From infrastructure vendors to online gaming and airline systems, cybercriminals are exploiting every layer of the digital supply chain. This week’s biggest incidents highlight how fast these attacks are evolving, leveraging zero-day vulnerabilities, source code theft, and IoT botnets to compromise enterprise software.
Below are the top zero-day vulnerabilities and related cyber threats to track this week, plus key steps to help your organization mitigate them.
F5 Supply-Chain Breach Reveals Source Code Theft
A recently discovered F5 Networks breach, impacting load balancers, web application firewalls, and NGINX tools, has exposed how deeply zero-day vulnerabilities can infiltrate the digital supply chain. Reports confirm that attackers maintained access to F5’s internal systems for over a year, stealing sensitive source code and proprietary vulnerability research before detection.
The breach poses significant risks: F5’s BIG-IP products are widely deployed across Fortune 500 companies, cloud service providers, and U.S. federal agencies. This creates cascading exposure across critical infrastructure and third-party systems dependent on F5 technologies.
Key Takeaways:
- Attackers maintained persistent access for over a year.
- Stolen assets include source code and internal vulnerability research.
- CISA and F5 issued joint alerts urging immediate patching of BIG-IP and NGINX devices.
- Compromised APIs and admin interfaces could enable further exploitation.
See the full F5 Security Advisory and CVE Patch Guidance for remediation steps.
Mitigation Guidance:
To protect against active threats stemming from the F5 supply-chain breach and potential zero-day vulnerabilities, organizations should act immediately:
- Apply all recent firmware and security updates released by F5 to patch exposed systems.
- Rotate and secure administrative credentials across all BIG-IP and NGINX devices.
- Restrict external access to device management interfaces and require multi-factor authentication (MFA) for all admin accounts.
- Segment network management zones to limit lateral movement in case of compromise.
- Continuously monitor for suspicious logins or data exfiltration attempts that could signal attackers exploiting stolen source code or internal flaws.
Implementing these mitigation measures will significantly reduce the risk of exploitation through zero-day vulnerabilities and strengthen your organization’s overall incident response posture.
6 Tbps DDoS Attack Hits Global Gaming Infrastructure
One of the largest DDoS attacks ever recorded recently struck Gcore, a major hosting and CDN provider supporting global gaming infrastructure. The 6 terabits-per-second (Tbps) assault briefly disrupted operations worldwide, demonstrating how modern botnets and zero-day vulnerabilities can amplify the scale of cyberattacks.
Security researchers linked the attack to the AISURU botnet, fueled by thousands of compromised IoT and cloud-based systems. The coordinated strike reportedly peaked at over 5 billion packets per second (pps), placing it among the top ten DDoS attacks ever documented.
Key Takeaways:
- 6 Tbps DDoS peak ranks among the largest in history.
- Attack attributed to the AISURU botnet, leveraging compromised IoT devices.
- Targeted Gcore’s cloud gaming and real-time infrastructure.
- Highlights the growing overlap between botnet-driven DDoS attacks and zero-day vulnerability exploitation.
Mitigation Guidance:
To protect against large-scale DDoS attacks and related zero-day vulnerabilities, organizations should strengthen both network defenses and incident response planning:
- Verify DDoS readiness with internet service providers (ISPs) and content delivery networks (CDNs), ensuring they have active mitigation and traffic scrubbing capabilities.
- Implement rate-limiting and filtering tools to detect and deflect abnormal traffic spikes before they disrupt operations.
- Update incident response playbooks to include procedures for rapid failover, geographic traffic distribution, and temporary isolation of compromised systems.
- Continuously monitor network traffic for sudden bursts or anomalies that may indicate botnet test runs or early-stage probing of zero-day exploits.
These proactive steps can significantly reduce downtime, maintain service availability, and limit exposure from attacks leveraging zero-day vulnerabilities
Oracle Exploit Enables Attack on Envoy Air Systems
Envoy Air, a regional affiliate of American Airlines, recently confirmed a cyberattack tied to an unpatched zero-day vulnerability in Oracle E-Business Suite (EBS). The incident, linked to the Cl0p ransomware group, exposed internal and operational data, though customer payment systems reportedly remained unaffected.
Investigations revealed that attackers exploited Oracle EBS versions 12.2.3 through 12.2.14, taking advantage of systems that had not yet applied the fixes from Oracle’s October 2025 Critical Patch Update (CPU). The breach underscores how quickly threat actors can weaponize zero-day vulnerabilities in enterprise applications before organizations deploy patches.
Key Takeaways:
- Impacted Oracle EBS versions: 12.2.3 – 12.2.14.
- Cl0p ransomware group identified as the primary threat actor.
- Oracle’s October 2025 CPU includes critical patches addressing this vulnerability.
Read the full Oracle CPU: October 2025 Security Advisory for patch details and remediation guidance.
Mitigation Guidance:
To defend against the Oracle E-Business Suite (EBS) zero-day exploit, organizations should take immediate action to secure their ERP environments:
- Apply Oracle’s October 2025 Critical Patch Update (CPU) without delay to address known and potential zero-day vulnerabilities.
- Isolate exposed ERP systems from public-facing networks until full patch validation is complete.
- Verify and tighten role-based access controls (RBAC), ensuring that only authorized users have administrative privileges.
- Enforce multi-factor authentication (MFA) across all business and ERP user accounts to prevent credential-based compromise.
- Conduct a full ERP system audit to detect unauthorized scripts, outbound data transfers, or lateral movement indicators.
- Implement continuous vulnerability scanning and user access reviews to maintain ongoing visibility and compliance with Oracle’s security advisories.
These proactive steps will help organizations prevent future exploitation attempts and strengthen defenses against both zero-day vulnerabilities and ransomware-driven attacks.
What These Threats Reveal About the Modern Attack Surface
These recent high-impact incidents, a supply-chain breach, a 6 Tbps DDoS attack, and an Oracle zero-day exploitation, reveal how today’s interconnected digital ecosystems expand the global attack surface. Threat actors are now exploiting every layer of enterprise infrastructure, from third-party software and IoT devices to ERP platforms and cloud-based services.
Defending against these evolving threats requires a proactive approach, one that integrates zero-day vulnerability management, continuous monitoring, and incident response readiness to reduce risk before exploitation occurs.
Partner with RSI Security to build resilience across your digital environment, safeguard against zero-day attacks, and stay ahead of emerging cyber threats.
External Vulnerability Assessment →
Internal Vulnerability Assessment →
Contact Us Now!
