Podcast Detail

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9642.mp3

Oracle 0-Day

00:00

My Next Class

Application Security: Securing Web Apps, APIs, and Microservices	Dallas	Dec 1st - Dec 6th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Mar 29th - Apr 3rd 2026

… more classes

Oracle E-Business Suite 0-Day CVE-2025-61882
Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability.
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Zimbra Exploit Analysis
An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems.
https://strikeready.com/blog/0day-ics-attack-in-the-wild/

Unity Editor Vulnerability CVE-2025-59489
The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions
https://unity.com/security/sept-2025-01

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Application Security: Securing Web Apps, APIs, and Microservices	Dallas	Dec 1st - Dec 6th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Mar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-Depth	Amsterdam	Apr 20th - Apr 25th 2026
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 11th - May 16th 2026

no transcript found