• Forging Trust
  • Posts
  • The Discord Hack, Ransomware-as-a-Service, and MSP Incident Response

The Discord Hack, Ransomware-as-a-Service, and MSP Incident Response

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
October 08, 2025

🗨️ Exploring the October 2025 Discord Data Leak

The recent Discord breach is emblematic of rising risks in the world of supply chain compromises and third-party provider vulnerabilities. While Discord’s quick action and transparency are commendable, this incident is a call to action for tech companies and users alike: supply chain security is now as critical as protecting one’s core infrastructure...

🎙️The Get NIST-y Podcast!

Follow our compliance and information security podcast — now on Spotify!

☠️ The Shift in Cybercrime Targeting MSPs and Their Clients

The rise of Ransomware-as-a-Service has industrialized cybercrime, turning MSPs and their client networks into priority targets for organized threat actors. By understanding RaaS tactics and investing in layered security defenses, robust backups, and ongoing staff/client education, MSPs can minimize the risk of ransomware incidents and protect the trust that underpins their business relationships.

MSPs and Incident Response Plans — An Overview

For MSPs, incident response planning is a critical part of cybersecurity preparedness. With cyber threats targeting not only their own infrastructure but also their clients’ systems, MSPs face unique risks and high stakes when it comes to incident response.

⚠️ Threat Updates

🔴 Oracle E-Business Suite Zero-Day CVE-2025-61882 Mass Exploitation (10/6/25)

Researchers report active exploitation of CVE-2025-61882, a critical remote code execution zero-day affecting Oracle E-Business Suite (EBS) BI Publisher Integration (CVSS 9.8). Attackers — including the Cl0p ransomware group — are leveraging this unauthenticated, remotely exploitable flaw in versions 12.2.3 through 12.2.14 to gain privileged access, exfiltrate data, and potentially deploy ransomware. Patch was released October 4th, but weaponized proof-of-concept code is now public and attacks began prior to advisory release. All EBS customers should patch immediately, monitor for indicators of compromise (unusual network activity, CSRF headers, HTTP/1.2 traffic), and audit sensitive data access. » More Info

🔴 Microsoft Warns of Critical GoAnywhere MFT Zero-Day Exploitation (10/5/25)

Storm-1175, associated with Medusa ransomware campaigns, has been observed exploiting CVE-2025-10035 — a critical deserialization vulnerability (CVSS 9.8) in Fortra GoAnywhere Managed File Transfer's License Servlet. Attackers use the flaw to gain initial access to organizations, leading to extensive lateral movement and data theft. Security researchers note active in-the-wild exploitation since mid-September and urge immediate patching, disablement of unnecessary network exposure, and close monitoring for suspicious file transfers and privilege escalation within MFT environments. » More Info

🗨️ Parting Words

“If we have data, let’s look at data. If all we have are opinions, let’s go with mine.” – Jim Barksdale

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!