Threat Round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection highlights the key threat intelligence updates our team publishes daily, including the recent F5 breach by a nation-state actor, major patch releases from Microsoft and Oracle, and more.

F5 Breached by Nation-state Actor; BIG-IP Source Code & Vulnerability Data Stolen

F5 revealed that a nation-state actor accessed its internal systems, affecting a small number of customer files and vulnerability data. There’s no evidence of compromise to its software pipeline or customer-facing systems. At the DOJ’s request, disclosure was delayed for national security reasons. On October 15, F5 released patches for 44 vulnerabilities, and CISA has mandated agencies apply them by late October. 

Keep reading

Microsoft's Record-breaking October 2025 Patch Tuesday Fixes 175 Flaws

Microsoft’s October 14 update fixes 175 Windows flaws (195 total), including three zero-days under active attack and two publicly disclosed bugs. Critical issues include a removed modem driver, a Secure Boot flaw on IGEL thin clients, and a VPN privilege escalation. The update also ends free security patches for Windows 10, Office 2016/2019, and Exchange 2016/2019, urging users to upgrade or join the ESU program.

Keep reading

Oracle Issues Second Emergency Patch Amid Active EBS Exploitation

Oracle has released an emergency patch for CVE-2025-61884, a high-severity flaw in the Runtime UI component of Oracle Configurator, affecting E-Business Suite versions 12.2.3 through 12.2.14. The vulnerability allows unauthenticated remote access to sensitive data over HTTP and has been linked to threat actor ShinyHunters, who leaked exploit details online. No workaround exists, and Oracle urges all users to apply both recent EBS patches immediately to prevent exposure.

Keep reading

RondoDox Botnet Exploits 50+ Flaws Across 30 Vendors in Active Campaign

The RondoDox botnet was first detected on June 15, 2025, exploiting a TP-Link router flaw (CVE-2023-1389) first revealed at Pwn2Own 2022. By September, activity spiked as attackers began using a loader-as-a-service platform to distribute RondoDox and Mirai variants. The campaign mainly exploits command injection flaws—50 of 56 known—affecting popular SOHO devices from TP-Link, D-Link, Cisco, Netgear, and others now listed in CISA’s KEV catalog.

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: