24 Oct 2025
Week in review
Greetings,
Today we officially opened our Call for Tutorials for the AUSCERT2026 Conference, and we can’t wait to see the incredible submissions that come through. The standard rises every year, and we know 2026 will be no exception.
Submissions close 10 November, so get in early! For details on tutorial categories and submission tips, head to our conference website.
In case you missed it, we’ve also revealed our AUSCERT2026 theme: Game On!
Step into the cyber arena where defenders are the most valuable players, tactics are everything, and every move matters.
Game On! embodies the fast-paced, high-stakes nature of cyber security today where teamwork, quick thinking, and domain mastery are the keys to victory. With the threat landscape as our playing field, AUSCERT2026 challenges players to level up, unite under pressure, and face adversaries head-on. Featuring the International Cyber Championships, next year’s conference promises high-impact learning, fierce collaboration, and game-changing moments.
Because in this arena, the stakes are real and it’s Game On!
We look forward to welcoming you 19-22 May 2026 at The Star Gold Coast, Australia. Keep an eye out, registrations will open in January!
AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more
Date: 2025-10-20
Author: Bleeping Computer
AWS outage has taken down millions of websites, including Amazon.com, Prime Video, Perplexity AI, Canva and more.
The outage started approx 30 minutes ago and it's affecting consumers in all regions, including the United States and Europe.
According to AWS Health page, Amazon is aware of major disruption affecting multiple services.
Oracle Releases October 2025 Patches
Date: 2025-10-21
Author: Security Week
[AUSCERT has published security bulletins for these Oracle updates]
Oracle on Tuesday released 374 new security patches as part of its October 2025 Critical Patch Update (CPU), including over 230 fixes for vulnerabilities that are remotely exploitable without authentication.
There appear to be roughly 260 unique CVEs in Oracle’s October 2025 CPU advisory, including a dozen critical-severity flaws.
CISA Adds Microsoft, Oracle Vulnerabilities To KEV Catalog
Date: 2025-10-20
Author: The Cyber Express
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five CVEs to its Known Exploited Vulnerabilities (KEV) catalog today, including Microsoft, Apple and Oracle vulnerabilities.
Hidden "Glassworm" malware spreads through infected VS Code extensions
Date: 2025-10-21
Author: iTnews
A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters to hide malicious code from both reviewers and security tools, security researchers say.
The worm, named Glassworm, compromised seven extensions on the OpenVSX marketplace on October 17, reaching more than 10,700 downloads.
Email Bombs Exploit Lax Authentication in Zendesk
Date: 2025-10-17
Author: Krebs on Security
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week, KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession, each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord, GMAC, NordVPN, The Washington Post, and Tinder.
ESB-2025.7610 – Atlassian Products: CVSS (Max): 10.0
14 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.
ASB-2025.0198 – Oracle Communications Applications: CVSS (Max): 9.8
This Critical Patch Update contains 64 new security patches for Oracle Communications Applications. 46 of these vulnerabilities may be remotely exploitable without authentication.
ESB-2025.7565 – Rockwell Automation 1783-NATR: CVSS (Max): 10.0
This upgrade patches vulnerabilities where successful exploitation could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information.
ESB-2025.7544 – Samba: CVSS (Max): 10.0
USN-7826-1 fixed vulnerabilities in Samba where an authenticated attacker could possibly use this vulnerability to obtain sensitive information.
ESB-2025.7495 – Tenable Identity Exposure: CVSS (Max): 9.9
Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components (.NET) was found to contain vulnerabilities.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
