---
title: "Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06, 2025] | DuoCircle"
description: "Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/"
---

Quick Answer

Cybersecurity news for the week of October 6, 2025\. A critical WordPress flaw was widely exploited to hijack admin accounts, with over 13,800 attack attempts recorded. SonicWall confirmed firewall backup files for all cloud-backup customers were exposed, reversing earlier claims of limited impact. Oracle issued an emergency patch for a zero-day in E-Business Suite after Cl0p ransomware actors used it for large-scale data theft. Discord disclosed exposure of registered users' ID photos. Florida's Doctors Imaging Group reported a breach affecting over 171,000 patients, alongside incidents at Rectangle Health and Care N' Care.

Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News \[October 06, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/10/Hackers-Hijack-WordPress-SonicWall-Backup-Breach-Oracle-Data-Theft---Cybersecurity-News-October-06-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-42-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Hackers%20Hijack%20WordPress%2C%20SonicWall%20Backup%20Breach%2C%20Oracle%20Data%20Theft%2C%20Cybersecurity%20News%20%5BOctober%2006%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-42-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-42-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-42-of-2025%2F&title=Hackers%20Hijack%20WordPress%2C%20SonicWall%20Backup%20Breach%2C%20Oracle%20Data%20Theft%2C%20Cybersecurity%20News%20%5BOctober%2006%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=Hackers%20Hijack%20WordPress%2C%20SonicWall%20Backup%20Breach%2C%20Oracle%20Data%20Theft%2C%20Cybersecurity%20News%20%5BOctober%2006%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-42-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/10/sendgrid-alternative-4502.jpg) 

We are once again back with fresh news pieces **highlighting the important news** where major platforms and giant industries have been targeted. To start with, a critical WordPress flaw is being widely exploited to [hijack administrator accounts](https://www.malwarebytes.com/blog/news/2025/03/fake-captcha-websites-hijack-your-clipboard-to-install-information-stealers), with over 13,800 attack attempts recorded. SonicWall confirmed that firewall backup files for all cloud backup customers were exposed in a breach, overturning earlier claims of limited impact.

Strengthen your [email security](/) with [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), DKIM, and [DMARC](/resources/what-is-dmarc) to prevent phishing, spoofing, and [cyber threats](https://www.infosecurity-magazine.com/news/us-intelligence-predicts-cyber/) in an increasingly targeted digital landscape.

Oracle rushed out an emergency patch for a zero-day in its **E-Business Suite** after [Cl0p ransomware actors](https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html) used it in large-scale data theft campaigns. _Discord disclosed the fact that its registered users’ ID photos were exposed in the wild, while Florida’s Doctors Imaging Group reported a major breach affecting more than 171,000 patients, alongside incidents at Rectangle Health and Care N’ Care_. Here are this week’s top updates.

## Hackers Exploit Critical WordPress Flaw to Take Over Websites

A serious **security bug** in the popular Service Finder WordPress theme in the new talk out of the town. The technical exploit allowed hackers to break into operational websites and take over administrator accounts. The flaw, tracked as [CVE-2025-5947](https://www.tenable.com/cve/CVE-2025-5947) with a top-severity score of 9.8, lies in the bundled Service Finder Bookings plugin. It was discovered by a researcher known as _Foxyyy_ and allows attackers to log in as any user without a password, simply by abusing the plugin’s weak cookie validation system. Once inside, attackers can completely hijack a site, adding malicious code, redirecting visitors to fake pages, or even using the site to host malware.

[![adding malicious](https://media.mailhop.org/duocircle/images/2025/10/spf-record-checker-0023.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-record-checker-0023.jpg)

[Security firm Wordfence](https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critical-vulnerability-in-service-finder-bookings-plugin/) has already recorded more than 13,800 attack attempts since **August 1, 2025**, though it’s unclear how many have been successful. The vulnerability affects all versions up to 6.0, and a patch was released on July 17, 2025, in version 6.1\. With more than 6,100 customers, the theme is a widespread target. _As is the case after every incident, the security experts are urging administrators to update their credentials immediately, review their access logs once, and check for any unauthorized intrusions or injected scripts to prevent a full site compromise and the distribution of malware_.

## SonicWall Confirms Breach Exposing Firewall Backup Files

[SonicWall has confirmed](https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330) that hackers were able to access firewall configuration backup files belonging to all customers who used its cloud backup service. These files contained encrypted credentials and configuration data, so while the **information is still protected**, it could, unfortunately, increase the risk of targeted attacks. The company is now busy alerting everyone affected and has [provided remediation playbooks](https://www.sonicwall.com/support/knowledge-base/remediation-playbook/250916130050523) to help them assess and secure their devices. Users are strongly encouraged to log in to their MySonicWall accounts to check for impacted firewalls. Systems that face the internet have been marked as a high priority.

This new information is a big reversal from **SonicWall’s earlier statement**, which suggested that less than 5% of its customers were actually affected. In response to the breach, the company has strengthened its infrastructure, improved its logging, and brought in stricter authentication controls to prevent anything like this from happening again. Although the organisation has not yet shared precise details regarding the mishap but it is advising all their registered users and clients to [reset their credentials](https://www.sonicwall.com/support/knowledge-base/essential-credential-reset/250909151701590) with no further delay, to carefully check their settings and configurations for open ends as a safeguard procedure.

[![Key Indicators of SoCs](https://media.mailhop.org/duocircle/images/2025/10/dmarc-report-service-0065.jpg)](https://media.mailhop.org/duocircle/images/2025/10/dmarc-report-service-0065.jpg)

## Oracle Zero-Day Exploited in Cl0p Data Theft Attacks

Security researchers have found a new Android banking trojan named [‘Datzbro’](https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams), which is spreading Oracle has pushed an emergency fix for a [critical zero-day flaw](https://www.darkreading.com/application-security/clop-ransomware-oracle-customers-zero-day-flaw) (CVE-2025-61882) in its E-Business Suite that’s already being used in data theft attacks by the Cl0p ransomware group. The vulnerability is extremely severe, as it allows attackers to run code remotely without any credentials and completely take over the **system’s Concurrent Processing component**. Oracle has now [patched the bug and shared details](https://www.oracle.com/security-alerts/alert-cve-2025-61882.html) about the attackers, which include signs of activity from the Scattered Spider, LAPSUS$, and ShinyHunters groups, suggesting they may be working together.

Researchers from Mandiant, CrowdStrike, and others confirmed that Cl0p started exploiting this **flaw in early August**, using a complex exploit chain to steal vast amounts of corporate data. Because the threat is so active, the U.S. [Cybersecurity and Infrastructure Security Agency](https://en.wikipedia.org/wiki/Cybersecurity%5Fand%5FInfrastructure%5FSecurity%5FAgency), also known as CISA, has added the vulnerability to its [Known Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), telling federal agencies to apply the fix by October 27, 2025\. All other Oracle EBS customers are strongly advised to install the latest updates immediately and check their systems for any indicators of SoCs (Signs of Compromise).

[![cybersecurity](https://media.mailhop.org/duocircle/images/2025/10/spf-record-0023.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-record-0023.jpg)

## Discord Breach Exposes 70,000 User ID Photos Through Third-Party Vendor

Discord, officially on this 03rd of October, [revealed](https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service) for a fact that official ID photos and support data for around 70,000 registered users were exposed after [threat actors](https://www.infosecurity-magazine.com/news/us-israel-iran-new-tradecraft/) breached [a third-party customer support provider](https://www.bbc.com/news/articles/c8jmzd972leo). We now know for a fact that the organisation’s mainframe systems were not part of the selective compromise, yet the attackers managed to gain access through stolen credentials linked to an outsourced vendor. This is a perfect case study for understanding how third-party security assessments are vital to consider! The leaked data includes **government IDs** used for age verification, personal details, and messages with Discord’s support teams, but no passwords, full credit card numbers, or in-app chats were taken.

A group called Scattered Lapsus$ Hunters has [claimed responsibility](https://www.bitdefender.com/en-us/blog/hotforsecurity/70-000-discord-users-photos-id), demanding millions in ransom (a trick to overwhelm the target with hefty money bundles) for an inside settlement. As the news suggests,

1. Discord has firmly refused to pay the participating actors.
2. Have revoked the vendor’s direct access
3. Promptly informed the **law enforcement agencies** a sper the compliance strategy.
4. Directly informed the targeted users and victims of the incident.

[![ Law enforcement ](https://media.mailhop.org/duocircle/images/2025/10/spf-record-check-0023.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-record-check-0023.jpg)

## Healthcare Organisations Disclose Data Breaches Impacting Over 200,000

[Doctors Imaging Group](https://www.hipaajournal.com/florida-radiology-practice-data-breach/), a Gainesville, Florida-based physician-owned radiology practice, has reported a [data breach](https://www.ibm.com/think/news/national-public-data-breach-publishes-private-data-billions-us-citizens) to the [HHS Office for Civil Rights](https://www.hhs.gov/ocr/index.html), as the majority of members were affected. The figure, as per the records, suggested, included 171,862 current and former patients. As part of the incident strategy, prime suspicious activities were detected within its computer network between **November 5, 2024, and November 11, 2024**. to be precise, as per the forensic reports. The digital forensic investigation confirmed that during the intrusion, files containing critical [PII data](https://en.wikipedia.org/wiki/Personal%5Fdata) of patients were copied in the open, and the integrity of the files was compromised.

The [same report](https://www.hipaajournal.com/florida-radiology-practice-data-breach/) also highlighted breaches involving Rectangle Health in **New York and Care N’ Care** in Texas. Rectangle Health is a Valhalla-based software company, experienced unauthorised access to its [Salesforce platform](https://www.salesforce.com/) on August 14, 2025\. The attack allegedly impacted 2,095 individuals, including 11 Maine residents, considering of stolen data such as names, dates of birth, and SSNs which is again critical PII data right! On a separate note, the organisation, coined as Care N’ Care, a Medicare Advantage health plan provider in North Texas, notified the [Texas Attorney General](https://www.texasattorneygeneral.gov/) of a hacking incident that targeted 32,452 Texas residents, with exposed data including names, addresses, dates of birth, Social Security numbers, medical information, and health insurance details.

## Topics

cyber securityDKIMDMARCemail securityNewsSecurityspfUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  GitHub Backdoor Threat, Cartier Data Breach, Fake RubyGems Steal, Cybersecurity News \[June 02, 2025\]  Jun 9, 2025 ](/blog/announcements/cyber-security-news-update-week-24-of-2025/)[  News 5m  Sri Lanka Cyberattack, SilentGlass Threat Defense, Rituals Data Breach, Cybersecurity News \[April 20, 2026\]  Apr 27, 2026 ](/blog/cyber-security-news-update-week-17-of-2026/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)[  News 6m  Vapor Apps Malware, Coinbase Phishing Scam, Medusa Ransomware Attack , Cybersecurity News \[March 17, 2025\]  Mar 24, 2025 ](/blog/announcements/cyber-security-news-update-week-13-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06, 2025]","description":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/","datePublished":"2025-10-13T17:23:30.000Z","dateModified":"2025-10-13T17:43:46.000Z","dateCreated":"2025-10-13T17:23:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/"},"articleSection":"announcements","keywords":"cyber security, DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":1198,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/10/sendgrid-alternative-4502.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06, 2025]","description":"Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News [October 06.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/","datePublished":"2025-10-13T17:23:30.000Z","dateModified":"2025-10-13T17:43:46.000Z","dateCreated":"2025-10-13T17:23:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-42-of-2025/"},"articleSection":"announcements","keywords":"cyber security, DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":1198,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/10/sendgrid-alternative-4502.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```