Risky Bulletin Risky Bulletin: Redis vulnerability impacts all versions released in the last 13 years
8 snips
Oct 7, 2025 Redis faces a critical vulnerability after 13 years, leaving many deployments open to remote code execution. Oracle rushes to fix an urgent zero-day that enabled unauthorized access in their eBusiness Suite. The Medusa group is linked to data theft from Fortra, marking a shift in their tactics. Meanwhile, India addresses flaws in its tax portal that exposed sensitive information. The conversation also touches on cybersecurity training cuts by the Pentagon and the international collaboration of Estonia and Ukraine to train cyber specialists.
AI Snips
Chapters
Transcript
Episode notes
Patch And Restrict Redis Immediately
- Disable or restrict internet-facing Redis instances and require authentication to reduce exposure.
- Apply the Redis patch promptly because Lua is enabled by default and the bug is critical.
Wide-Ranging Redis RCE Risk
- Redis patched a 13-year used-after bug in its Lua eval runtime that enables remote code execution.
- GoogleWiz found 60,000+ internet-facing Redis instances and the flaw got a 10/10 severity rating.
Oracle Zero-Day Used For Extortion
- Oracle released an out-of-band fix for a zero-day in eBusiness Suite that allowed auth bypass and code execution.
- The flaw has been used to steal data and extort customers, linked to the CLOP group.