Cyber Insights series: October 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. October 2025 saw a wave of targeted attacks across education, aviation, and iGaming – highlighting the evolving tactics of threat actors and the critical need for sector-specific resilience.

Craig Lusher, Product Principal of Secure Solutions, dives into three major incidents that dominated headlines during the month.

Harvard University: Zero-day exploit hits academic giant

Harvard University is investigating a breach linked to the cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution. The ransomware group is believed to be Clop.

The breach was listed on a data leak website on October 12 with over 1 Tb of information allegedly stolen. The attackers targeting Oracle’s customers are linked to the exploitation of known and zero-day vulnerabilities, as well as the deployment of sophisticated malware.

Harvard confirmed that the vulnerability exploited by the hackers has now been patched.

C8 Secure perspective: This incident is a stark reminder of how unpatched systems and legacy software can become entry points for sophisticated attacks. It also shows the increased risk posed by software supply chain vulnerabilities.

WestJet: 1.2 million passengers affected in data breach

While the data breach took place earlier in the year, Canada’s second-largest airline, WestJet, recently disclosed a breach affecting 1.2 million passengers. The airline found that a range of customers’ personal information was accessed by the third party, including names, contact details and information provided when making reservations for travel.

The airline has notified affected individuals and launched a forensic investigation in collaboration with federal authorities. But details on how the attack was carried out were not shared.

C8 Secure perspective: There have been several high-profile cyber incidents in aviation and the travel industry in recent months. Generally, we are seeing cybercriminals target data theft rather than operational disruption.

Fast Track: Isolated attack on iGaming CRM platform

Fast Track, a leading CRM provider for the iGaming industry, reported an isolated cyber attack targeting its infrastructure, specifically targeting two clients operating on its platform. The company confirmed that no customer data was compromised and that the incident was contained swiftly.

C8 Secure perspective: Fast Track’s response demonstrates the value of preparedness and rapid containment. In high-velocity industries like iGaming, where uptime and trust are paramount, proactive defense and transparent communication are key to maintaining customer confidence.

Key takeaways

• Patch management is non-negotiable: Harvard’s breach shows how delays in applying security updates can have serious consequences.
• Third-party risk is growing: Many incidents we are seeing underscore the importance of vendor oversight.
• Preparedness pays off: Fast Track’s swift containment highlights the benefits of layered security and incident response planning.

Cybersecurity solutions for a safer tomorrow

As we approach year-end, organizations must double down on cyber hygiene, vendor risk management, and threat detection capabilities. The threat landscape is evolving – so must our defenses.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started