Security briefing: October 2025

Who turned out the lights?

October, also known in our community as Cybersecurity Awareness Month, was marked with a chilling reminder: pay attention to resilience and response speed.

Oct. 3: RediShell CVE-2025-49844

• A 13-year-old critical (CVSS 10.0) remote code execution flaw was discovered in the popular open-source, in-memory data store, Redis.
• The vulnerability allowed an authenticated user to escape the Lua sandbox and execute code at the host level.
• Organizations were urged to either upgrade to patched versions immediately or take other appropriate precautions.
• A successful exploit could result in stolen credentials or data, malware deployment, or malicious access to cloud services.
• Sysdig’s response: Queries were readily available to customers via their Threat Intelligence dashboard, allowing them to search for vulnerabilities. The Sysdig Threat Research Team (TRT) also released a public blog the day following its discovery.

Oct. 19–20: AWS outage

• Many organizations using AWS’ Northern Virginia (us-east-1) region experienced service disruptions during three separate periods of impact over this two-day period.
• Amazon DynamoDB experienced increased API error rates, Network Load Balancer (NLB) experienced increased connection errors due to failed health checks, and new EC2 instance launches were failing and experiencing connectivity issues. Several AWS services that rely on DynamoDB were also impacted.
• The root cause was an automation failure in which an autonomous repair process did not correct an empty DNS record for the region’s DynamoDB endpoint, leaving it without IP addresses.
• Since the automated systems were unable to recover, the outage required manual intervention.  
• What you can do: Distribute services across regions or Availability Zones if your workloads run heavily in one place. Periodically validate health checks and policies and audit your automations to ensure processes work as intended.

Oct. 29: Azure outage

• Several organizations and Microsoft services were impacted by Azure Front Door (AFD) node failures across multiple regions.
• The outage was caused by a software defect that allowed an inadvertent tenant configuration change to bypass automated safeguards that were in place.
• Microsoft responded by blocking further changes, redeployed a last known good configuration globally, and manually recovered nodes while gradually restoring traffic.
• What you can do: Periodically review traffic delivery and configuration practices and add alternatives for redundancy. Limit broad automation changes and conduct regular audits for process health.

Also in the news

• BIG-IP source code and vulnerability data stolen: Over 266,000 F5 BIG-IP devices connected to the public internet were at risk of breach after a nation-state-affiliated threat actor breached F5.  
• Salesforce supply chain breach fallout: Even after the FBI took down Scattered Lapsus$ Hunters’ website, the group began leaking victim data earlier this month after Salesforce and several of its major customers refused to negotiate or pay ransom.
• The UN Convention against Cybercrime: Sixty-five nations signed the first global treaty to share intelligence and combat cybercrime together based on a universal framework.

Closing thoughts

Cybersecurity Awareness Month ended on a fitting note: awareness is just the beginning. October was a case study on how intertwined our infrastructure has become. Resilience depends on visibility, and gaps can be surfaced during a dependency analysis of every component and automation you use. From old Redis ghosts to global cloud outages, we’re reminded that resilience is forged in our response. As we head into November, take a moment to be thankful for the people behind the machines, keeping the lights on at 2 am.

Don’t wait for next month’s wrap-up! Get the latest news from the Sysdig Threat Research Team.