---
title: "F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13, 2025] | DuoCircle"
description: "F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/"
---

Quick Answer

Cybersecurity news for the week of October 13, 2025\. F5 confirmed attackers stole BIG-IP source code and details of unpatched flaws, prompting a CISA emergency directive requiring federal agencies to patch and lock down F5 products by October 22, 2025; the BRICKSTORM backdoor was used and attackers had network access for at least a year. Microsoft closed out Windows 10 with 183 patches including three actively exploited zero-days, and tightened Edge IE-mode security. Oracle pushed successive E-Business Suite fixes. Cisco devices were hit by Operation Zero Disco, which used a zero-day to deploy stealthy Linux rootkits.

F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News \[October 13, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/10/F5-Breach-Response-Windows-10-Patch-Oracle-Security-Flaws---Cybersecurity-News-October-13-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-43-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=F5%20Breach%20Response%2C%20Windows%2010%20Patch%2C%20Oracle%20Security%20Flaws%2C%20Cybersecurity%20News%20%5BOctober%2013%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-43-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-43-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-43-of-2025%2F&title=F5%20Breach%20Response%2C%20Windows%2010%20Patch%2C%20Oracle%20Security%20Flaws%2C%20Cybersecurity%20News%20%5BOctober%2013%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=F5%20Breach%20Response%2C%20Windows%2010%20Patch%2C%20Oracle%20Security%20Flaws%2C%20Cybersecurity%20News%20%5BOctober%2013%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-43-of-2025%2F "Share via Email") 

![DuoCircle blog post image](https://media.mailhop.org/duocircle/images/2025/10/dkim-validation-5602.jpg) 

It’s been a hectic **week for enterprise security**, with several major companies pushing out critical fixes. F5 admitted that attackers stole its BIG-IP source code, which even triggered a federal emergency directive. Microsoft wasn’t far behind, releasing 183 patches, including three zero-days, just as Windows 10 support was ending, and it had to tighten security on Edge’s IE mode after reports of it being exploited. On top of that, successive flaws struck Oracle’s E-Business Suite, and Cisco devices were hit by a new campaign called Operation Zero Disco that used a [zero-day exploit](https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html) to deploy stealthy Linux rootkits.

## F5 Security Breach Triggers Nationwide Security Response

F5 just announced [a major security breach](https://my.f5.com/manage/s/article/K000154696), confirming that hackers got into its systems and made off with parts of the BIG-IP source code and [details about unpatched security flaws](https://my.f5.com/manage/s/article/K000156572). _The company is calling it the work of a highly sophisticated, long-term attacker. While it’s a relief that no customer, financial, or support systems were hit, F5 did say a small number of customer configuration files were exposed and that they’re notifying those clients directly_. In response, the company has brought in outside [cybersecurity](/) experts to investigate, changed its credentials, and is beefing up its security.

Following the news, the [U.S. Cybersecurity and Infrastructure Security Agency (CISA)](https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-directs-federal-agencies-mitigate-vulnerabilities-f5-devices) issued an emergency order for federal agencies to find all their F5 products, lock down exposed interfaces, and install the **latest updates by October 22, 2025**. CISA is worried that the stolen code could help attackers discover and exploit new vulnerabilities. The hackers were inside the network for at least a year using [a backdoor called BRICKSTORM](https://www.bloomberg.com/news/articles/2025-10-16/potentially-catastrophic-breach-of-cyber-firm-blamed-on-china). Experts warn that having this proprietary code could speed up the creation of new exploits, so F5 is now rushing to patch its products.

[![security Breach](https://media.mailhop.org/duocircle/images/2025/10/spf-validator-3666.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-validator-3666.jpg)

##  Microsoft Closes Windows 10 Era with 183 Fixes, Three Under Active Attack

**Microsoft’s October update** is one of its largest ever, [fixing a whopping 183 security flaws](https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct), and three of them are already being actively exploited by attackers. This big patch release comes just as [official support for Windows 10 ends](https://support.microsoft.com/en-us/windows/windows-10-support-has-ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281) for everyone not enrolled in the paid [Extended Security Updates (ESU) program](https://www.microsoft.com/en-in/windows/extended-security-updates?r=1). The most serious of the exploited bugs are a couple of privilege escalation flaws in the Windows Agere Modem Driver and the [Remote Access Connection Manager](https://gbhackers.com/hackers-exploit-windows-remote-access-connection-manager-0-day/), both of which could give an attacker full administrator control. A third flaw in IGEL OS’s Secure Boot is also being used to tamper with virtual desktops. CISA has added all three to its must-patch list, with a deadline of [November 4, 2025](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) for federal agencies.

The latest update also covers multiple severe flaws, including a **Windows Server Update Service bug** that could enable remote code execution ([CVSS 9.8](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287)). Two other flaws, rated an even [higher 9.9](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49708), could allow an attacker to escape a virtual machine or bypass security features in ASP.NET. Beyond Microsoft, more than 50 technology providers such as [Adobe](https://helpx.adobe.com/security/security-bulletin.html), [Cisco](https://tools.cisco.com/security/center/publicationListing.x), [Google](https://cloud.google.com/support/bulletins), and [AWS](https://aws.amazon.com/security/security-bulletins/) have also pushed critical updates, marking one of the busiest patch cycles in recent months.

[![Microsoft Closes Windows ](https://media.mailhop.org/duocircle/images/2025/10/spf-record-2666.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-record-2666.jpg)

## Oracle E-Business Suite Hit By Two New Security Flaws

Oracle is sounding the alarm about a newly discovered [flaw in its E-Business Suite](https://www.oracle.com/security-alerts/alert-cve-2025-61884.html) that could let attackers get their hands on sensitive business data. The flaw, tracked as [CVE-2025-61884](https://nvd.nist.gov/vuln/detail/CVE-2025-61884), is considered serious with a CVSS score of 7.5\. It impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14\. The concern lies in the fact that attackers can exploit it remotely over the internet without authentication, which could allow them to gain complete access to data stored within the **Oracle Configurator component**. Early signs suggest attackers are already probing exposed Oracle E-Business Suite systems, making it crucial for organisations to apply the latest patch without delay.

This news comes right on the heels of [another critical zero-day vulnerability](https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation), [CVE-2025-61882](https://nvd.nist.gov/vuln/detail/CVE-2025-61882), which was actively exploited in recent cyberattacks targeting the same E-Business Suite. _That incident hit dozens of organizations worldwide with multiple malware payloads, and researchers believe financially motivated hackers were behind it_. With two major flaws popping up in just a few weeks, experts are warning that anyone using **Oracle E-Business Suite** needs to prioritize updates and start keeping a much closer eye on their systems for any strange activity.

**[![E-Business Suite](https://media.mailhop.org/duocircle/images/2025/10/spf-record-tester-9756.jpg)](https://media.mailhop.org/duocircle/images/2025/10/spf-record-tester-9756.jpg)**

## Confucius Hackers Roll Out New Backdoor in Phishing Campaigns

Microsoft has made some big [changes to the Internet Explorer (IE) mode in its Edge browser](https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/) after discovering hackers were using it to compromise user devices. The company said it received **credible reports back in August 2025** that attackers were using [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) tricks and unpatched IE zero-day flaws to gain remote access. According to Microsoft’s security team, victims were lured to legitimate-looking websites where popups would prompt them to reload the page in IE mode. Once they did, attackers exploited a vulnerability to [run malicious code](https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/) and gain full control of the system, completely bypassing the security of modern browsers.

To fix this, [Microsoft has made it much harder to activate IE mode](https://learn.microsoft.com/en-us/deployedge/edge-ie-mode). _They have removed the shortcut buttons, context menus, and toolbar options that made it easy to launch_. From now on, users will have to **manually enable the feature** in their Edge settings and then add trusted sites to an allowlist. Microsoft says these changes will make it more difficult for attackers to abuse the old feature, while still providing limited support for older web applications that need it.

[![attackers exploit vulnerability](https://media.mailhop.org/duocircle/images/2025/10/email-migration-service-5603.jpg)](https://media.mailhop.org/duocircle/images/2025/10/email-migration-service-5603.jpg)

## Hackers Deploy Rootkits via Cisco Zero-Day in Operation Zero Disco

A new cyber campaign, dubbed “[Operation Zero Disco](https://www.trendmicro.com/en%5Fus/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html),” is targeting Cisco networking devices by exploiting a recently patched flaw. The vulnerability, known as [CVE-2025-20352](https://nvd.nist.gov/vuln/detail/CVE-2025-20352), was a zero-day before a fix was available and affects **Cisco’s IOS and IOS XE software**. It allows attackers to remotely run malicious code on a device by sending specially crafted packets. Trend Micro reports that the campaign has mostly hit older Cisco switches like the [9400](https://www.cisco.com/site/in/en/products/networking/switches/catalyst-9400-series-switches/index.html), [9300](https://www.cisco.com/site/in/en/products/networking/switches/catalyst-9300-series-switches/index.html), and even the [legacy 3750G series](https://www.cisco.com/c/en/us/support/switches/catalyst-3750-series-switches/series.html), many of which don’t have modern security protections.

_The attackers are using the flaw to install Linux based rootkits that mess with the device’s core software_. They even set a universal password that includes the word “disco,” a clever play on “Cisco.” These rootkits give the intruders deep system control, letting them hide their changes, bypass logins, and turn off logging to stay hidden. The operation also tried to use an [older Telnet vulnerability](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte) to get even more access. It seems the main goal is to maintain quiet, long term **control over outdated gear**. Cisco is strongly advising users to patch their devices right away and watch their networks for anything unusual.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13, 2025]","description":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/","datePublished":"2025-10-23T14:52:25.000Z","dateModified":"2025-10-23T17:37:39.000Z","dateCreated":"2025-10-23T14:52:25.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1109,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/10/dkim-validation-5602.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13, 2025]","description":"F5 Breach Response, Windows 10 Patch, Oracle Security Flaws, Cybersecurity News [October 13.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/","datePublished":"2025-10-23T14:52:25.000Z","dateModified":"2025-10-23T17:37:39.000Z","dateCreated":"2025-10-23T14:52:25.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-43-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1109,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/10/dkim-validation-5602.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```