F5 Breach Response, Windows 10 Patch, Oracle Security Flaws – Cybersecurity News [October 13, 2025]

It’s been a hectic week for enterprise security, with several major companies pushing out critical fixes. F5 admitted that attackers stole its BIG-IP source code, which even triggered a federal emergency directive. Microsoft wasn’t far behind, releasing 183 patches, including three zero-days, just as Windows 10 support was ending, and it had to tighten security on Edge’s IE mode after reports of it being exploited. On top of that, successive flaws struck Oracle’s E-Business Suite, and Cisco devices were hit by a new campaign called Operation Zero Disco that used a zero-day exploit to deploy stealthy Linux rootkits.

F5 Security Breach Triggers Nationwide Security Response

F5 just announced a major security breach, confirming that hackers got into its systems and made off with parts of the BIG-IP source code and details about unpatched security flaws. The company is calling it the work of a highly sophisticated, long-term attacker. While it’s a relief that no customer, financial, or support systems were hit, F5 did say a small number of customer configuration files were exposed and that they’re notifying those clients directly. In response, the company has brought in outside cybersecurity experts to investigate, changed its credentials, and is beefing up its security.

Following the news, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency order for federal agencies to find all their F5 products, lock down exposed interfaces, and install the latest updates by October 22, 2025. CISA is worried that the stolen code could help attackers discover and exploit new vulnerabilities. The hackers were inside the network for at least a year using a backdoor called BRICKSTORM. Experts warn that having this proprietary code could speed up the creation of new exploits, so F5 is now rushing to patch its products.

 Microsoft Closes Windows 10 Era with 183 Fixes, Three Under Active Attack

Microsoft’s October update is one of its largest ever, fixing a whopping 183 security flaws, and three of them are already being actively exploited by attackers. This big patch release comes just as official support for Windows 10 ends for everyone not enrolled in the paid Extended Security Updates (ESU) program. The most serious of the exploited bugs are a couple of privilege escalation flaws in the Windows Agere Modem Driver and the Remote Access Connection Manager, both of which could give an attacker full administrator control. A third flaw in IGEL OS’s Secure Boot is also being used to tamper with virtual desktops. CISA has added all three to its must-patch list, with a deadline of November 4, 2025 for federal agencies.

The latest update also covers multiple severe flaws, including a Windows Server Update Service bug that could enable remote code execution (CVSS 9.8). Two other flaws, rated an even higher 9.9, could allow an attacker to escape a virtual machine or bypass security features in ASP.NET. Beyond Microsoft, more than 50 technology providers such as Adobe, Cisco, Google, and AWS have also pushed critical updates, marking one of the busiest patch cycles in recent months.

Oracle E-Business Suite Hit By Two New Security Flaws

Oracle is sounding the alarm about a newly discovered flaw in its E-Business Suite that could let attackers get their hands on sensitive business data. The flaw, tracked as CVE-2025-61884, is considered serious with a CVSS score of 7.5. It impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14. The concern lies in the fact that attackers can exploit it remotely over the internet without authentication, which could allow them to gain complete access to data stored within the Oracle Configurator component. Early signs suggest attackers are already probing exposed Oracle E-Business Suite systems, making it crucial for organisations to apply the latest patch without delay.

This news comes right on the heels of another critical zero-day vulnerability, CVE-2025-61882, which was actively exploited in recent cyberattacks targeting the same E-Business Suite. That incident hit dozens of organizations worldwide with multiple malware payloads, and researchers believe financially motivated hackers were behind it. With two major flaws popping up in just a few weeks, experts are warning that anyone using Oracle E-Business Suite needs to prioritize updates and start keeping a much closer eye on their systems for any strange activity.

Confucius Hackers Roll Out New Backdoor in Phishing Campaigns

Microsoft has made some big changes to the Internet Explorer (IE) mode in its Edge browser after discovering hackers were using it to compromise user devices. The company said it received credible reports back in August 2025 that attackers were using social engineering tricks and unpatched IE zero-day flaws to gain remote access. According to Microsoft’s security team, victims were lured to legitimate-looking websites where popups would prompt them to reload the page in IE mode. Once they did, attackers exploited a vulnerability to run malicious code and gain full control of the system, completely bypassing the security of modern browsers.

To fix this, Microsoft has made it much harder to activate IE mode. They have removed the shortcut buttons, context menus, and toolbar options that made it easy to launch. From now on, users will have to manually enable the feature in their Edge settings and then add trusted sites to an allowlist. Microsoft says these changes will make it more difficult for attackers to abuse the old feature, while still providing limited support for older web applications that need it.

Hackers Deploy Rootkits via Cisco Zero-Day in Operation Zero Disco

A new cyber campaign, dubbed “Operation Zero Disco,” is targeting Cisco networking devices by exploiting a recently patched flaw. The vulnerability, known as CVE-2025-20352, was a zero-day before a fix was available and affects Cisco’s IOS and IOS XE software. It allows attackers to remotely run malicious code on a device by sending specially crafted packets. Trend Micro reports that the campaign has mostly hit older Cisco switches like the 9400, 9300, and even the legacy 3750G series, many of which don’t have modern security protections.

The attackers are using the flaw to install Linux based rootkits that mess with the device’s core software. They even set a universal password that includes the word “disco,” a clever play on “Cisco.” These rootkits give the intruders deep system control, letting them hide their changes, bypass logins, and turn off logging to stay hidden. The operation also tried to use an older Telnet vulnerability to get even more access. It seems the main goal is to maintain quiet, long term control over outdated gear. Cisco is strongly advising users to patch their devices right away and watch their networks for anything unusual.