SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day
Oct 6, 2025
A new Oracle E-Business Suite vulnerability has been exploited by the Cl0p ransomware gang, leading to urgent patching needs. Meanwhile, an analysis of a Zimbra exploit shows risks linked to .ics files, targeting vulnerable systems. The Unity game editor is also in the spotlight due to a critical security flaw that could allow code execution, requiring urgent updates for impacted builds. Cybersecurity professionals are urged to take immediate action to safeguard their systems.
AI Snips
Chapters
Transcript
Episode notes
Treat Cl0p Notices As Real Incidents
- If you received a Cl0p ransom letter about Oracle E-Business Suite, treat it as real and start incident response immediately.
- Apply Oracle's new patch and ensure the June 2023 update is already installed before applying the new fix.
Vendor Assessments Can Rapidly Change
- Oracle initially thought the exploited bug was the June patch, but later released a new high-severity (9.8) fix.
- This shows initial vendor assessments can change rapidly during active exploitation events.
Hunt Using Oracle's Provided IOCs
- Check your systems for Oracle's provided IOCs including IPs, malware hashes, and reverse-shell indicators.
- If you find the generic backdoor or connections to the listed IPs, assume compromise regardless of attacker identity.