In partnership with
⏱️ ≈ 8-minute read
Editor’s Note: Between a state-linked breach that’s got firewalls sweating and pranksters who managed to DDoS traffic using cars, this week’s feed reminds us that “connected” cuts both ways. Also, if you’re running Oracle, consider this your weekend plans: patch, coffee, repeat.
📬 This Week’s Clickables
📌 Big News – 🔥 F5’s nation-state breach and Oracle’s zero-day panic
🚨 Can’t Miss – Qantas leak, phishing execs, and a quiet legal expiration
🤖 AI in Cyber – Autonomous espionage, AI-driven disinfo, and new defenses
🧪 Strange Cyber Story – How pranksters staged the world’s first “Waymo DDoS”
🚨 Big Stories
🔥 F5 breach reveals long-term compromise, China-linked actor ties, and triggers CISA emergency directive
Intro:
The firewall giant known for protecting others just became the story itself.
What Happened:
F5 confirmed that attackers infiltrated its internal systems, stealing BIG-IP source code and internal vulnerability research. According to U.S. officials, the compromise traces back to a China-linked state actor that’s been targeting infrastructure providers. In response, CISA issued Emergency Directive ED 26-01, requiring all federal agencies to inventory, patch, or replace affected F5 devices immediately.
Why It’s Important:
The stolen source code and exploit research could enable adversaries to craft new zero-days against thousands of global deployments — including critical infrastructure and government systems.
The Other Side:
F5 insists the breach is contained and that customer-facing services were not directly impacted, but experts argue that the real danger lies in what attackers can now build from what they stole.
👉 Takeaway: The F5 hack is more than a breach — it’s a blueprint for future exploits.
TL;DR: When your firewall vendor gets hacked, patching becomes a race, not a routine.
Further Reading:
The first “recorded” social engineering attack wasn’t digital — two brothers hacked France’s telegraph network in 1834 to front-run bond trades. (Smithsonian Magazine)⚙️ Oracle scrambles to patch new zero-days amid exploit waves
Intro:
Oracle’s quarterly patch cycle just got hijacked by a pair of live exploits.
What Happened:
The company rushed out fixes for CVE-2025-61884 and CVE-2025-61882, both being actively exploited in the wild — reportedly by Cl0p ransomware operators targeting Oracle E-Business Suite instances.
Why It’s Important:
These vulnerabilities allow remote code execution and are already being used in real attacks. For enterprises slow to patch, the damage window is wide open.
The Other Side:
Oracle says the patches are “simple to deploy,” but admins know better — many environments can’t upgrade without planned downtime.
👉 Takeaway: Delay is risk. If Oracle’s in your stack, patch now or expect an uninvited guest later.
TL;DR: Two zero-days, one vendor, zero excuses.
Further Reading:
Go from AI overwhelmed to AI savvy professional
AI will eliminate 300 million jobs in the next 5 years.
Yours doesn't have to be one of them.
Here's how to future-proof your career:
Join the Superhuman AI newsletter - read by 1M+ professionals
Learn AI skills in 3 mins a day
Become the AI expert on your team
🔥 Can’t Miss
✈️ Qantas data leak: 5 million customers’ records exposed
After ransom talks collapsed, hackers dumped personal data of 5 million Qantas customers from a compromised Salesforce database. While payment details weren’t included, loyalty account numbers and contact info were — enough to enable targeted scams and fraud.
👉️ Third-party SaaS remains the soft underbelly of enterprise security, and this one hits a national brand where it hurts: trust.🧑💼 Many IT leaders admit clicking phishing links — and don’t report them
A new Arctic Wolf survey revealed 65% of IT execs have fallen for phishing — and 17% never reported it. The top reason? Fear of embarrassment or job impact. The result is a silent failure of reporting culture that undercuts response readiness.
👉️ If leadership hides mistakes, your SOC’s blind spot starts at the top.🏛️ U.S. Cybersecurity Information Sharing Act (CISA) expires
The federal law that empowered government–industry threat sharing expired quietly on Oct. 1, caught in budget deadlock. Without a replacement, information flow between sectors could slow dramatically — just as coordinated AI-driven attacks rise.
👉️ Without visibility, even the best defense tools operate half-blind.
The Gold standard for AI news
AI keeps coming up at work, but you still don't get it?
That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.
Here's what you get:
Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.
Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.
New AI tools tested and reviewed - We try everything to deliver tools that drive real results.
All in just 3 minutes a day
🤖 AI in Cyber
🕵️ Nation-states escalate AI-driven cyberattacks
Microsoft reports that Russia, China, Iran, and North Korea are using AI to supercharge disinformation and phishing operations. Deepfake content and automated narratives are spreading faster and more convincingly than before.
👉️ The line between propaganda and cyberwarfare is officially gone — and machine-generated.⚔️ AI-powered attacks now drive over half of all cyber incidents
Microsoft’s MDR data shows that over 50% of cyber incidents now involve AI tools — from large-scale phishing automation to adaptive malware generation. The AI attack cycle is faster, stealthier, and often fully autonomous.
👉️ If you’re not using AI defensively, you’re fighting a losing battle against math.🧠 U.K. spy chief warns of autonomous AI threats
MI5’s director general warned that autonomous AI systems could conduct influence ops and election interference without human oversight. His message: the real danger isn’t “killer robots,” but the unchecked speed and scale of digital manipulation.
👉️ Oversight lags behind automation — and that’s the true existential risk.🧩 Russian hackers weaponize AI across phishing and malware
Russia-linked actors have launched 3,000+ AI-enhanced cyber incidents in Ukraine this year. The tech enables smarter targeting, polymorphic malware, and highly personalized lures at industrial scale.
👉️ The AI arms race has crossed from proof-of-concept to active battlefield.🧰 Google rolls out new AI-based security features for October
Google introduced new AI-powered defenses against synthetic media, phishing, and anomaly detection, aligning with Cybersecurity Awareness Month. The tools integrate directly into Workspace and Cloud Shield.
👉️ The defenders’ counterpunch: smarter detection through smarter context.
🧟♂️ Strange Cyber
🚗 Self-driving cars jammed by prank “cyberattack”
Intro:
The world’s first “Waymo DDoS” didn’t happen online — it happened in a cul-de-sac.
What Happened:
A San Francisco prankster summoned 50 autonomous Waymo cabs to the same dead-end street, paralyzing traffic and baffling pedestrians. The AI-driven cars froze, politely waiting for nonexistent human instructions.
Why It’s Important:
The stunt revealed that fleet systems lack safeguards against mass synchronized requests, making them vulnerable to prank-level denial-of-service attacks.
The Other Side:
Waymo called it “non-malicious misuse,” but researchers warn that if a single jokester can choke a street, coordinated bad actors could do far worse.
👉 Takeaway: The attack surface isn’t just your network anymore — it’s your neighborhood.
TL;DR: Who needs a botnet when you’ve got a fleet of confused taxis?
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!