Unity vulnerability, Oracle zero-day patched, Discord user info exposed

Interactive Transcript

spk_0 From the CISO series, it's Cybersecurity Headlines.

spk_0 [♪ OUTRO MUSIC PLAYING [♪

spk_0 These are the Cybersecurity Headlines for Tuesday, October 7th, 2025.

spk_0 I'm Lauren Verno, and I'm officially back.

spk_0 Unity Vulnerability puts popular games at risk.

spk_0 Gotta catch them all. Vulnerability's that is.

spk_0 Unity built games like Pokemon Go,

spk_0 Invention Impact are affected by a high severity bug

spk_0 that could let attackers execute code through affected apps on Android, Windows, Mac OS, and Linux.

spk_0 Microsoft and Steam are taking action with Microsoft flagging potentially vulnerable apps and games

spk_0 while Steam blocks launches containing risky command line parameters.

spk_0 Unity has patched the flaw and urges developers to update editors

spk_0 or replace runtime files in existing games to keep players safe.

spk_0 Oracle Zero Day Exploite patched.

spk_0 This is an update to a story we first brought to you last week.

spk_0 The Claw Phrancer More Group is now the confirmed hackers behind a recently exploited

spk_0 Zero Day Vulnerability in Oracle's E-Business Suite, or EBS, stealing data and sending

spk_0 extortion emails. The flaw allows remote code execution on EBS versions 12.2.3 through 0.14

spk_0 and carries a critical severity rating of 9.8.

spk_0 Oracle has since released patches and shared indicators of compromise,

spk_0 but security experts warn other threat actors could exploit the same vulnerability.

spk_0 This campaign follows a pattern seen in recent Claw Pattacks on Clio, Move It, and Forchra products.

spk_0 Third-party breach claims Discord user info.

spk_0 A compromised support vendor is to blame for a data breach at the popular social platform

spk_0 Discord. The incident only impacts users who contacted Discord's support or trust in

spk_0 safety teams, exposing personal information, including names, emails, IP addresses,

spk_0 billing details, and government ID images submitted for age verification appeals.

spk_0 Discord says it has revoked the vendor's access, but did not name which provider was involved.

spk_0 The company is actively notifying affected users, but did not disclose how many were impacted.

spk_0 Critical MFT flaw exploited

spk_0 This cybercrime group, Storm 1175, has been exploiting a critical go-anywhere MFT vulnerability

spk_0 in Medusa ransomware attacks for the past month. Now Microsoft reports that the flaw

spk_0 allows remote command execution without user interaction, enabling lateral movement,

spk_0 biotex filtration, and ransomware deployment. Microsoft and Forchra are urging admins to

spk_0 patch immediately and inspect logs for signs of compromise, while the Shadow Server Foundation

spk_0 has already tracked over 500 exposed instances online, though it's unclear how many of those

spk_0 have already been patched.

spk_0 Huge thanks to today's episode sponsor, Threat Locker. Cybercriminals don't knock.

spk_0 They sneak in through cracks, other tools miss. That's why organizations are turning to Threat Locker.

spk_0 As a zero trust endpoint protection platform, Threat Locker puts you back in control,

spk_0 blocking what doesn't belong and stopping attacks before they spread. Zero trust security starts here

spk_0 with Threat Locker.

spk_0 And a quick reminder for fans of the CISO series and New York City-based security professionals.

spk_0 You're all welcome to join us for a fun networking event in New York City on October 21st, 2025

spk_0 at 5.30 p.m. It's free. Yes, free. So head on over to the events page at CISO series.com to register.

spk_0 malware campaign spreads via WhatsApp. hackers are using WhatsApp to spread a new malware,

spk_0 targeting government agencies and businesses primarily in Brazil. The malware arrives in

spk_0 phishing messages. Disguises receipts are forms in hijacks. WhatsApp web to automatically send

spk_0 itself to all contacts rapidly propagating. Researchers say it mainly spreads quickly rather than

spk_0 stealing data or encrypting files, though related payloads can steal banking credentials.

spk_0 Crowdsource ransomware campaign scattered lapses hunters is letting anyone do their dirty work.

spk_0 The crime group has been offering $10 in Bitcoin to anyone willing to hound executives at companies

spk_0 it claims to have breached the group which recently claimed to be retiring posted instructions

spk_0 on Telegram and a new data leak site listing 39 alleged victims, mostly linked to Salesforce

spk_0 integrations. Followers are urged to email executives until they pay, with higher rewards for

spk_0 using personal accounts or doing a quote an exceptionally well job.

spk_0 Chinese hackers turn SEO fraud into a global hustle.

spk_0 A new Chinese speaking cybercrime group called UAT 8099 has been caught running a global search

spk_0 engine optimization ring or SEO fraud ring using compromised Microsoft iis servers.

spk_0 The hackers target systems across India, Thailand, Vietnam, Canada, and Brazil,

spk_0 hitting everything from universities to telecoms. Researchers say the group uses tools like

spk_0 Cobalt Shrike and bad iis malware to hijack search results and steal credentials all while

spk_0 locking out rival attackers. Win big with whiz. Cloud security giant whiz is offering $4.5 million

spk_0 dollars in its new bug banning contest zero day dot cloud participants will demonstrate exploits

spk_0 against widely used cloud software live at black hat Europe in London this December. Top prizes

spk_0 reach $300,000 dollars for web server exploits with AI containers databases and dev ops platforms

spk_0 also in play. Looking to apply we've got that link in the show notes just head on over to the

spk_0 CISO series dot com. No CISO cares about a vendor's technical innovation for its own sake.

spk_0 They care about how the vendor solution can help solve their problems. It's a simple concept,

spk_0 yet so many vendors miss the mark when they make their pitch. We dig into why on the latest episode

spk_0 of the CISO series podcast. Look for the episode don't worry we'll get to solving your problem

spk_0 on slide 87. And if you've made cybersecurity headlines part of your morning routine remember to

spk_0 share it with a friend or coworker we'd really appreciate it. I'm Lauren Verno reporting for the CISO

spk_0 series.

spk_0 Cybersecurity headlines are available every weekday head to CISO series dot com for the full stories

spk_0 behind the headlines.

Unity vulnerability, Oracle zero-day patched, Discord user info exposed

Interactive Transcript

Topics Covered

Related Episodes

Out on a Limb | Nov 2nd | Hillhurst United Church

How Do You Respond to Jesus? John 5:16–47 :Daily Devotional, Daily Bible Study

Episode 240: Otto Aerospace CEO Paul Touw talks teardrop, laminar flow, and Phantom 3500

Burnout, Breakthroughs, and the Power of Getting Back Outdoors | Gun Talk Hunt

Share Episode