This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass scanning of Palo Alto VPN portals, and a UnityVSA bug that threatens backups.

In plain English, you’ll hear why these stories matter for the business, who’s most exposed, the single action to take next, and what to watch next week. Perfect for leaders who need decisions, and defenders who need a checklist.

Subscribe for the daily brief and share this episode with your incident lead before Monday’s stand-up.

This is today’s cyber news for October 10th, 2025. Today’s brief leads with SonicWall confirming its cloud firewall backups were accessed for all users of its backup service—turning configuration data into a roadmap for attackers. We also cover an actively exploited WordPress authentication bypass, an Android spyware family impersonating WhatsApp and TikTok, and Microsoft 365 disruptions tied to an Azure Front Door issue. Rounding out the first half: university “payroll pirate” attacks that reroute salaries via compromised HR accounts.

You’ll also hear how a new botnet shotguns 50+ n-day bugs, why ransomware crews are abusing the Velociraptor DFIR tool, Discord’s clarification on a third-party support breach of 70,000 ID photos, malvertising that drops the “Oyster” backdoor via fake Teams installers, and a ClickFix variant using cache smuggling. We finish with a polymorphic Python RAT, a faster “Chaos-C++” ransomware strain, signs that Warlock ransomware may have state ties, QR-based quishing, risky AI browsers with OAuth exposure, a Defender bug mislabeling SQL Server as EOL, a claimed KFC Venezuela data sale, and the big SaaS lesson: token hygiene. Available at DailyCyber.news.

This is today’s cyber news for October 9th, 2025. A new cloud-focused extortion crew targets AWS, a three-way ransomware alliance promises faster, louder campaigns, and Qilin pressures Asahi with leaked data. We cover a coordinated push against Salesforce tenants by a “Scattered Lapsus$ Hunters” collective and a Microsoft 365 outage that rippled through Teams and Exchange. Rounding out the brief: urgent fixes for a Redis Lua flaw, an MCP plugin risk in Figma workflows, mass exploitation of a WordPress theme, cache-smuggling “FileFix” lures, and Chinese operators using Nezha to drop Gh0st RAT—plus Mustang Panda tradecraft, malware-less database raids, Salesforce’s refusal to pay, UK arrests in a childcare dox case, a DraftKings ATO wave, and a new Android RAT on GitHub.

Listeners will hear what happened, what it means, and one crisp recommendation per story—built for executives who need decisions and defenders who need next steps. We translate technical signals into business impact, name who’s most exposed, and point to practical controls you can apply today. Leaders, analysts, and builders will all leave with clear priorities and signals to watch. The narrated daily feed is available at DailyCyber.news.