Cybersecurity News Roundup – Mid-October 2025

Cybercriminals continued to target companies, government portals and personal devices in early October 2025. Major incidents ranged from disruptive ransomware attacks to critical software flaws and privacy probes. Below is a summary of the most significant stories from trusted news sources.

Qilin ransomware disrupts Japan’s biggest brewer

A ransomware attack orchestrated by the Qilin gang paralysed production at Japan’s largest brewer. The attackers claimed to have stolen roughly 27 GB of company data. While brewing operations have resumed, the incident highlights how even well‑resourced firms can face supply‑chain disruption and data exfiltration. Companies should revisit incident response playbooks, test backups and reinforce network segmentation to limit ransomware impact.

India’s income‑tax portal exposed taxpayers’ data

Researchers Akshay CS and “Viral” discovered a flaw in India’s e‑Filing tax portal that allowed logged‑in users to view personal data belonging to other taxpayers, including names, addresses, phone numbers and bank details. The tax authority patched the vulnerability in September, but the disclosure underscores the need for rigorous security testing of public portals and prompt disclosure when sensitive information is exposed.

French authorities probe Apple’s Siri for illicit data collection

French prosecutors launched an investigation into Apple’s voice assistant Siri after a complaint by researcher Thomas Le Bonniec and the human‑rights group LDH. The complaint alleges that Siri illegally collects user data; a cybercrime unit has taken over the case. This probe could lead to stricter oversight of how AI assistants handle voice recordings and personal data.

Oracle patches critical zero‑day in E‑Business Suite

Oracle released a fix for CVE‑2025‑61882, a zero‑day vulnerability in its E‑Business Suite that attackers in the Clop ransomware gang exploited to steal data. The flaw, located in the Concurrent Processing component’s integration with BI Publisher, allowed unauthenticated remote code execution and carried a CVSS score of 9.8. Administrators should update immediately and review systems for signs of compromise.

Discord users affected by third‑party support breach

Discord disclosed that a third‑party support service it uses was compromised. The attacker accessed information belonging to users who had contacted Discord’s customer support and Trust & Safety teams. Although the breach was limited in scope, it demonstrates the risks of relying on vendors for user support and highlights the importance of vendor security assessments and breach notification procedures.

Self‑propagating malware spreads via WhatsApp in Brazil

Trend Micro researchers warned about SORVEPOTEL, a self‑propagating malware campaign spreading through WhatsApp in Brazil. Attackers send phishing messages with malicious ZIP attachments to users, exploiting social trust and leveraging automation to spread rapidly among Windows systems. This campaign shows that messaging platforms remain attractive vectors for malware distribution and underlines the need for user awareness and email security controls.

Hackers claim to steal 1 billion Salesforce customer records

A loosely organised group known as Lapsus$, Scattered Spider or ShinyHunters launched a dark‑web site and claims to have stolen about 1 billion records from cloud databases hosted on Salesforce. The group aims to extort companies by threatening to leak their customers’ data. While the full scope of the breach remains unconfirmed, the story underscores the persistent threat of supply‑chain attacks and the importance of monitoring third‑party data‑hosting providers.

Key takeaways

- Test resilience: Even well‑prepared firms can suffer large‑scale disruption; drills and tabletop exercises help ensure quick recovery.

- Patch quickly: Administrators should apply Oracle’s E‑Business Suite patch immediately and review logs for exploitation attempts.

- Verify vendors: Data breaches at support providers and cloud platforms emphasize the need for due diligence and security clauses in vendor contracts.

- Educate users: With WhatsApp malware campaigns and phishing‑driven ransomware, continuous user training is critical.

- Protect personal data: Regulators are increasingly scrutinising how tech companies collect and use personal data; compliance and privacy‑by‑design practices are essential.

Keeping abreast of cybersecurity developments helps organisations prepare for emerging threats and adjust defences accordingly.