Cyber Security Headlines — Episode Summary

Podcast: Cyber Security Headlines
Host: Lauren Verno (CISO Series)
Episode: Atlas browser hijacked, Bye, bye Twitter birdie, Dante spyware surfaces
Date: October 28, 2025

Overview

This episode covers a range of significant cybersecurity stories from browser vulnerabilities and AI’s transformative potential in security to global spyware operations, widespread WordPress plugin attacks, and notable organizational breaches. Each news segment is addressed with real-world implications and expert insights, offering listeners a fast-paced yet thorough rundown of current cyber threats and industry trends.

Key Discussion Points & Insights

1. OpenAI Atlas Browser Hijacked

[00:13]

Discovery: Researchers identified a vulnerability in the OpenAI Atlas browser’s Omnibox, which can be exploited by malicious URLs.
Impact: If users paste crafted URLs, Atlas treats them as user intent, enabling attackers to redirect, steal credentials, or delete files from connected apps.
Root Cause: The flaw is linked to Atlas's failure to properly separate trusted user input from untrusted content.
Insight: “This is a common weakness in these kinds of browsers." — Lauren Verno, [00:28]

2. AI’s Role in Cybersecurity: Thoughts from Jen Easterly

[01:02]

Expert View: Jen Easterly, former CISA head, remarked that AI's advancing detection could soon make security breaches rare, as AI dramatically increases flaw discovery and mitigation.
Current Landscape: Most breaches stem from outdated vulnerabilities (e.g., SQL injections, XSS) rather than novel attacks.
Call to Action: AI will facilitate secure-by-design principles, but "the real way to cut risk... is demanding better software from vendors, not just reacting to attacks." — Lauren Verno quoting Easterly, [01:24]

3. Twitter/X Security Key Re-enrollment

[01:47]

Change: X (formerly Twitter) requires users to re-enroll their physical security keys by November 10, due to the migration from the twitter.com domain to x.com.
Reassurance: There's no security breach; the change is procedural, linked to domain transition.

4. Dante Spyware Surfaces in Targeted Attacks

[02:19]

Origin: The spyware, created by Italy’s Memento Labs (formerly Hacking Team), has been linked to attacks on Russian and Belarusian entities.
Operation: Discovered while investigating 'Operation Forum Troll,' including Chrome zero-day exploits against sensitive sectors.
Clarification: While Dante wasn’t deployed in that specific campaign, it’s been traced to related operations.

5. Millions of Exploit Attempts in WordPress Plugins

[03:15]

Scale: Over 9 million exploit attempts have been blocked targeting critical vulnerabilities in Gutenkit and Hunk Companion plugins since October 8th.
Attack Method: Attacks use GitHub-hosted malicious ZIP files containing backdoors/scripts for mass defacement.
Patch Gap: The vulnerabilities were patched a year ago, yet remain exploited, “revealing the need for another round of plugin updates.” — Lauren Verno, [03:45]

6. Iran’s Raven Academy Breach

[04:00]

Incident: State-linked Raven Academy, which trains cyber operatives, confirms data breach exposing students’ names, contact info, class details, and national IDs.
Significance: Many linked to Western universities and previously sanctioned individuals, exposing a key part of Iran’s cyber-espionage network.

7. Microsoft Tackles Blue Screen of Death

[04:52]

Feature: Microsoft is testing a new Windows 11 option prompting memory scans after blue screen crashes, aimed at early detection and mitigation of system crashes.
Availability: Currently for Insiders on Dev/Beta; not yet for ARM64/some protected systems.

8. Quilen’s Linux Ransomware Bypasses Windows EDR

[05:36]

Technique: Quilen Ransomware group is using Linux binaries on Windows hosts, circumventing traditional Windows-focused security/EDR.
Access Methods: Attacks exploit legitimate remote tools (AnyDesk, WinSCP, etc.) and target Veeam backups for credential theft and recovery sabotage.

Notable Quotes & Memorable Moments

"The flaw stems from Atlas failing to strictly separate trusted user input from untrusted content, a common weakness in these kinds of browsers."
— Lauren Verno, [00:28]
"AI could eventually make cybersecurity breaches the exception not the norm by spotting software flaws faster than ever… the real way to cut risk, Easterly said, is demanding better software from vendors, not just reacting to attacks."
— Lauren Verno quoting Jen Easterly, [01:24]
"While Dante itself wasn't used in that phishing campaign, Kaspersky traced the spyware in other Forum Troll operations."
— Lauren Verno, [02:46]
"Technically, these vulnerabilities were patched over a year ago, but these new campaigns reveal the need for another round of plug-in updates."
— Lauren Verno, [03:45]

Timestamps for Key Segments

Atlas Browser Hijacked: 00:13 – 01:01
AI vs. Cybersecurity Vendors (Jen Easterly): 01:02 – 01:46
Twitter/X Security Key Change: 01:47 – 02:18
Dante Spyware Surfaces: 02:19 – 03:14
WordPress Plugin Exploit Attempts: 03:15 – 03:59
Iran Cyber Academy Breach: 04:00 – 04:51
Microsoft Blue Screen Fix: 04:52 – 05:35
Quilen’s Ransomware Bypass: 05:36 – 06:19

Conclusion

This episode offers a succinct but in-depth update on the fast-moving world of cybersecurity, highlighting persistent issues (patching lag, vendor safety), the escalation in cross-platform and global cyber threats, and future-facing strategies (like AI-led security improvements and Microsoft’s diagnostic enhancements). It's essential listening for IT pros and anyone keen on understanding “what’s happening now” across the cyber landscape.

Transcript

A (0:00)

From the CISO series, it's Cybersecurity Headlines.

B (0:07)

These are the cybersecurity headlines for Tuesday, October 28, 2025. I'm Lauren Verno. OpenAI Atlas browser hijacked Researchers have discovered a new attack vector for OpenAI's Atlas web browser, where its Omnibox can be tricked into executing malicious prompts disguised as seemingly harmless URLs. Now, if a user pastes one of these crafted URLs into the omnibox, Atlas interprets the input as trusted user intent, allowing attackers to redirect users, steal credentials, or even delete files from connected apps. The flaw stems from Atlas failing to strictly separate trusted user input from untrusted content, a common weakness in these kinds of browsers. AI versus Cybersecurity Vendors if you had listened to the department of Node yesterday, you would know this by now. But ex CISA head Jen Easterly warned that AI could could eventually make cybersecurity breaches the exception not the norm by spotting software flaws faster than ever. She says most cybercrime isn't about advanced hackers. It's about sloppy software with old vulnerabilities like SQL injection and cross site scripting still causing trouble decades later. She believes that AI can help defenders catch these flaws, clean up technical debt, and push software towards secure by design principles. The real way to cut risk, Easterly said, is demanding better software from vendors, not just reacting to attacks. I'm curious, what do you think? Bye bye Twitter Birdie it's not a security breach, it's the end of Twitter X Formerly Twitter caused a stir after announcing users must re enroll their security keys by November 10 or risk account lockouts, initially without explanation. The platform later clarified the change is not due to a security breach, but that physical keys tied to the twitter.com domain must be re registered under the x.com domain ahead of the Twitter domain's retirement. Dante spyware Surfaces Italian spyware from Memento Labs, formerly the notorious hacking team, has been linked to attacks on Russian and Belarusian organizations. As Kaspersky reports, the malware known as Dante was discovered while investigating Operation Forum Troll, a campaign that exploited a Chrome zero day to target media, universities and government institutions. While Dante itself wasn't used in that phishing campaign, Kaspersky traced the spyware in other forum troll operations. Thanks to today's episode sponsor Conveyor security reviews don't have to feel like a hurricane. Most teams are buried in back and forth emails and never ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm, AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls. Breathe easier. Check out conveyor@conveyor.com that's C O N V E Y-O-R.com Millions of exploit attempts in WordPress plugin Active attacks are exploiting three critical vulnerabilities in the Gutenkit and Hunk Companion WordPress plugins, with roughly 9 million exploit attempts blocked since October 8th. That's according to WordPress security firm Defiant. The flaws let attackers install plugins, execute code remotely and take over sites, often using a malicious zip file on GitHub containing backdoors and scripts for persistence and mass defacement. Technically, these vulnerabilities were patched over a year ago, but but these new campaigns reveal the need for another round of plug in updates. Iran Cyber Academy Hacked Iran's state linked Raven Academy, which trains cyber attackers for the Ministry of Intelligence or mois, confirmed a breach exposing names, phone numbers and telegram usernames of students and associates. The stolen data also included national ID numbers and class details, with many affected linked to STEM fields at Western universities founded by MOIs, tied individuals and previously sanctioned by the US, UK and EU. Raven Academy sits within a broader Iranian cyber ecosystem that remains active despite sanctions. Blue screen of death Fix Microsoft may have a solution to the impending doom that is the blue screen of death. Microsoft is testing a new Windows 11 feature that prompts users to run a memory scan after a blue screen of death to catch potential memory issues before they can cause more crashes. The proactive memory diagnostics run during the next reboot and notify users if issues are found and mitigated. Though it's not yet available on ARM64 devices or systems with certain security protections, the feature is rolling out to Windows insiders in the dev and beta channels. Quilen's Linux Ransomware bypasses EDR the Quilen Ransomware Group has launched cross platform attacks using using a Linux based ransomware binary on Windows hosts, bypassing conventional Windows Focused Security Solutions and EDR platforms. The group deployed the malware via legitimate remote management and file transfer tools like AnyDesk, RMM, WinSCP and Screen Connect, targeting Veeam backup systems to steal credentials and and block recovery options. Live in Boston Work in cybersecurity maybe you're just studying and you want to work in cyber. If any of those are true then you must join us Monday, November 24, 2025 for our Boston based CISO Series meetup. It's happening at the City taphouse Boston from 5 to 7pm Be sure to head to the events page at cisoseries.com to register to join us. And if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Lauren Verno reporting for the CISO series.