<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/2/2025

SHARE

Top News

Red Hat confirms breach of GitLab instance, which stored company's consulting data

Red Hat on Thursday confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway. "Upon detection, we promptly launched a thorough investigation, removed the unauthorized party's access, isolated the instance, and contacted the appropriate authorities," Red Hat said in a security update. READ MORE...

Hacking

Subpoena tracking platform blames outage on AWS social engineering attack

A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain. Kodex Global said its website, portal, API, and more were rendered unavailable on October 1. AWS is the domain registrar for Kodex Global. Cyber sleuths identified that attackers attempted to transfer the domain to a different registrar. READ MORE...


Here is the email Clop attackers sent to Oracle customers

Emails sent to Oracle customers by members of the Clop ransomware group assert that the cybercriminals are solely interested in a financial payout, framing the extortion as a business transaction rather than a politically motivated attack. The extortion emails were sent to executives of alleged victim organizations earlier this week, with attackers claiming they would provide victims copies of any three files or data rows upon request to verify their organization's data was stolen. READ MORE...

Software Updates

Unauthenticated RCE Flaw Patched in DrayTek Routers

DrayTek on Thursday announced patches for an unauthenticated remote code execution (RCE) vulnerability affecting DrayOS routers. Tracked as CVE-2025-10547, the issue can be exploited via crafted HTTP or HTTPS requests sent to a vulnerable device's web user interface. Successful exploitation of the bug, DrayTek explains in its advisory, may result in memory corruption and a system crash. In certain circumstances, it could be used to execute arbitrary code remotely, it says. READ MORE...

Information Security

Your Meta AI conversations may come back as ads in your feed

Meta has announced that conversations with its AI assistant will soon be used for targeted advertising. If you're the kind of person that notices ads for products just after you spoke about them, you won't be happy about this update. Meta AI is the company's generative AI assistant, built into Facebook, Instagram, WhatsApp, Messenger, and Threads. It can answer questions, generate text or images, and recommend content. READ MORE...

Exploits/Vulnerabilities

Oracle tells Clop-targeted EBS users to apply July patch, problem solved

Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems. The database giant posted an impressively short blog post overnight, confirming that some E-Business Suite (EBS) users have been targeted by cybercriminals claiming to have siphoned off sensitive data, adding that the crooks appear to be exploiting holes Oracle already plugged in July. READ MORE...


Microsoft's Voice Clone Becomes Scary & Unsalvageable

"Speak for Me" (S4M) was envisioned as a niche Windows accessibility feature for those on their way to losing their voice due to medical procedures like tracheotomies or progressive voice disorders. A noble idea to be sure, but in practice things turned out a little differently: Microsoft managed instead to create one of the world's best deepfake, vishing, and fraud vehicles, thanks to a raft of development bugs. READ MORE...

On This Date

  • ...in 1789, George Washington issues a proclamation declaring Thanksgiving as a national holiday.
  • ...in 1906, The first conference on wireless telegraphy in Berlin adopts SOS as warning signal.
  • ...in 1985, Space Shuttle Atlantis makes its maiden flight from Kennedy Space Center in Florida.
  • ...in 1990, East and West Germany reunify after 40 years of division following WWII.