In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• FBI intervenes in Scattered Spider Salesforce leaksite
• Clop loots Oracle E-Biz deployments
• Plus so much more data extortion.. At least it’s not ransomware … we guess?
• The US still can’t decide who’s gonna be in charge of NSA & Cybercom
• Cambodian scam compounds get sanctioned and $15b in crypto is seized
• NSO gets sold for pocket-lint-grade money
• Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.

Show Notes:

FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak https://therecord.media/breachforums-fbi-france-takedown-banner-scattered-spider-salesforce-leak

Oracle customers impacted by Clop data theft for extortion campaign https://cyberscoop.com/oracle-customers-attacks-clop-google-mandiant/

Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/

Clop is a Big Fish, But Not Worth Hunting https://risky.biz/clop-is-a-big-fish-but-not-worth-hunting/

ShinyHunters Wage Broad Corporate Extortion Spree https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/

Company Discord blamed for its recent breach says it wasn’t hacked https://www.engadget.com/cybersecurity/the-company-discord-blamed-for-its-recent-breach-says-it-wasnt-hacked-175536278.html

Qantas confirms cybercriminals released stolen data https://therecord.media/qantas-cybercriminals-stolen-data

Red Hat confirms breach of GitLab instance https://cyberscoop.com/red-hat-gitlab-attack-consulting-data/

Microsoft revamps Edge’s “IE Mode” after zero-day attacks https://risky.biz/microsoft-revamps-edges-ie-mode-after-zero-day-attacks/

Teenagers arrested in England over cyberattack on nursery chain Kido https://therecord.media/kido-nursery-school-chain-hack-arrests-britain

Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say https://therecord.media/william-hartman-not-nominee-nsa-cyber-command

Layoffs, reassignments further deplete CISA https://www.cybersecuritydive.com/news/cisa-layoffs-reassignments-dhs-white-house-government-shutdown/802723/

Trump’s scandalous directive to AG Pam Bondi reached the public by accident https://www.msnbc.com/rachel-maddow-show/maddowblog/trumps-scandalous-directive-ag-pam-bondi-reached-public-accident-rcna236927

Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman https://therecord.media/feds-sanction-cambodian-conglomerate-scams-seize-15-billion

US Congress committee investigating Musk-owned Starlink over Myanmar scam centres https://www.theguardian.com/world/2025/oct/14/us-congress-committee-investigating-musk-owned-starlink-over-myanmar-scam-centres

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/

Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia https://therecord.media/netherlands-special-powers-chinese-owned-semiconductor

Spyware maker NSO Group confirms acquisition by US investors https://techcrunch.com/2025/10/10/spyware-maker-nso-group-confirms-acquisition-by-us-investors/

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits https://www.wired.com/story/apple-announces-2-million-bug-bounty-reward/

Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal https://cyberscoop.com/sonicwall-customer-firewall-configurations-exposed/

SonicWall SSLVPN devices compromised using valid credentials https://www.cybersecuritydive.com/news/sonicwall-sslvpn-devices-compromised/802716/

Issues Affecting CrowdStrike Falcon Sensor for Windows https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities https://www.securityweek.com/zdi-drops-13-unpatched-ivanti-endpoint-manager-vulnerabilities/

Jaguar Land Rover launches phased restart at factories after cyber-attack https://www.theguardian.com/business/2025/oct/07/jaguar-land-rover-restart-production-suppliers-cyber-attack

Windows 10 support ends today https://www.tomshardware.com/software/windows/windows-10-is-no-longer-safe-to-run-heres-whos-affected-and-what-you-need-to-do