In today’s hyper-connected world, the question is not if your organization will be targeted by cybercriminals, but when. The past week has been a stark reminder of this reality, with a surge in sophisticated cyberattacks impacting businesses of all sizes across the United States. From critical zero-day vulnerabilities to widespread ransomware campaigns, the threat landscape is more dangerous than ever. Staying informed is the first step towards building a resilient defense.
The first step in any robust cybersecurity strategy is to understand your vulnerabilities. We strongly recommend running a Cyber Penetration Test to identify and address security risks before they can be exploited by malicious actors.
A critical zero-day vulnerability in Oracle’s E-Business Suite is being actively exploited by the Cl0p ransomware gang and other threat actors. The flaw, which has been exploited since at least August 2025, allows attackers to gain initial access to target networks, leading to data theft and ransomware deployment. The FBI and CISA have both issued urgent warnings, with CISA adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Despite a patch being available, hundreds of organizations remain vulnerable.
Organizations of all sizes that use Oracle E-Business Suite for financial management, supply chain management, and manufacturing are at high risk. This includes businesses in the manufacturing, financial services, and technology sectors. Given the widespread use of this software, the impact is cross-sectoral, and any company using this platform should assume they are a target.
A significant breach of Red Hat’s consulting GitLab instance has resulted in the theft of 570GB of sensitive data from over 800 organizations. The cybercrime group Crimson Collective has claimed responsibility, leaking data allegedly belonging to major entities such as Bank of America, JPMorgan Chase, Verizon, AT&T, the U.S. Navy, the U.S. Senate, and the National Security Agency. The stolen data includes customer engagement reports, which could be used for sophisticated social engineering and spear-phishing attacks.
This is a classic supply chain attack, meaning any organization that is a customer of Red Hat’s consulting services is at risk. The most vulnerable sectors are financial services, telecommunications, and government contractors. The breach highlights the critical importance of third-party risk management.
In a concerning development for cybersecurity infrastructure, SonicWall confirmed that all of its Cloud Backup Service customers had their firewall configurations compromised. This is a far more severe incident than initially reported, as it gives attackers a blueprint of the security posture of affected organizations. This information can be used to bypass security controls and launch targeted attacks.
Any business that relies on SonicWall firewalls and its cloud backup service is directly impacted. This includes a wide range of industries, but small and medium-sized businesses (SMBs) that often rely on managed security services are particularly vulnerable, as are organizations in the healthcare and retail sectors that process sensitive customer data.
The FBI has issued a public warning about a trillion-dollar global scam industry that is increasingly using AI-powered voice cloning and deepfake technologies. These scams, which have affected over 100 million Americans in the past year, are used to impersonate family members, public figures, and company executives to elicit fraudulent payments. The FBI is now advising families to create a ‘secret word’ to verify identities over the phone.
Every industry is vulnerable to these social engineering attacks. However, individuals, families, and small businesses are the most susceptible. Attackers often target individuals with high net worth or those in positions of authority within a company. The financial and legal sectors are also prime targets for these types of scams.
A wave of extortion attempts targeting Salesforce customers has led to the theft of sensitive data from dozens of companies. The data was being sold on the notorious BreachForums, which the FBI successfully took down on October 10th. However, the threat is not over, as the stolen data can still be leaked by the attackers. In a related incident, Qantas Airways had 5 million customer records leaked after refusing to pay a ransom for data stolen from a Salesforce database.
Any business that uses Salesforce for customer relationship management (CRM) is a potential target. This breach has a wide-ranging impact across multiple sectors, but the most vulnerable are sales-driven organizations, e-commerce companies, and businesses with large customer databases.
A zero-day vulnerability in Gladinet’s file sharing software is being actively exploited in the wild. This flaw allows attackers to access system files without authentication, potentially leading to complete system compromise. Gladinet’s products are used by businesses for secure file sharing and collaboration, making this a critical vulnerability for many organizations.
Businesses that use Gladinet CentreStack or Triofox for file sharing are directly at risk. This includes organizations in the legal, financial, and healthcare sectors, where the secure sharing of sensitive documents is paramount. The vulnerability could allow attackers to access confidential client data, financial records, and patient information.
A ransomware attack on Motility Software Solutions, a provider of software for specialty automotive dealerships, has exposed the personally identifiable information (PII) of 766,000 individuals. The breach, which involved the encryption of internal systems, compromised sensitive data including names, Social Security numbers, and driver’s license numbers. This attack has a significant supply chain impact on the US automotive industry.
The automotive industry, particularly specialty vehicle dealerships, is the primary victim of this attack. The breach not only affects the dealerships themselves but also their customers whose sensitive information has been compromised. This incident highlights the vulnerability of specialized software providers and their downstream customers.
A coordinated campaign has been launched against major network security vendors, including Cisco, Fortinet, and Palo Alto Networks. The attacks, which originate from the same infrastructure, are targeting critical infrastructure devices. This represents a significant threat to the security of corporate and government networks that rely on these products for protection.
This attack has a broad impact across all sectors, as it targets the very foundation of network security. Organizations in critical infrastructure sectors such as energy, finance, and government are particularly at risk. A successful attack on these devices could lead to widespread network outages and data breaches.
The Radiant ransomware group has been on a rampage, targeting multiple US organizations in the past week. Victims include a Minnesota hospital, a Texas retail company, and Kido Schools, a nursery where children’s data was exposed. The group is known for its aggressive tactics, including a 7-day deadline for victims to make contact before data is leaked.
The Radiant group has demonstrated its ability to target a diverse range of industries. The most vulnerable sectors appear to be healthcare, retail, and education. The attack on Kido Schools is particularly egregious, highlighting the willingness of ransomware groups to target even the most vulnerable populations.
The notorious LockBit ransomware gang has formed alliances with other major players in the cybercrime world, including the DragonForce and Qilin groups. This consolidation of power creates a more formidable threat for organizations worldwide. A new variant, LockBit 5.0, has also been released, and the Health Information Sharing and Analysis Center (Health-ISAC) has issued a bulletin warning of the increased threat to the healthcare sector.
While all industries are at risk from LockBit, the healthcare sector has been specifically singled out as a primary target. The alliance of these powerful ransomware groups means that attacks are likely to become more sophisticated and widespread. Organizations of all sizes need to be on high alert.
👉 Visit our website and apply for a grant today to strengthen your defenses.
Don’t wait until it’s too late. Take the first step towards a more secure future by running a Cyber Penetration Test and exploring the grant opportunities available through the Cyber Grants Alliance.
