Security Check-in Quick Hits: Windows 10 EoL Risks, Oracle Zero-Day Exploits, Salesforce Data Leaks, RondoDox Botnet Rampage, Aisuru DDoS Assaults, and SonicWall VPN Breaches
For October 14, 2025
Navigating the End of Windows 10: A Cybersecurity Wake-Up Call
As of October 14, 2025, Windows 10 has officially reached its end-of-life (EoL), marking the cessation of all security updates, feature improvements, and technical support from Microsoft. This milestone, long anticipated since its announcement years ago, leaves a staggering number of systems vulnerable in an increasingly hostile digital landscape.
Analysis from TeamViewer, based on 250 million anonymized connections between July and September 2025, reveals that over 40% of global endpoints still rely on Windows 10. A separate survey by Cloudhouse of 135 finance IT leaders found that 60% of organizations are running unsupported Windows versions on servers and desktops, with 90% grappling with “Windows technical debt” that diverts resources from innovation to mere maintenance. While no high-severity zero-days are currently known for Windows 10, the absence of future patches opens the door to threats like device takeovers and data exfiltration.
The implications are particularly acute for sectors like finance, where legacy systems drain budgets and stall digital transformation. Organizations must prioritize migration strategies now—95% of surveyed leaders want to shift focus to strategic projects, and nearly 90% plan infrastructure modernization within 24 months. Low-risk pathways, such as upgrading to Windows 11 or leveraging compatibility tools, are essential to mitigate these risks. In a world where cyber threats evolve daily, clinging to unsupported software isn’t just outdated—it’s dangerous.
Oracle Zero-Day Chaos: Harvard Breach Highlights Enterprise Vulnerabilities
A critical zero-day vulnerability in Oracle’s E-Business Suite (EBS), tracked as CVE-2025-61882, has been actively exploited by the Clop ransomware gang, leading to widespread data theft campaigns. This flaw allows unauthorized access to sensitive data, with exploits dating back to early August 2025. Clop, infamous for targeting zero-days in software like MOVEit and GoAnywhere, has used this bug to steal data and extort victims, demanding ransoms to avoid public leaks.
Harvard University emerged as a high-profile victim when added to Clop’s data leak site, with the breach linked to a small administrative unit affecting a limited number of parties. Oracle swiftly issued an emergency patch, and Harvard applied it upon notification, stating the issue impacts many EBS customers and isn’t isolated to them. No evidence of broader compromise at Harvard was found, but the university continues monitoring.
This incident underscores the perils of unpatched enterprise software, where a single flaw can cascade into mass extortion. With Clop listing more victims and sending extortion emails, organizations must emphasize rapid patching and vulnerability management to prevent similar fates. In 2025’s threat landscape, proactive defense isn’t optional—it’s survival.
Salesforce Data Leaks: Hackers Dump Billions of Records After Extortion Fails
The Scattered LAPSUS$ Hunters hacking group has escalated a major data breach campaign targeting Salesforce customers, leaking millions—potentially up to 1 billion—records after failed ransom demands. The breach, linked to extortion via the recently disrupted BreachForums, involves personal data like names and phone numbers from around 40 customers.
Following the FBI’s seizure of BreachForums domains in collaboration with French authorities, the group launched a new leak site and released stolen data, including from major British retailers. Salesforce investigated with experts and authorities, acknowledging extortion attempts but not specifying breach details. The leaks accelerated after Salesforce refused to pay, highlighting the group’s aggressive tactics.
This wave of leaks exposes the fragility of cloud-based CRM systems and the risks of inadequate access controls. Affected organizations should monitor for identity theft, enforce multi-factor authentication, and audit third-party integrations. As ransomware evolves into pure extortion, robust data governance is key to weathering these storms.
RondoDox Botnet: Exploiting Dozens of Flaws in a Global Assault
The RondoDox botnet, active since June 2025, is weaponizing over 50 vulnerabilities across more than 30 vendors, targeting IoT devices like routers, DVRs, CCTV systems, and web servers in a “shotgun” approach to infections. Operators rapidly incorporate newly disclosed flaws, such as those from Pwn2Own contests, into their arsenal, leading to widespread compromises.
This hit-and-run strategy has fueled a large-scale campaign, with upticks in activity noted by researchers from Trend Micro and Broadcom. The botnet’s exploits include CVE-2023-series flaws, enabling quick leveraging of edge vulnerabilities in consumer and enterprise devices.
With global reach, RondoDox amplifies DDoS and other attacks, stressing the need for timely patching and network segmentation. Device owners should update firmware immediately and monitor for unusual traffic. As botnets like this proliferate, vigilance against unpatched IoT remains a frontline defense.
Aisuru DDoS Botnet: Blanketing US Networks in Unprecedented Floods
The Aisuru botnet, the largest IoT-based DDoS network with over 300,000 compromised devices, has unleashed record-breaking attacks, peaking at 29.6 Tbps in early October 2025. Built on Mirai code, it infects vulnerable routers, cameras, and DVRs via zero-days and default credentials, growing rapidly after absorbing nodes from the dismantled Rapper Bot.
Primarily targeting Minecraft servers and gaming hosts like TCPShield and Cosmic, Aisuru causes collateral outages through network congestion. Attacks have hit 22 Tbps in September and 15 Tbps on October 8, overwhelming US ISPs like AT&T, Comcast, and Verizon, which contribute the bulk of traffic.
Operators rent it out for proxies and cybercrimes, exacerbating impacts. US ISPs face outbound suppression challenges, with mitigation costs soaring. To counter, secure IoT devices, enable auto-updates, and deploy DDoS protections—re-infection is swift without these measures.
SonicWall VPN Widespread Compromises: A Surge in Credential-Based Attacks
Over 100 SonicWall SSL VPN accounts across 16 customers have been compromised in a spike starting October 4, 2025, with attackers using valid credentials for rapid access. Originating from IP 202.155.8[.]73, intrusions involve network scanning and Windows account probes, separate from a recent MySonicWall backup file exposure containing sensitive configs.
This aligns with ransomware like Akira exploiting flaws such as CVE-2024-40766 for initial access, leading to escalation and exfiltration. No direct link to the backup breach, but exposed data could aid attacks.
Users should reset credentials, restrict WAN access, revoke API keys, monitor logs, and enforce MFA. Patching promptly is crucial amid rising threats—ignoring these steps invites deeper breaches.