Blood center attack details emerge, Electoral Commission recovers, Plex suffers password breach

Cyber Security Headlines — September 10, 2025
Host: Sarah Lane
Episode Theme:
Daily coverage of cyber threats, breaches, and security trends, with a focus on high-impact incidents affecting major sectors such as healthcare, government, technology, and open source software.

Main Stories & Key Insights

1. Blood Center Ransomware Attack Exposes Sensitive Data

[00:09]–[01:09]

Incident Summary:
The New York Blood Center confirmed a ransomware attack from January 2025, which exposed personal and medical data.
Scope of Breach:
Attackers accessed internal systems for nearly a week (Jan 20–26). Data stolen included:
- Names, health records, test results
- Social Security numbers, ID, financial info (in some cases)
Impact:
At least 10,557 Texas residents affected, with total numbers still unclear.
Notifications only began in September, months after the June conclusion of the investigation.
Notable Quote:
“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.” (Sarah Lane, 00:13)
Context:
Reflects persistent delays between incident detection and breach notification in critical sectors.

2. UK Electoral Commission’s Long, Costly Recovery from China-Linked Hack

[01:10]–[01:53]

Incident Details:
- 2021 breach exposed personal data for 40 million UK voters.
- Attackers exploited unpatched Microsoft Exchange flaw; access undetected for over one year.
Security Failures:
- Poor password hygiene and ignored warnings cited as core issues.
Long-Term Impact:
- Took three years and over £250,000 to remediate.
Notable Quote:
“Basic security failures included poor password practices and ignoring warnings were later said to be the root of the problem.” (Sarah Lane, 01:47)
Memorable Moment:
Highlights real-world cost and persistence required to recover from state-sponsored cyberattacks.

3. Massive NPM Supply Chain Attack Targets Billions of Downloads

[01:54]–[02:35]

Breach Mechanics:
- Popular npm packages (over 2.6 billion downloads/wk) compromised after attacker phished a maintainer’s account.
- Malware injected hijacked browser crypto wallet APIs, rerouting transactions to attacker wallets.
Response & Mitigation:
- NPM promptly removed malicious versions; only fresh installs during a narrow window were impacted.
Notable Quote:
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.” (Sarah Lane, 01:56)
Insight:
Shows the high-value target that open source repositories have become.

4. Plex Admits 3rd Password Breach in 10 Years

[02:36]–[03:16]

Incident Overview:
- Plex issued password reset notices following another breach; emails, usernames, and hashed passwords accessed.
User Impact:
- Credit card data not compromised; limited notifications suggest a contained breach.
- Users advised to reset passwords, log out, enable two-factor authentication.
Host’s Personal Note:
“I was one of them.” (Sarah Lane, 03:14)
Notable Quote:
“Its third [breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…” (Sarah Lane, 02:39)
Insight:
Recurring incidents stress need for continual security improvement and user vigilance.

5. U.S. Cyber Command and NSA to Remain Under Single Leadership

[04:11]–[04:38]

Policy Decision:
U.S. government opts not to split command of Cyber Command and NSA, citing complexity of separating roles.
Operational Rationale:
Centralized leadership considered faster and more unified for defense and response.
New Chief:
Lt. Gen. William Hartman to be confirmed as ongoing head.
Notable Quote:
“Maintaining the dual hat structure allows faster, more unified operations.” (Sarah Lane, 04:31)

6. Major Ransomware Indictment – Ukrainian National Charged

[04:39]–[05:03]

Legal Action:
Vladimir Tomokshuk accused of hundreds of ransomware attacks since 2018.
Global Impact:
Over 250 U.S. companies and many more globally targeted, with losses in the tens of millions.
Bounty:
State Dept. offers $10M for info leading to arrest.
Notable Quote:
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.” (Sarah Lane, 04:50)

7. Critical Adobe & Microsoft Patch Updates

[05:04]–[05:57]

Adobe:
- Dozens of bugs fixed across 9 products (ColdFusion, Magento, Acrobat, Reader, etc.)
- Some flaws permit attackers to bypass authentication and internal security.
Microsoft:
- Patched 81 flaws, including severe bugs in SMB Server (“could allow relay attacks and privilege escalation”) and SQL Server (denial of service risk via Newtonsoft JSON issue).
Notable Quote:
“Microsoft fixed 81 vulnerabilities including two zero days… SMB flaw could allow relay attacks and privilege escalation.” (Sarah Lane, 05:36)
Insight:
Underlines the relentless patching required to keep enterprise software secure.

8. Attackers Leverage Tor and Docker API Exposures for Persistent Botnets

[05:58]–[06:35]

Attack Outline:
- Akamai found attackers using Tor to conceal identity as they exploited open Docker APIs.
- Malware established persistent SSH access, blocked further API abuse by rivals, and acted similarly to botnets.
Tools Deployed:
- Self-replicating Go binaries, competitor container removal, and potential for expanded threats (credential theft, DDoS, browser hijacking).
Notable Quote:
“Downloaded Go binary enables self replication and removal of competitor containers… potential future expansion for credential theft, browser hijacking and DDoS attacks.” (Sarah Lane, 06:15)
Insight:
Exemplifies adaptive attacker tactics and the risks of exposed container infrastructure.

Memorable Quotes & Highlights

“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.”
— Sarah Lane, [00:13]
“Basic security failures included poor password practices and ignoring warnings…”
— Sarah Lane, [01:47]
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.”
— Sarah Lane, [01:56]
“Its third [Plex breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…”
— Sarah Lane, [02:39]
“Maintaining the dual hat structure allows faster, more unified operations.”
— Sarah Lane, [04:31]
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.”
— Sarah Lane, [04:50]

For more details or deeper dives into these stories, visit CISOseries.com.

Main Stories & Key Insights

1. Blood Center Ransomware Attack Exposes Sensitive Data

[00:09]–[01:09]

Incident Summary:
The New York Blood Center confirmed a ransomware attack from January 2025, which exposed personal and medical data.
Scope of Breach:
Attackers accessed internal systems for nearly a week (Jan 20–26). Data stolen included:
- Names, health records, test results
- Social Security numbers, ID, financial info (in some cases)
Impact:
At least 10,557 Texas residents affected, with total numbers still unclear.
Notifications only began in September, months after the June conclusion of the investigation.
Notable Quote:
“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.” (Sarah Lane, 00:13)
Context:
Reflects persistent delays between incident detection and breach notification in critical sectors.

2. UK Electoral Commission’s Long, Costly Recovery from China-Linked Hack

[01:10]–[01:53]

Incident Details:
- 2021 breach exposed personal data for 40 million UK voters.
- Attackers exploited unpatched Microsoft Exchange flaw; access undetected for over one year.
Security Failures:
- Poor password hygiene and ignored warnings cited as core issues.
Long-Term Impact:
- Took three years and over £250,000 to remediate.
Notable Quote:
“Basic security failures included poor password practices and ignoring warnings were later said to be the root of the problem.” (Sarah Lane, 01:47)
Memorable Moment:
Highlights real-world cost and persistence required to recover from state-sponsored cyberattacks.

3. Massive NPM Supply Chain Attack Targets Billions of Downloads

[01:54]–[02:35]

Breach Mechanics:
- Popular npm packages (over 2.6 billion downloads/wk) compromised after attacker phished a maintainer’s account.
- Malware injected hijacked browser crypto wallet APIs, rerouting transactions to attacker wallets.
Response & Mitigation:
- NPM promptly removed malicious versions; only fresh installs during a narrow window were impacted.
Notable Quote:
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.” (Sarah Lane, 01:56)
Insight:
Shows the high-value target that open source repositories have become.

4. Plex Admits 3rd Password Breach in 10 Years

[02:36]–[03:16]

Incident Overview:
- Plex issued password reset notices following another breach; emails, usernames, and hashed passwords accessed.
User Impact:
- Credit card data not compromised; limited notifications suggest a contained breach.
- Users advised to reset passwords, log out, enable two-factor authentication.
Host’s Personal Note:
“I was one of them.” (Sarah Lane, 03:14)
Notable Quote:
“Its third [breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…” (Sarah Lane, 02:39)
Insight:
Recurring incidents stress need for continual security improvement and user vigilance.

5. U.S. Cyber Command and NSA to Remain Under Single Leadership

[04:11]–[04:38]

Policy Decision:
U.S. government opts not to split command of Cyber Command and NSA, citing complexity of separating roles.
Operational Rationale:
Centralized leadership considered faster and more unified for defense and response.
New Chief:
Lt. Gen. William Hartman to be confirmed as ongoing head.
Notable Quote:
“Maintaining the dual hat structure allows faster, more unified operations.” (Sarah Lane, 04:31)

6. Major Ransomware Indictment – Ukrainian National Charged

[04:39]–[05:03]

Legal Action:
Vladimir Tomokshuk accused of hundreds of ransomware attacks since 2018.
Global Impact:
Over 250 U.S. companies and many more globally targeted, with losses in the tens of millions.
Bounty:
State Dept. offers $10M for info leading to arrest.
Notable Quote:
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.” (Sarah Lane, 04:50)

7. Critical Adobe & Microsoft Patch Updates

[05:04]–[05:57]

Adobe:
- Dozens of bugs fixed across 9 products (ColdFusion, Magento, Acrobat, Reader, etc.)
- Some flaws permit attackers to bypass authentication and internal security.
Microsoft:
- Patched 81 flaws, including severe bugs in SMB Server (“could allow relay attacks and privilege escalation”) and SQL Server (denial of service risk via Newtonsoft JSON issue).
Notable Quote:
“Microsoft fixed 81 vulnerabilities including two zero days… SMB flaw could allow relay attacks and privilege escalation.” (Sarah Lane, 05:36)
Insight:
Underlines the relentless patching required to keep enterprise software secure.

8. Attackers Leverage Tor and Docker API Exposures for Persistent Botnets

[05:58]–[06:35]

Attack Outline:
- Akamai found attackers using Tor to conceal identity as they exploited open Docker APIs.
- Malware established persistent SSH access, blocked further API abuse by rivals, and acted similarly to botnets.
Tools Deployed:
- Self-replicating Go binaries, competitor container removal, and potential for expanded threats (credential theft, DDoS, browser hijacking).
Notable Quote:
“Downloaded Go binary enables self replication and removal of competitor containers… potential future expansion for credential theft, browser hijacking and DDoS attacks.” (Sarah Lane, 06:15)
Insight:
Exemplifies adaptive attacker tactics and the risks of exposed container infrastructure.

Memorable Quotes & Highlights

“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.”
— Sarah Lane, [00:13]
“Basic security failures included poor password practices and ignoring warnings…”
— Sarah Lane, [01:47]
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.”
— Sarah Lane, [01:56]
“Its third [Plex breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…”
— Sarah Lane, [02:39]
“Maintaining the dual hat structure allows faster, more unified operations.”
— Sarah Lane, [04:31]
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.”
— Sarah Lane, [04:50]

For more details or deeper dives into these stories, visit CISOseries.com.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Main Stories & Key Insights

1. Blood Center Ransomware Attack Exposes Sensitive Data

2. UK Electoral Commission’s Long, Costly Recovery from China-Linked Hack

3. Massive NPM Supply Chain Attack Targets Billions of Downloads

4. Plex Admits 3rd Password Breach in 10 Years

5. U.S. Cyber Command and NSA to Remain Under Single Leadership

6. Major Ransomware Indictment – Ukrainian National Charged

7. Critical Adobe & Microsoft Patch Updates

8. Attackers Leverage Tor and Docker API Exposures for Persistent Botnets

Memorable Quotes & Highlights

Summary

Main Stories & Key Insights

1. Blood Center Ransomware Attack Exposes Sensitive Data

2. UK Electoral Commission’s Long, Costly Recovery from China-Linked Hack

3. Massive NPM Supply Chain Attack Targets Billions of Downloads

4. Plex Admits 3rd Password Breach in 10 Years

5. U.S. Cyber Command and NSA to Remain Under Single Leadership

6. Major Ransomware Indictment – Ukrainian National Charged

7. Critical Adobe & Microsoft Patch Updates

8. Attackers Leverage Tor and Docker API Exposures for Persistent Botnets

Memorable Quotes & Highlights