Critical Cybersecurity Alert: Wave of Sophisticated Attacks Targets Enterprise Infrastructure
October 11, 2025 – Multiple high-severity security incidents reported across corporate and educational sectors
A series of coordinated cyberattacks has emerged over the past 24 hours, revealing alarming new tactics by threat actors and exposing vulnerabilities in widely-used enterprise systems.
Ransomware Groups Weaponize Security Tools
In a disturbing development, cybercriminals have turned defensive security tools against organizations. Threat actors are now weaponizing Velociraptor—a legitimate digital forensics and incident response (DFIR) tool—to deploy LockBit, Warlock, and Babuk ransomware variants.
The attacks exploit SharePoint vulnerabilities combined with a critical privilege escalation flaw tracked as CVE-2025-6264. Security researchers have attributed these campaigns to the threat group Storm-2603, marking a significant evolution in ransomware deployment tactics.
Strategic Retail Partners (SRP), a major merchandise distributor, has reportedly suffered repeated attacks from a ransomware gang, highlighting the persistent targeting of supply chain infrastructure.
Mass Exploitation of SonicWall VPN Systems
Cybersecurity firm Huntress has issued an urgent warning about widespread breaches affecting SonicWall SSL VPN deployments. Attackers are rapidly exploiting valid login credentials to compromise multiple accounts across different organizations, suggesting either credential theft or systematic brute-force campaigns.
The speed and scale of these breaches indicate a coordinated effort potentially affecting thousands of corporate networks relying on SonicWall’s remote access solutions.
Massive RDP Attack Campaign Detected
Security monitoring systems have detected an unprecedented surge in attacks targeting Remote Desktop Protocol (RDP) services. The assault involves over 100,000 distinct IP addresses, representing one of the largest distributed attacks on this commonly-used remote access protocol.
RDP remains a favored target for attackers seeking initial access to corporate networks, particularly as remote work continues to drive widespread deployment of these services.
Teenage Hacker Behind Major Educational Data Breach
Investigators have identified a “seasoned” teenage hacker as the perpetrator behind a significant breach of PowerSchool, a widely-used educational management platform. The incident raises serious concerns about the security of student data and the evolving profile of cybercriminals.
The breach affects educational infrastructure serving millions of students, though the full scope of compromised data remains under investigation.
Expert Recommendations
Security professionals urge organizations to immediately:
- Audit all deployments of Velociraptor and similar DFIR tools for unauthorized usage
- Apply patches for CVE-2025-6264 and review SharePoint security configurations
- Reset credentials and implement multi-factor authentication on all SonicWall VPN accounts
- Restrict RDP access and implement network-level protections
- Review access logs for suspicious activity patterns
These incidents underscore the rapidly evolving threat landscape and the critical need for proactive security measures across all sectors.