Comprehensive Threat Exposure Management Platform
Hive Pro recognized in Gartner® Magic Quadrant™ for Exposure Assessment Platform, 2025 Watch platform in action
For a detailed threat digest, download the pdf file here
In October, the cybersecurity arena drew significant attention due to the active exploitation of eleven zero-day vulnerabilities. Among them, CVE-2025-61932 affects Motex’s Lanscope Endpoint Manager (on-premises), allowing remote adversaries to run arbitrary commands on endpoints by sending specially crafted packets, a threat leveraged in real-world attacks since April 2025.
During this period, ransomware attacks surged, with variants such as FunkLocker, Cl0p, Medusa, and Qilin aggressively targeting victims. FunkLocker is an AI-assisted ransomware from FunkSec that encrypts files with AES‑256/RSA‑2048, appends .funksec, and demands low ransoms to maximize victim payouts. CVE-2025-61882, is an unauthenticated remote code execution flaw in Oracle E-Business Suite (EBS). This weakness has been actively exploited by the Cl0p ransomware group since August 2025, with attack frequency surging after a proof-of-concept exploit was leaked in October 2025 by the collective known as Scattered Lapsus$ Hunters.
Concurrently, fourteen threat actors have engaged in various campaigns. Iran-linked MuddyWater has been phishing government and critical infrastructure entities across the Middle East and North Africa, deploying the Phoenix backdoor for intelligence collection. Water Saci, which spreads the SORVEPOTEL malware through WhatsApp, demonstrating the expanding reach of social engineering tactics. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.
Subscribe to receive our weekly threat digests and alerts directly in your inbox.
