Cyber Brief: Capita Fine, Microsoft Zero-Days, Oracle Patch, AMD Flaw and Gladinet Exploit

As regulatory action intensifies and new vulnerabilities emerge, today’s Cyber Brief highlights why staying proactive is vital for UK organisations. From major fines to zero-day patches and hardware flaws, these developments underscore the importance of visibility, vendor assurance, and continual testing.

Capita fined £14 million over 2023 data breach

The Information Commissioner’s Office (ICO) has fined outsourcing provider Capita £14 million for failing to prevent a 2023 cyberattack that exposed sensitive data belonging to local authorities, pension schemes, and corporate clients. The ICO’s findings cite inadequate security controls, outdated systems, and insufficient monitoring as key failings.

Capita’s breach affected tens of thousands of records and disrupted critical public services. The fine follows months of regulatory pressure for suppliers handling citizen or financial data to strengthen controls.

Why it matters: The case signals tougher enforcement across the UK public-private ecosystem. For SMEs or subcontractors, third-party accountability and compliance maturity are no longer optional — they are expected.
Source: The Guardian / Reuters

Microsoft’s final Windows 10 patch fixes six active zero-days

Microsoft’s October 2025 “Patch Tuesday” release includes fixes for over 170 vulnerabilities, six of which were actively exploited. This marks the final round of updates for Windows 10 before official support ends. Organisations running legacy systems without Extended Security Updates (ESU) will now receive no further fixes.

Why it matters: Unsupported systems are magnets for attackers. UK organisations should fast-track migrations to Windows 11 or isolate legacy endpoints immediately to prevent unpatched systems from becoming a foothold for intrusion.
Source: Infosecurity Magazine / Microsoft Security Response Center

Oracle issues urgent E-Business Suite patch amid extortion activity

Oracle has released an emergency update to close CVE-2025-61884, a flaw in its E-Business Suite that allows unauthenticated remote access. Threat actors, reportedly linked to the ShinyHunters group, have leveraged the exploit for extortion and data theft campaigns against unpatched instances.

Why it matters: Enterprise resource planning (ERP) systems often sit at the core of business operations. A compromise here can expose financial and supply-chain data — patch prioritisation and regular testing are essential.
Source: TechRadar / Oracle Advisory

“RMPocalypse” hardware flaw threatens virtual machine isolation

Researchers have disclosed CVE-2025-0033, dubbed “RMPocalypse”, a vulnerability in AMD processors that undermines Secure Encrypted Virtualisation (SEV-SNP). The bug could let attackers or malicious hypervisors bypass isolation controls to read data from protected virtual machines. Firmware updates have been issued to mitigate risk.

Why it matters: For cloud-hosted workloads and managed environments, this flaw could expose cross-tenant data. IT teams should apply firmware patches promptly and verify their hosting provider’s remediation timeline.
Source: Bank Info Security / AMD Security Bulletin

Gladinet file-sharing zero-day exploited with no vendor patch

A new zero-day (CVE-2025-11371) affects Gladinet’s CentreStack and Triofox enterprise file-sharing tools. The flaw enables unauthenticated remote-code execution and has been exploited in the wild. As of publication, no vendor patch is available; only temporary mitigations exist.

Why it matters: Secure-file-transfer tools have become recurring entry points for ransomware. Organisations using Gladinet products should disable external exposure and monitor for suspicious file-access activity until a permanent fix is released.
Source: Cybersecurity News / The Hacker News

🔍 Today’s Key Actions

1. Review supplier assurance and data-handling agreements — ensure clear security accountability clauses.
2. Migrate or isolate any Windows 10 systems; enable ESU only as a short-term bridge.
3. Patch Oracle E-Business Suite immediately and validate system integrity post-update.
4. Apply AMD firmware updates and confirm your cloud or hosting providers have done the same.
5. Restrict Gladinet / Triofox external access and monitor logs for unusual activity until fixes are available.

💬 Secarma Insight

Each of today’s stories points to one principle: security maturity must be continuous, not reactive. At Secarma, our ACT Framework – Advise, Certify, Test – helps organisations strengthen resilience across every layer, from patch management to supplier assurance.
Get in touch with us to discuss how we can help you identify and close emerging risks.