Cyber Brief: Oracle Patch, Microsoft Update, UK Incident Rise

The cybersecurity landscape shows no signs of slowing, with fresh patching alerts, a surge in critical incidents, and ongoing supply-chain risks. Here’s what matters most for UK organisations today.

CISA issues emergency directive following F5 breach

A nation-state actor has been confirmed as the source of the recent compromise of F5’s engineering environment. In response, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing all US federal departments – and by extension, any enterprise using F5 BIG-IP products – to patch and verify configurations immediately. The breach may have exposed source code and sensitive configuration data, raising the risk of exploitation in connected environments.

The directive warns that unpatched or misconfigured F5 devices could allow remote code execution and network traversal. F5 has since released updated firmware and guidance for hardening management interfaces.

Why it matters: F5 load balancers, VPNs, and web-application firewalls are widely used across UK businesses. A single vulnerable appliance could provide attackers a route deep into your network. Apply the latest firmware, restrict admin access, and confirm segmentation between management and production networks.
Source: CISA

Oracle rushes patch for actively exploited zero-day

Oracle has released an out-of-band patch for a critical flaw (CVE-2025-61884) affecting multiple versions of its E-Business Suite platform. The vulnerability allows unauthenticated remote access and has already been leveraged by the ShinyHunters group in extortion campaigns. Exploitation can lead to full compromise of enterprise resource planning (ERP) systems, potentially exposing financial, HR, and procurement data.

Security teams are urged to prioritise the update ahead of next week’s standard maintenance cycles. Oracle has also reminded administrators to disable public exposure of EBS login portals and enforce network-layer restrictions.

Why it matters: ERP platforms underpin core business functions. Even a brief compromise could disrupt payroll, supplier transactions, and compliance workflows. UK firms using Oracle EBS should patch immediately and review access controls for all externally facing systems.
Source: Oracle Security Advisory

Microsoft fixes record number of vulnerabilities in October update

Microsoft’s October 2025 Patch Tuesday contained 172 fixes – the largest monthly release this year – including six zero-days under active exploitation. The most critical affect Windows kernel drivers, Exchange Server, and Office components. Several flaws allow privilege escalation or remote code execution without user interaction.

The company advises customers to apply updates promptly and monitor for abnormal activity, particularly in environments using Exchange or hybrid identity setups. Extended support for Windows 10 officially ended this week, meaning unsupported systems will no longer receive patches outside of paid Extended Security Updates.

Why it matters: The sheer scale of this patch cycle highlights the growing attack surface of modern enterprises. UK SMEs should prioritise patch automation, remove legacy Windows 10 devices where possible, and verify backups before deployment in case of compatibility issues.
Source: Microsoft Security Response Center

NCSC reports 50 percent rise in serious UK cyber incidents

The National Cyber Security Centre’s annual update has revealed a 50 percent increase in “highly significant” incidents, including attacks on local councils, healthcare providers, and financial institutions. Analysts attribute the rise to faster exploitation of newly disclosed vulnerabilities and more sophisticated supply-chain targeting by ransomware groups.

The NCSC is encouraging organisations to adopt continuous assessment models rather than annual audits, focusing on rapid patching, supplier assurance, and incident-response readiness.

Why it matters: The upward trend shows that attackers are adapting faster than traditional defence cycles. Embedding resilience through proactive testing, supplier vetting, and regular staff training is critical to minimising downtime and data loss.
Source: NCSC

🔍 Today’s Key Actions

1. Patch now: Apply F5, Oracle, and Microsoft updates without delay.
2. Review exposure: Disable unnecessary remote management and verify segmentation on network devices.
3. Harden suppliers: Re-check security clauses and patch cadence for key third parties.
4. Monitor systems: Use log analysis and EDR tools to detect anomalies linked to newly patched CVEs.
5. Educate teams: Brief staff on phishing and ransomware trends to reduce human-factor risk.

💬 Secarma Insight

Security maturity is built through consistency, not crisis response. Secarma’s ACT Framework — Advise, Certify, Test — helps organisations strengthen controls, validate suppliers, and stay ahead of evolving threats.

Get in touch with us to discuss how we can help you identify and close emerging risks.