October 2025 Data Breach Roundup

 

October 2025 was another tough month for cybersecurity — with millions of personal and enterprise records leaked worldwide. From Qantas and Red Hat to Discord, Williams & Connolly, and SonicWall — threat actors targeted some of the world’s most trusted brands. According to bright defense, these are the five biggest breaches of October 2025: https://www.brightdefense.com/resources/recent-data-breaches/ 1. Qantas: 5.7M customer records leaked after ransom demands ignored 2. Red Hat: 570GB stolen from GitHub/GitLab systems, hitting NASA, Cisco & more 3. Discord: Vendor breach exposes 70K users’ data 4. Williams & Connolly: FBI investigating suspected China-linked law firm hacks 5. SonicWall: All cloud backup customers affected in major exposure Takeaway: Visibility and response speed are everything. Stay patched, stay alert, never assume your backups are bulletproof and of course, check out Plixer One to combat breaches. Subscribe for more cybersecurity updates, breach breakdowns, and threat intel every week. #CyberSecurity #DataBreach #InfoSec #Qantas #RedHat #Discord #SonicWall #HackingNews #NetworkSecurity #CyberAttack #CyberThreats #CloudSecurity #Ransomware #TechNews

Nation-State Breach Exposes “Imminent Threat” to Networks

 

One of the biggest cybersecurity stories of the week: thousands of networks — including U.S. government agencies and Fortune 500 companies — are facing an “imminent threat” following a major breach at Seattle-based software maker F5. Investigators say a China-linked nation-state actor maintained long-term, covert access to F5’s systems for nearly a year, stealing BIG-IP source code, customer configurations, and data on unpatched vulnerabilities. While F5 insists the threat is contained — and firms like CrowdStrike and Mandiant have validated their findings — the potential exposure is massive. CISA and the UK’s NCSC have issued emergency directives urging organizations to patch immediately, harden BIG-IP appliances, and tighten network visibility. Given BIG-IP’s critical role in global infrastructure, this isn’t a drill — it’s a wake-up call for defenders everywhere. https://my.f5.com/manage/s/article/K000154696 https://www.securityweek.com/f5-hack-attack-linked-to-china-big-ip-flaws-patched-governments-issue-alerts/ https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/

The Real Cost of Cyber Risk in 2025: What Cyentia’s IRIS Study Reveals

 

The Cyentia Institute’s 2025 Information Risk Insights Study (IRIS) is here — and this year’s theme is Time. Tracking over 150,000 cybersecurity incidents from 2008 to 2024, the data reveals just how fast (and how far) cyber risk has evolved. Here’s what stood out: * 3,000 major security incidents now occur every quarter — a 650% increase in 15 years. * Average losses have soared from $190,000 to nearly $3 million. * Smaller businesses (under $100M in revenue) now represent the largest share of incidents, shattering the myth that they’re too small to target. Cyentia’s mission: cut through the fog of fear, uncertainty, and doubt — and help you see risk more clearly. Plixer’s mission: give IT and SecOps teams the visibility and control to do something about it — turning network flow data into actionable insights for faster detection, investigation, and response. Understanding time and risk together can reshape how you protect your organization. https://www.cyentia.com/wp-content/uploads/2025/06/IRIS-2025.pdf

1.5 Billion Salesforce Records at Risk at Scattered Lapsus$ Hunters Dark Web Site

 

A new wave of extortion attacks is targeting Salesforce environments across major companies — and the scale is massive. A group calling itself the Scattered Lapsus$ Hunters, reportedly linked to ShinyHunters, Lapsus$, and Scattered Spider, claims to have stolen 1.5 billion Salesforce records. The stolen data allegedly includes personal info, shipping details, and even chat transcripts from integrations with the Salesloft Drift chatbot. The attackers have already listed 39 major brands — including Disney, Cisco, McDonald’s, IKEA, and FedEx — on a dark web data leak site, demanding ransom not just from victims but from Salesforce itself. If payments aren’t made, they threaten to leak the data publicly after October 10. While Salesforce maintains that its platform wasn’t directly breached, the incident highlights a growing truth: third-party integrations are now one of the biggest attack vectors in modern supply chains. Stay alert. Audit your integrations. Trust, but verify. https://plixer.zoom.us/webinar/register/WN_vdUGj1AwSdyPMcUSyiWS_Q#/registration

Cisco Confirms Multiple Zero-Days Under Active Attack — Millions of Devices at Risk

 

Probably the biggest cybersecurity news this week: Cisco has confirmed multiple critical zero-day vulnerabilities across its platforms — and attackers are already exploiting them. What’s happening: * Over 2 million Cisco devices potentially exposed. * SNMP stack overflow: crash devices or run code as root with low-privileged credentials. * Critical Web Services flaw (CVSS 9+): remote unauthenticated code execution on Cisco Secure Firewalls and low-privileged attacks on IOS devices when VPN or TTP services are enabled. * CISA Emergency Directive: federal agencies must patch or disconnect Cisco devices within 24 hours — everyone else should act now. * No workarounds: upgrade immediately and restrict SNMP/Web Services to trusted hosts until patched. Why it matters: These vulnerabilities are being actively exploited right now — not theoretical. They can lead to total device compromise of routers, switches, ASA, and Firepower Systems worldwide. Take Action: Patch, limit exposure, and monitor your logs, metrics, and traces — the hallmarks of observability. I’m Peter with Plixer — Like and Subscribe to stay ahead of the latest cyber threats. https://www.darkreading.com/vulnerabilities-threats/cisco-actively-exploited-zero-day-bugs-firewalls-ios https://arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/

Scattered Spider Hacker Busted by Food Orders & Gaming Accounts

 

Saturday Security usually focuses on doom and gloom — breaches, leaks, and ransomware. But this week’s story is almost cinematic. The Scattered Spider hacking crew allegedly extorted $115 million from more than 200 victims — even breaching the U.S. Federal Court network — only to get caught through food deliveries, crypto wallets, and gaming accounts. According to the Justice Department, 19-year-old Thalha Jubair and his team used help desk calls to hijack admin accounts, steal sensitive data, and lock down entire organizations. Some victims reportedly paid $25 million and $36 million ransoms to regain access. Investigators traced the group’s activity through cryptocurrency wallets, Uber Eats, and Steam gaming profiles, seizing $36 million in crypto and charging Jubair with over 100 counts of computer intrusion. He now faces up to 95 years in prison. It’s a wild reminder of how quickly social-engineering hacks can blow up — and how quickly they can unravel. Hit like and subscribe for more Saturday Security stories that go behind the headlines.

Vidar Infostealer Strikes Back — Inside the Updated Malware-as-a-Service Threat

 

The infamous Vidar infostealer is back — and it’s stealthier than ever. First spotted in 2018, Vidar has evolved into a powerful malware-as-a-service platform capable of stealing credentials, cookies, financial data, authentication tokens, and more from compromised systems. Aryaka’s latest research on Vidar’s newest campaign explains: • Encrypted command-and-control (C2) channels • Abuse of built-in Windows tools and PowerShell • Covert exfiltration and bypass of Windows Defender and AMSI • Randomized directories, filenames, and hidden scheduled tasks • Hooks into browser APIs to snatch passwords before encryption They also cover actionable defenses to protect yourself and your organization: user education, PowerShell hardening, anomaly detection, layered DNS filtering, secure email/web gateways, and EDR tools. Vidar isn’t going away — but with the right visibility, layered defenses, and Plixer One you can stay one step ahead. https://www.darkreading.com/endpoint-security/vidar-infostealer-back-with-vengeance https://siliconangle.com/2025/09/04/vidar-infostealer-gains-traction-among-cybercriminals-ease-use-drives-adoption/