Blood center attack details emerge, Electoral Commission recovers, Plex suffers password breach - Cybersecurity Headlines

Summary4 min read

Cyber Security Headlines — September 10, 2025
Host: Sarah Lane
Episode Theme:
Daily coverage of cyber threats, breaches, and security trends, with a focus on high-impact incidents affecting major sectors such as healthcare, government, technology, and open source software.

Main Stories & Key Insights

1. Blood Center Ransomware Attack Exposes Sensitive Data

[00:09]–[01:09]

Incident Summary:
The New York Blood Center confirmed a ransomware attack from January 2025, which exposed personal and medical data.
Scope of Breach:
Attackers accessed internal systems for nearly a week (Jan 20–26). Data stolen included:
- Names, health records, test results
- Social Security numbers, ID, financial info (in some cases)
Impact:
At least 10,557 Texas residents affected, with total numbers still unclear.
Notifications only began in September, months after the June conclusion of the investigation.
Notable Quote:
“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.” (Sarah Lane, 00:13)
Context:
Reflects persistent delays between incident detection and breach notification in critical sectors.

2. UK Electoral Commission’s Long, Costly Recovery from China-Linked Hack

[01:10]–[01:53]

Incident Details:
- 2021 breach exposed personal data for 40 million UK voters.
- Attackers exploited unpatched Microsoft Exchange flaw; access undetected for over one year.
Security Failures:
- Poor password hygiene and ignored warnings cited as core issues.
Long-Term Impact:
- Took three years and over £250,000 to remediate.
Notable Quote:
“Basic security failures included poor password practices and ignoring warnings were later said to be the root of the problem.” (Sarah Lane, 01:47)
Memorable Moment:
Highlights real-world cost and persistence required to recover from state-sponsored cyberattacks.

3. Massive NPM Supply Chain Attack Targets Billions of Downloads

[01:54]–[02:35]

Breach Mechanics:
- Popular npm packages (over 2.6 billion downloads/wk) compromised after attacker phished a maintainer’s account.
- Malware injected hijacked browser crypto wallet APIs, rerouting transactions to attacker wallets.
Response & Mitigation:
- NPM promptly removed malicious versions; only fresh installs during a narrow window were impacted.
Notable Quote:
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.” (Sarah Lane, 01:56)
Insight:
Shows the high-value target that open source repositories have become.

4. Plex Admits 3rd Password Breach in 10 Years

[02:36]–[03:16]

Incident Overview:
- Plex issued password reset notices following another breach; emails, usernames, and hashed passwords accessed.
User Impact:
- Credit card data not compromised; limited notifications suggest a contained breach.
- Users advised to reset passwords, log out, enable two-factor authentication.
Host’s Personal Note:
“I was one of them.” (Sarah Lane, 03:14)
Notable Quote:
“Its third [breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…” (Sarah Lane, 02:39)
Insight:
Recurring incidents stress need for continual security improvement and user vigilance.

5. U.S. Cyber Command and NSA to Remain Under Single Leadership

[04:11]–[04:38]

Policy Decision:
U.S. government opts not to split command of Cyber Command and NSA, citing complexity of separating roles.
Operational Rationale:
Centralized leadership considered faster and more unified for defense and response.
New Chief:
Lt. Gen. William Hartman to be confirmed as ongoing head.
Notable Quote:
“Maintaining the dual hat structure allows faster, more unified operations.” (Sarah Lane, 04:31)

6. Major Ransomware Indictment – Ukrainian National Charged

[04:39]–[05:03]

Legal Action:
Vladimir Tomokshuk accused of hundreds of ransomware attacks since 2018.
Global Impact:
Over 250 U.S. companies and many more globally targeted, with losses in the tens of millions.
Bounty:
State Dept. offers $10M for info leading to arrest.
Notable Quote:
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.” (Sarah Lane, 04:50)

7. Critical Adobe & Microsoft Patch Updates

[05:04]–[05:57]

Adobe:
- Dozens of bugs fixed across 9 products (ColdFusion, Magento, Acrobat, Reader, etc.)
- Some flaws permit attackers to bypass authentication and internal security.
Microsoft:
- Patched 81 flaws, including severe bugs in SMB Server (“could allow relay attacks and privilege escalation”) and SQL Server (denial of service risk via Newtonsoft JSON issue).
Notable Quote:
“Microsoft fixed 81 vulnerabilities including two zero days… SMB flaw could allow relay attacks and privilege escalation.” (Sarah Lane, 05:36)
Insight:
Underlines the relentless patching required to keep enterprise software secure.

8. Attackers Leverage Tor and Docker API Exposures for Persistent Botnets

[05:58]–[06:35]

Attack Outline:
- Akamai found attackers using Tor to conceal identity as they exploited open Docker APIs.
- Malware established persistent SSH access, blocked further API abuse by rivals, and acted similarly to botnets.
Tools Deployed:
- Self-replicating Go binaries, competitor container removal, and potential for expanded threats (credential theft, DDoS, browser hijacking).
Notable Quote:
“Downloaded Go binary enables self replication and removal of competitor containers… potential future expansion for credential theft, browser hijacking and DDoS attacks.” (Sarah Lane, 06:15)
Insight:
Exemplifies adaptive attacker tactics and the risks of exposed container infrastructure.

Memorable Quotes & Highlights

“Sensitive data of thousands of patients and employees… stolen before deploying ransomware.”
— Sarah Lane, [00:13]
“Basic security failures included poor password practices and ignoring warnings…”
— Sarah Lane, [01:47]
“18 popular npm packages with more than 2.6 billion weekly downloads… code hijacked browser based crypto transactions.”
— Sarah Lane, [01:56]
“Its third [Plex breach] in a decade. Emails, usernames and securely hashed passwords may have been accessed…”
— Sarah Lane, [02:39]
“Maintaining the dual hat structure allows faster, more unified operations.”
— Sarah Lane, [04:31]
“Causing tens of millions in damages primarily to large corporations, health care and industrial firms.”
— Sarah Lane, [04:50]

For more details or deeper dives into these stories, visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, September 10, 2025. I'm Sarah Lane. Thousands had data leaked in blood center ransomware attack New York Blood center confirmed a January ransomware attack exposed sensitive data of thousands of patients and employees. Attackers accessed ITS systems between January 20th and 26th, stealing names, health records, test results and in some cases Social Security numbers, IDs and financial details before deploying ransomware. Regulators in Texas said at least 10,557 residents were affected. The full scope remains unclear, but notifications began September 5 May, months after the investigation closed in June. UK Electoral Commission recovers three years after China hack the UK Electoral Commission says it took three years and more than 250,000 pounds to recover from a 2021 hack by suspected Chinese spies that exposed the personal details of 40 million voters. Attackers exploited an unpatched Microsoft Exchange flaw to to access electoral registers and internal emails, which wasn't detected until late 2022. Basic security failures included poor password practices and ignoring warnings were later said to be the root of the problem. NPM packages with 2 billion weekly downloads targeted in supply chain attack Attackers compromised a maintainer's account in a phishing attack and injected malware into 18 popular npm packages with more than 2.6 billion weekly downloads. The code hijacked browser based crypto transactions by intercepting wallet APIs and replacing destination addresses with attacker controlled ones. NPM has since polled malicious versions and researchers note only fresh installs made during a narrow time window were likely affected, which limits overall impact. Plex suffers yet another password spill Plex alerted some users to reset their passwords following a new breach, its third in a decade. Emails, usernames and securely hashed passwords may have been accessed, but credit card data apparently was not affected. The company says the impact is limited and the attack method has been addressed. Users are advised to reset passwords, log out of connected devices and enable two factor authentication. Details on the number of affected accounts were not disclosed and only select users appear to have received notifications. I was one of them. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Like right right this second right now? We know that real time visibility is critical for security, but when it comes to our GR programs we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that is a new way to gr get started at vanta.com headlines that's vanta.com headlines cyber command and NSA to remain under single leader the US administration announced it will not split the dual leadership of U.S. cyber Command and the NSA, citing the complexity and multi year timeline. Senior officials say maintaining the dual hat structure allows faster, more unified operations. Army Lt. Gen. William Hartman, acting head of both agencies, is expected to be confirmed permanently. US Indicts Ukrainian national for hundreds of ransomware attacks the US Justice Department indicted Ukrainian national Vladimir Tomokshuk for orchestrating hundreds of ransomware attacks since at least 2018. He and others have said to have targeted more than 250 U.S. companies and hundreds globally, causing tens of millions in damages primarily to large corporations, health care and industrial firms. The State Department is offering up to $10 million for information leading to his arrest. Microsoft Fixes 81 flaws 20 days Adobe Patches Critical cold Fusion and commerce vulnerabilities Adobe patched around two dozen flaws across nine products, including critical bugs in ColdFusion and Commerce Magento. Another critical bug lets unauthenticated attackers bypass commerce security features. Adobe also patched high severity issues in Acrobat, Reader Premiere Pro, AEM, Dreamweaver and other tools. Microsoft fixed 81 vulnerabilities including two zero days and Windows SMB Server and and SQL Server 9 were rated critical with five enabling remote code execution. The SMB flaw could allow relay attacks and privilege escalation. The SQL Server bug stemmed from a newtonsoft JSON issue that could cause denial of service. Other fixes covered Office, Hyper V, BitLocker and Windows kernel hackers hide behind Tor and exposed Docker API breaches Akamai researchers reported attackers are Targeting exposed docker APIs using Tor to hide their activity. The malware sets up persistent SSH access, blocks external API access, and installs tools for scanning and propagation. A downloaded Go binary enables self replication and removal of competitor containers showing botnet like behavior. This suggests potential future expansion for credential theft, browser hijacking and DDoS attacks. Remember to follow the CISO series on LinkedIn and YouTube. We are always posting original interviews, fun event coverage, snippets from our shows and other great content. Just search for CISO series wherever you spend time on the Internet and you'll find us. If you have thoughts from the news from today or about our show in general, be sure to reach out to us at feedback and@cisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO series and I want you to have a good one.
[07:07]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.