracle EBS to patch now and hunt for compromise indicators. SMBs using Oracle partners should ask vendors to confirm patching.

Link to article

Medusa ransomware actors exploit Fortra GoAnywhere flaw

Source: Dark Reading

Microsoft warns Medusa operators are exploiting a 10/10-severity GoAnywhere MFT bug (CVE-2025-10035), likely as a zero-day. If your file-transfer admin console is internet-exposed, isolate and patch immediately, review firewall egress rules, and hunt for the provided indicators of compromise. Vendors handling your data should attest to fixes.

Link to article

Critical vulnerability puts 60,000 Redis servers at risk of exploitation

Source: SecurityWeek

A newly disclosed Redis flaw (“RediShell,” CVE-2025-49844) can lead to remote code execution. With tens of thousands of unauthenticated Redis instances exposed, cloud-hosted apps at SMBs are at particular risk. Upgrade to patched Redis builds and restrict access; disable Lua for untrusted users.

Link to article

Clop attacks against Oracle E-Business Suite trace to July

Source: Data Breach Today

Follow-up reporting shows Oracle EBS data-theft/extortion activity started months earlier, mixing July-patched bugs with the recent zero-day. U.S. firms should assume partners running EBS may be affected and verify third-party risk controls, backups, and data-handling contracts.

Link to article

Discord reveals data breach following third-party compromise

Source: Infosecurity Magazine

A support vendor breach exposed Discord user data, highlighting the everyday impact of supply-chain weaknesses. For SMBs: limit what vendors can access, require MFA and logging, and ensure contracts mandate prompt breach notification and remediation steps.

Link to article