This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass scanning of Palo Alto VPN portals, and a UnityVSA bug that threatens backups.

In plain English, you’ll hear why these stories matter for the business, who’s most exposed, the single action to take next, and what to watch next week. Perfect for leaders who need decisions, and defenders who need a checklist.

Subscribe for the daily brief and share this episode with your incident lead before Monday’s stand-up.

This is today’s cyber news for October 10th, 2025. Today’s brief leads with SonicWall confirming its cloud firewall backups were accessed for all users of its backup service—turning configuration data into a roadmap for attackers. We also cover an actively exploited WordPress authentication bypass, an Android spyware family impersonating WhatsApp and TikTok, and Microsoft 365 disruptions tied to an Azure Front Door issue. Rounding out the first half: university “payroll pirate” attacks that reroute salaries via compromised HR accounts.

You’ll also hear how a new botnet shotguns 50+ n-day bugs, why ransomware crews are abusing the Velociraptor DFIR tool, Discord’s clarification on a third-party support breach of 70,000 ID photos, malvertising that drops the “Oyster” backdoor via fake Teams installers, and a ClickFix variant using cache smuggling. We finish with a polymorphic Python RAT, a faster “Chaos-C++” ransomware strain, signs that Warlock ransomware may have state ties, QR-based quishing, risky AI browsers with OAuth exposure, a Defender bug mislabeling SQL Server as EOL, a claimed KFC Venezuela data sale, and the big SaaS lesson: token hygiene. Available at DailyCyber.news.

This is today’s cyber news for October 9th, 2025. A new cloud-focused extortion crew targets AWS, a three-way ransomware alliance promises faster, louder campaigns, and Qilin pressures Asahi with leaked data. We cover a coordinated push against Salesforce tenants by a “Scattered Lapsus$ Hunters” collective and a Microsoft 365 outage that rippled through Teams and Exchange. Rounding out the brief: urgent fixes for a Redis Lua flaw, an MCP plugin risk in Figma workflows, mass exploitation of a WordPress theme, cache-smuggling “FileFix” lures, and Chinese operators using Nezha to drop Gh0st RAT—plus Mustang Panda tradecraft, malware-less database raids, Salesforce’s refusal to pay, UK arrests in a childcare dox case, a DraftKings ATO wave, and a new Android RAT on GitHub.

Listeners will hear what happened, what it means, and one crisp recommendation per story—built for executives who need decisions and defenders who need next steps. We translate technical signals into business impact, name who’s most exposed, and point to practical controls you can apply today. Leaders, analysts, and builders will all leave with clear priorities and signals to watch. The narrated daily feed is available at DailyCyber.news.

This is today’s cyber news for October 8th, 2025. A Fortune-scale standoff leads the brief as Salesforce refuses to pay after a mass data-theft extortion attempt. We also cover ShinyHunters’ new leak portal, active exploitation against Oracle E-Business Suite, Medusa’s push through GoAnywhere MFT, and a critical Redis flaw dubbed “RediShell.” Rounding out the lineup: CISA’s KEV addition for Zimbra, DraftKings credential-stuffing takeovers, Avnet’s supply-chain incident, a Cisco ASA/FTD zero-day chain with public PoC, and malware delivery through Microsoft Teams features.

Listeners will also hear about DPRK’s $2B crypto heists, how ransomware actors persist via legitimate remote-access tools, Google’s “won’t fix” stance on an ASCII-smuggling prompt attack in Gemini, the plugin-packed XWorm 6.0, and the “Mic-E-Mouse” side-channel. We close with Asahi’s ransomware disruption in Japan. Leaders get crisp decision cues; defenders get concrete control checks and signals to watch. It’s your concise, actionable rundown—also available at DailyCyber.news.

This is today’s cyber news for October 7th, 2025. We cover active exploitation and high-impact enterprise risks: an Oracle E-Business Suite zero-day, Red Hat’s data-theft/extortion saga, ransomware crews abusing a GoAnywhere MFT flaw, a critical Redis issue enabling code execution, and a Zimbra zero-day via booby-trapped calendar invites. We then shift to platform and infrastructure risks—from LinkedIn’s fight against large-scale scraping and a Unity engine vulnerability, to Dell UnityVSA RCE, a Zabbix Windows privilege escalation, and a Sudo LPE with public exploit code.

This is today’s cyber news for October 6th, 2025. We open with a Zimbra zero-day delivered through malicious calendar files and why auto-parsing turns invites into compromise. Then we look at researchers repurposing Amazon’s X-Ray tracing for command-and-control, a fivefold surge of scans on Palo Alto portals, and fresh additions to CISA’s Known Exploited Vulnerabilities list. Rounding out the top set, Discord disclosed a third-party support breach exposing personal data and IDs, raising the risk of targeted phishing against recent ticket holders.

You’ll also hear about ParkMobile’s 2021 breach settlement, the “WireTap” side-channel against Intel SGX, a Unity ecosystem flaw with supply-chain implications, Outlook’s SVG block, and new Salesforce leak-site claims. We cover Oracle E-Business extortion emails, the DNS-abusing “Detour Dog” operation feeding Strela, Rhadamanthys stealer upgrades, and the troubling rise of exposed ICS/OT devices. Closing stories include Android spyware impersonating Signal and ToTok, the SORVEPOTEL WhatsApp worm, the Cavalry Werewolf espionage cluster, risks around Windows “Speak for Me,” a full-stack Chinese-language crime crew, and Signal’s post-quantum key upgrade—available at DailyCyber.News

This is today’s cyber news for October 3rd, 2025. We cover Red Hat’s internal GitLab breach and what “customer engagement records” could expose, Microsoft’s move to block inline SVG in Outlook, and a critical remote-code-execution flaw in DrayTek Vigor routers. We also break down Android spyware impersonating Signal and ToTok, and the “Gemini Trifecta” weaknesses that show how AI assistants can inherit risky permissions from connected apps.

This is today’s cyber news for October 2nd, 2025. Federal shutdowns are disrupting cyber intelligence sharing at CISA, a critical flaw in Red Hat’s OpenShift AI platform threatens hybrid environments, and OpenSSL has released urgent patches. We also cover identity issues at OneLogin, a widening WestJet breach that exposed passports and IDs, and a major Allianz Life data breach with Social Security numbers at risk. From Google Drive’s new ransomware defenses to fresh Android banking malware, DNS hijacking campaigns, and router abuse for smishing, defenders are facing a crowded threat landscape today.

Listeners will hear about hardware side-channel research against Intel SGX, new encryption debates in the UK and EU, and Signal’s pushback on proposed scanning mandates. Other highlights include CABINETRAT malware spreading through Excel add-ins, Mandiant’s counter to Salesforce-targeted social engineering, Apple’s FontParser patch, and Bitdefender’s report on hidden breaches. Whether you’re a leader, defender, or builder, these insights will keep you prepared. The BareMetalCyber Daily Brief is available each day at daily cyber news dot com.