Weekly Cybersecurity Recap - 6 October 2025

Introduction

As October unfolds, the cybersecurity landscape is heating up with new attacks on enterprise systems, AI-driven exploits, and large-scale data breaches. This week’s stories range from Oracle’s extortion investigation and Red Hat’s data exposure to the alarming discovery of a self-spreading WhatsApp malware. Let’s dive into the key developments shaping the week in cybersecurity.

Threat Intelligence and Data Breaches

Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks

Oracle confirmed receiving multiple extortion reports from customers, suggesting attackers may have exploited vulnerabilities patched earlier this year. Google Threat Intelligence Group (GTIG) and Mandiant noted that executives using Oracle’s E-Business Suite were sent emails claiming the theft of sensitive information, possibly tied to these known flaws.

Red Hat Confirms GitLab Instance Hack, Data Theft

Red Hat acknowledged that one of its GitLab instances was breached, with threat actors claiming to have stolen 28,000 private repositories. While initial reports pointed to GitHub, Red Hat clarified the incident involved a GitLab server used by its Consulting team. The scope of the breach underscores the risks tied to code hosting platforms.

Ransomware Group Debuts Salesforce Customer Data Leak Site

A ransomware gang has launched a dark web leak site targeting victims of a major Salesforce-related data breach. The Scattered Lapsus$ Hunters group listed 39 organizations - including Disney, Cisco, and McDonald’s - allegedly impacted through integrations between Salesforce and AI chatbot tools. The campaign highlights growing risks from AI-enabled third-party integrations.

Emerging Malware and Exploits

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief

Researchers have disclosed a novel attack dubbed CometJacking that transforms Perplexity’s Comet AI browser into a data exfiltration tool with a single click. The exploit leverages hidden prompt injections via malicious links to siphon sensitive data from connected services, such as emails and calendars, without user awareness.

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The Rhadamanthys information stealer continues to evolve, now incorporating device fingerprinting and PNG steganography for stealthy data extraction. Researchers note that its operators are also marketing related tools like Elysium Proxy Bot, signaling the expansion of a larger cybercrime toolkit ecosystem.

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Trend Micro has identified SORVEPOTEL, a self-replicating malware spreading rapidly across WhatsApp in Brazil. The malware abuses users’ trust in the platform to infect Windows systems, prioritizing mass propagation over traditional data theft or ransomware tactics.

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

A malicious Python package named soopsocks was discovered on PyPI, posing as a legitimate SOCKS5 proxy tool while secretly deploying backdoors. The package racked up over 2,600 downloads before its removal, illustrating the persistent risk of supply chain attacks via open-source repositories.

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are hijacking Milesight industrial routers to send smishing messages targeting European users. By exploiting router APIs, attackers deliver phishing links impersonating government and financial institutions in Sweden, Italy, and Belgium. The abuse of IoT infrastructure adds a new layer of complexity to phishing campaigns.

Reports and Research

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

Bitdefender’s 2025 Cybersecurity Report paints a troubling picture: organizations are increasingly concealing breaches, attack surfaces are expanding, and misconceptions about AI’s defensive power are on the rise. Drawing from 1,200 professionals and 700,000 incidents, the study reveals deepening challenges across leadership and frontline security teams.

Cybersecurity researchers find vulnerabilities in popular tracking device

Researchers at Georgia Tech uncovered critical flaws in Tile tracking devices that could be exploited for stalking and surveillance. The findings show that not only can legitimate authorities misuse tracking data, but malicious actors can too, raising new privacy and safety concerns for everyday users.