Google says over 100 orgs affected by Oracle-linked extortion campaign — Google’s Threat Intelligence Group reported “likely over 100” organizations targeted since early September by an extortion campaign abusing Oracle E-Business Suite, with executives receiving ransom emails and data theft claims (09-10-2025) [Global]. IR teams should validate Oracle EBS exposure, hunt for suspicious job executions and email-originating exfiltration, and coordinate with legal on ransom communications (Source: Reuters, 09-10-2025). :contentReference[oaicite:0]{index=0}

BK Technologies discloses data breach — US radio communications firm BK Technologies admitted a breach impacting corporate systems, with investigations ongoing and mitigation steps under way (09-10-2025) [US]. DFIR teams in critical communications supply chains should assess vendor access paths and prepare containment runbooks for operational technology dependencies (Source: SC Media, 09-10-2025). :contentReference[oaicite:1]{index=1}

Researchers trace Oracle E-Business Suite intrusions to data-theft extortion — Google/Mandiant investigators detailed a campaign dating to July with active exploitation in recent months and executive extortion emails tied to Clop-linked actors (09-10-2025) [US]. The findings provide indicators and tradecraft for case correlation across sectors using Oracle EBS, aiding scoping and evidence preservation (Source: CyberScoop, 09-10-2025). :contentReference[oaicite:2]{index=2}

Discord investigation confirms 70,000 user ID images stolen via third party — Discord said attackers stole government ID photos submitted to support/Trust & Safety through a compromised vendor process, affecting about 70,000 users (09-10-2025) [Global]. The case highlights third-party evidence collection risks and the need to vet age/identity verification providers for secure retention and breach notification workflows (Source: SecurityWeek, 09-10-2025). :contentReference[oaicite:3]{index=3}

Discord breach exposes ID photos for 70,000 users — Following an earlier disclosure, Discord confirmed theft of government ID images from a support vendor environment used for age appeals and trust/safety interactions (09-10-2025) [Global]. Platforms outsourcing ID checks should re-assess vendor access controls and data retention to prevent mass exposure of sensitive PII (Source: SecurityWeek, 09-10-2025). :contentReference[oaicite:4]{index=4}

Over 100 Oracle customers targeted in cyberattack wave — Google researchers disclosed a large-scale data theft and extortion campaign against Oracle E-Business Suite customers, with ransom emails sent from compromised third-party accounts (10-10-2025) [EMEA]. Affected enterprises should prioritize patching and log review for EBS components and treat extortion emails as potential incident indicators (Source: The Times (UK), 10-10-2025). :contentReference[oaicite:5]{index=5}

Qilin claims breach of Japan’s Asahi Group — The Qilin ransomware group posted 27 GB of alleged Asahi data, including financial and employee details, after a disruptive attack (10-10-2025) [APAC]. Food & beverage manufacturers should review segmentation and backup isolation due to sustained ransomware focus on process industries (Source: SC Media World/Comparitech via SCW brief, 10-10-2025). :contentReference[oaicite:6]{index=6}

CISA adds new vulnerability to Known Exploited Vulnerabilities (KEV) — CISA updated the KEV catalog on 09-10-2025 and set remediation deadlines for federal agencies, signaling confirmed in-the-wild exploitation (09-10-2025) [US]. Security teams should align patch SLAs to KEV entries and track due dates to reduce exposure windows (Source: CISA, 09-10-2025). :contentReference[oaicite:7]{index=7}

CISA releases four ICS advisories — New advisories detail vulnerabilities across OT products including Hitachi Energy and Rockwell Automation integrations, with mitigation guidance for asset owners (09-10-2025) [US]. OT defenders should review advisories, apply vendor patches, and validate network segmentation and monitoring in industrial environments (Source: CISA, 09-10-2025). :contentReference[oaicite:8]{index=8}

GoAnywhere MFT flaw actively exploited by ransomware operators — Microsoft and researchers warned that CVE-2025-10035 has been exploited since September 10, enabling command injection and ransomware deployment, with patches available (08-10-2025) [Global]. Organizations should upgrade to fixed releases or remove public exposure and search logs for suspicious license validation artifacts (Source: TechRadar Pro, 08-10-2025). :contentReference[oaicite:9]{index=9}

Oracle rushes patch for zero-day in E-Business Suite amid active attacks — Oracle issued an emergency fix for a critical RCE (severity 9.8) affecting EBS 12.2.x after reports of exploitation tied to extortion campaigns (07-10-2025) [Global]. ERP owners should expedite patching and harden EBS web components facing the Internet (Source: TechRadar Pro, 07-10-2025). :contentReference[oaicite:10]{index=10}

Authorities seize new BreachForums clearnet domain — An international operation took down the latest public domain used by the notorious cybercrime marketplace, disrupting access for data traders (10-10-2025) [Global]. The seizure pressures criminal infrastructure and may trigger migration to mirrors, offering new investigative leads (Source: Cyber Security News, 10-10-2025). :contentReference[oaicite:11]{index=11}

UK CPS: dark-web offender jailed for multiple CSA offences — The Crown Prosecution Service reported an 18-year sentence (plus extended term) following guilty pleas to 41 counts involving dark-web abuse material and exploitation (10-10-2025) [UK]. The case underscores coordination between cyber investigations and safeguarding units to attribute online harm and secure long custodial outcomes (Source: CPS, 10-10-2025). :contentReference[oaicite:12]{index=12}

UK tribunal backs ICO in Clearview AI enforcement case — The Upper Tribunal ruled the ICO can pursue enforcement against Clearview AI for unlawful scraping and processing of UK residents’ biometric data (09-10-2025) [UK]. The decision strengthens regulators’ hand on biometric data use and sets expectations for global vendors handling UK data (Source: The Register, 09-10-2025). :contentReference[oaicite:13]{index=13}

Industry urges clear guidance on EU AI transparency rules — Software Alliance (BSA) called on the EU to issue practical guidance for AI transparency obligations as implementation accelerates (09-10-2025) [EU]. CISOs and compliance leads should anticipate documentation and disclosure requirements for AI-enabled products and vendor risk programs (Source: BSA, 09-10-2025). :contentReference[oaicite:14]{index=14}

ENISA Threat Landscape 2025 released — ENISA’s annual report (TLP:CLEAR) summarises July 2024–June 2025 activity and highlights rapid vulnerability exploitation and tool reuse across threat actors (07-10-2025) [EU]. Teams can align control priorities and tabletop scenarios to the trends and sectors flagged in the report (Source: ENISA, 07-10-2025). :contentReference[oaicite:15]{index=15}

KEV update sets remediation deadlines — CISA’s 09-10-2025 KEV addition imposes due dates for FCEB agencies and signals urgency for all enterprises to patch actively exploited flaws (09-10-2025) [US]. Map KEV entries to asset inventories and enforce patch windows as compliance metrics (Source: CISA, 09-10-2025). :contentReference[oaicite:16]{index=16}

OT vendors issue fixes in new ICS advisories — CISA published four ICS advisories covering multiple vendors and advising patching, segmentation and monitoring enhancements (09-10-2025) [US]. OT compliance programs should record advisory impact assessments and change-management evidence for auditors (Source: CISA, 09-10-2025). :contentReference[oaicite:17]{index=17}