In this week’s report: Oracle and Microsoft patch advisories to mobile smishing campaigns and file-handling vulnerabilities, attackers continue to exploit both enterprise systems and everyday user tools. Here’s what you need to know and prioritise.
A critical zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite (EBS) versions 12.2.3–12.2.14 has been actively exploited in the wild, allowing unauthenticated remote code execution via the BI Publisher Integration component. The UK’s NCSC issued an alert and directed organisations to patch immediately. A related vulnerability (CVE-2025-61884) was patched in mid-October. Threat actor group Cl0p is reported to have leveraged the flaw for data theft and extortion against large enterprises.
Many health systems rely on Oracle EBS for finance, procurement and supply-chain operations. Exploitation could allow attackers to exfiltrate data or disrupt core operational systems—particularly damaging in health-care, where continuity and data integrity are critical.
Recommendations:
Inventory all Oracle EBS instances and apply patches for CVE-2025-61882/61884.
Isolate or protect internet-facing EBS modules behind a WAF and access restrictions.
Monitor logs and outbound traffic for unusual template changes or large data exports.
Test backups and restoration for EBS in case of extortion or ransomware impact.
Oracle’s roll-up advisory (CVE-2025-53072 and CVE-2025-62481) fixes two new vulnerabilities in the Marketing Administration component of Oracle EBS 12.2.x (CVSS 9.8). Unsupported releases (r11–r12.1) remain vulnerable and must be upgraded or isolated. These flaws reinforce that the EBS attack surface is actively being probed and exploited.
Finance and procurement systems in health-care rely heavily on EBS integrations with vendors and logistics partners. Exploitation could cause procurement delays, payment fraud or data loss affecting patient-care operations.
Recommendations:
Apply the latest Oracle EBS patches across all modules.
Upgrade unsupported EBS instances or isolate them from production networks.
Audit vendor and third-party integrations for excessive permissions.
The October 2025 Patch Tuesday release included 175 vulnerabilities, with three under active exploitation and three publicly disclosed. Windows 10 reached end-of-life on 14 October 2025, meaning no further updates will be provided. NHS England highlighted this in Cyber Alert CC-4708, warning that unsupported systems present a growing attack vector.
Windows devices underpin nearly every hospital and clinic workflow. Running outdated or unsupported OS versions exposes patient-care operations to ransomware and service outages.
Recommendations:
Apply all October 2025 Microsoft patches, prioritising internet-facing systems. Identify and plan immediate migration for any devices still on Windows 10.
Palo Alto Networks Unit 42 uncovered a global smishing operation responsible for more than 194,000 malicious domains since January 2024. Attackers send fake SMS messages impersonating banks, couriers, and even health organisations, luring victims to credential-stealing sites or malware downloads. The infrastructure’s vast scale means that new domains replace blocked ones almost instantly, keeping the campaign highly resilient.
Health-care staff increasingly use mobile devices for work. A single compromised device could leak credentials or give attackers a route into NHS or supplier networks.
Recommendations:
Run regular awareness training focused on SMS-based phishing.
Enforce mobile-device management and disable unverified app installations.
Monitor mobile access patterns for anomalies and enforce MFA for all sensitive systems.
Two high-severity vulnerabilities in the widely used 7-Zip archiver allow crafted ZIP files to overwrite arbitrary system files, potentially leading to remote code execution. The flaws arise from improper handling of symbolic links during extraction. Fixed in version 25.01, older versions remain exploitable—particularly in automated or high-privilege workflows.
Hospitals and labs frequently share compressed data such as imaging files and vendor updates. Malicious ZIPs could deliver malware into internal networks or medical devices via legitimate exchange channels.
Recommendations:
Update all 7-Zip installations to version 25.01 or later.
Quarantine incoming archive files from external sources until scanned.
Review automated extraction processes to ensure least-privilege execution.
This week's report highlights an important pattern: attackers will continue exploiting both enterprise-grade systems (Oracle EBS, Windows) and everyday utilities (mobile SMS, 7-Zip). Prioritising patch management, mobile-security controls, and staff awareness will yield the best short-term protection gains.
Need help prioritising threats or developing a proactive patch and detection plan? Contact us about our threat intelligence service.