Threat Brief: Qantas Leak and Oracle Zero‑Day

Qantas Data Leak

• Hackers known as Scattered Lapsus$ Hunters leaked personal records of five million Qantas customers after ransom demands were unmet.

• The breach is part of a larger campaign affecting over 40 companies and up to one billion customer records.

• Exposed data includes email addresses, phone numbers, birth dates and frequent flyer numbers.

• Analysts list 44 brands—including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea and Adidas—as victims. Qantas is offering 24/7 support and identity protection, but the leak underscores the risk of targeted phishing and identity fraud.

Oracle EBS Zero‑Day Exploitation

• Google’s Threat Intelligence Group and Mandiant report that a zero‑day flaw (CVE‑2025‑61882) in Oracle’s E‑Business Suite has been exploited, potentially impacting dozens of organizations.

• Attackers combined SSRF, CRLF injection, authentication bypass and XSL template injection to gain remote code execution.

• A high‑volume extortion email campaign started on September 29 2025, using credentials purchased from underground forums and claiming breaches of Oracle EBS.

• The campaign uses payloads such as GOLDVEIN.JAVA and SAGEGIFT to establish persistence. Oracle has issued patches, so prioritize applying them.

Other Notables:

• Trojanized npm packages – 175 malicious packages with 26 000 downloads used in credential phishing campaigns.

• Discord data exposure – a breach at a support vendor reportedly exposed data of 5.5 million Discord users.

Staying current on these incidents helps you refine your defenses. Patch vulnerable systems promptly, audit your dependencies and monitor for suspicious account activity.