
Loading summary
Host
From the CISO series, it's Cybersecurity Headlines.
Steve Prentiss
These are the cybersecurity headlines for Friday, June 20, 2025. I'm Steve Prentiss.
Co-Host
Cisco and Atlassian fix High Severity Vulnerabilities Cisco's recent release is related to firmware updates for Meraki devices. The vulnerability in question affects the AnyConnect VPN server and could allow attackers to make these products restart, leading to a denial of service condition. This vulnerability has a CVE number and.
Steve Prentiss
A CVSS score of 8.6.
Co-Host
The bug can be exploited remotely. Atlassian has quote announced patches for five vulnerabilities in third party dependencies in Bamboo, BitBucket, Confluence, Crowd and jira. These also have CVE numbers which are.
Steve Prentiss
Listed in the show Notes to this episode Alleged Ryuk Ransomware Gang member arrested and extradited a 33 year old foreign national has been arrested in Kiev and.
Co-Host
Extradited to the US for his alleged role in extorting more than $100 million from victims across the world as part.
Steve Prentiss
Of the Riuk cybercrime gang.
Co-Host
This announcement was made by Ukraine's Office of the Prosecutor General, but no name.
Steve Prentiss
For the person was given.
Co-Host
Ukrainian investigators described the man's activities as searching for vulnerabilities in the corporate networks of victim companies.
Steve Prentiss
In other words, an initial access broker Telecom company ViaSat attacked by salt typhoon the satellite communications company ViaSat, that is.
Co-Host
ViaSat has announced it has become the latest telecom industry victim of China's Salt.
Steve Prentiss
Typhoon Cyber Espionage Group.
Co-Host
ViaSat provides satellite broadband services to governments worldwide and aviation, military, energy, maritime and enterprise customers. It has 189,000 broadband subscribers in the.
Steve Prentiss
US and as reported by Bloomberg, the.
Co-Host
Company discovered the Salt Typhoon breach earlier this year and has been working with.
Steve Prentiss
Federal authorities to investigate the attack. End quote. Krispy Kreme Discusses November breach impact the.
Co-Host
Well known Donut company has now released information on the cyber attack that it suffered last November. Its filing with Maine's Attorney General shows that cybercriminals accessed data belonging to more than 160,000 people. Along with standard PII, the haul also included financial account information, including credit or debit card information, along with access information as well as email addresses and passwords, biometric data, USCIS or alien registration numbers, US Military ID numbers, medical or health information, and health insurance information. Some experts question the company's need to.
Steve Prentiss
Collect this much data as well as.
Co-Host
The quality of their pre breach security.
Steve Prentiss
Huge thanks to our Sponsor Adaptive Security, OpenAI's first cybersecurity investment as deepfake scams.
Co-Host
In Gen AI phishing evolve Adaptive equips security teams with AI powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI content creator turns threat intel and policy updates into interactive multilingual training. Instantly trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI driven threats.
Steve Prentiss
You can learn more at adaptivesecurity.com that.
Co-Host
Is the two words together.
Steve Prentiss
Adaptivesecurity.com threat groups distribute malware via open source repos Researchers at Trend Micro and.
Co-Host
Reversing Labs are warning of a campaign that appears to target red teams, novice cybercriminals and developer environments through Trojanized open source hacking tools. One of these campaigns from the Water Curse group involved at least 76 GitHub accounts linked to repositories that had malicious payloads injected into build scripts and project files. The intent of the payloads is to steal credentials, browser data and session tokens and to provide the threat actor with persistent remote access to the compromised systems. A separate campaign from a group called Banana Squad involves more than 67 GitHub repositories, promising Python based hacking tools but.
Steve Prentiss
Delivering the Trojanized lookalikes of other repositories. End quote Community organizations need More Cybersecurity Help, says Report More needs to be.
Co-Host
Done to protect quote target rich but resource poorer community organizations like hospitals, schools, utilities and municipal governments. This according to a new report from the Cyber Resilience Corps. The authors of the report, Sarah Pawacek and Grace Mena, state community organizations as a whole are falling through the cracks and current efforts are not enough to help them protect themselves online. End quote. Furthermore, as Derek Johnson writes in cyberscoop, experts have long identified these types of community organizations as the soft underbelly of.
Steve Prentiss
America's cybersecurity problem, important enough that their.
Co-Host
Disruption could cause real world harms, making them attractive targets for profit minded hackers.
Steve Prentiss
Or foreign intelligence services, but too small.
Co-Host
And under resourced to do anything meaningful about it.
Steve Prentiss
End quote Android Malware Surge uses overlays.
Co-Host
Virtualization, fraud and NFC theft. An Android malware named Antidot has already compromised nearly 4,000 devices through 273 unique campaigns.
Steve Prentiss
Antidot is malware is a service operated.
Co-Host
By a financially motivated threat actor known as larva398 and sold on underground forums. It is advertised as a 3 in 1 solution with capabilities to record the device screen, intercept SMS messages and extract sensitive data from third party applications.
Steve Prentiss
It is thought to be delivered through.
Co-Host
Malicious advertising and tailored phishing campaigns. A link to the report from the security firm Prodaft is available in the show.
Steve Prentiss
Notes to this episode North Korea's Tricky Click Fake Deep Fake Scam A cautionary.
Co-Host
Tale from the crypto world, but one equally applicable to regular businesses and organizations. Security firm Huntress reports on a deepfake social engineering scam in which an employee of a cryptocurrency foundation was invited to.
Steve Prentiss
Talk with a collection of executives of an external company via Zoom.
Co-Host
The short version of the story is upon accepting the calendly invite, the employee joined a group Zoom meeting that included several deepfakes of known members of senior.
Steve Prentiss
Leadership of this company, along with other external contacts.
Co-Host
The employee found that his microphone was not being heard on the call, at which point the deepfake Personas sent him a Zoom extension to fix the problem, but it was one that had been altered to stealthily download a next stage.
Steve Prentiss
Payload from from a remote server.
Co-Host
This technique is now being referred to as a Click Fake interview since it has similar I can fix it vibes as the better known click fix campaigns. The longer version of this story is available once again through the show.
Steve Prentiss
Notes to this episode it's always great.
Co-Host
To see a busy Friday of live streams, and we have just that today. It starts at 1pm Eastern time with Super Cyber Friday, where the topic will be hacking what it takes to become a ciso. An hour of critical thinking about the skills you need to move up to that top cyber leadership role. Then at 3:30pm Eastern we have our.
Steve Prentiss
Week in Review show.
Co-Host
Howard Halton, COO and Industry Analyst at gigaom, will be our guest, providing his expert commentary on the news of the week. To join us for both, head on.
Steve Prentiss
Over to the events page@cisoseries.com and if.
Co-Host
You have some thoughts on the news from today or about this show in general, please be sure to reach out.
Steve Prentiss
To us at the end. Feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
Host
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
Hosted by CISO Series | Episode: Cisco, Atlassian fixes, Ryuk member arrested, Viasat Typhoon attack | Released on June 20, 2025
In today’s cybersecurity landscape, major software providers are continually patching vulnerabilities to safeguard their users. Cisco recently released firmware updates for its Meraki devices addressing a critical vulnerability in the AnyConnect VPN server. This flaw, assigned a CVE with a CVSS score of 8.6, poses a significant threat as it allows attackers to remotely trigger device restarts, resulting in a denial of service (DoS) condition.
Steve Prentiss highlighted the severity, noting at [00:39] “a CVSS score of 8.6.”
Simultaneously, Atlassian has announced patches for five vulnerabilities affecting its products, including Bamboo, BitBucket, Confluence, Crowd, and Jira. These vulnerabilities also carry CVE identifiers, underscoring the importance of timely updates. The Co-Host emphasized, “Atlassian has announced patches for five vulnerabilities in third-party dependencies” ([00:42]).
Key Takeaway: Organizations using Cisco Meraki devices or Atlassian products should prioritize applying these patches to mitigate potential exploits.
A significant breakthrough in combating ransomware was reported with the arrest and extradition of a key member of the Ryuk ransomware gang. A 33-year-old foreign national was apprehended in Kiev and subsequently extradited to the United States. This individual is alleged to have been instrumental in extorting over $100 million from victims globally as part of the Ryuk cybercrime operations.
Steve Prentiss reported at [00:58], “Alleged Ryuk Ransomware Gang member arrested and extradited...” further detailing the suspect’s role in targeting corporate network vulnerabilities ([01:12]).
Key Takeaway: This arrest marks a significant step in disrupting ransomware operations and underscores international cooperation in cybersecurity law enforcement.
ViaSat, a prominent satellite communications provider serving governments and industries worldwide, disclosed a breach orchestrated by China’s Salt Typhoon Cyber Espionage Group. With a subscriber base of 189,000 broadband users in the US, the attack has raised concerns about the security of critical communication infrastructures.
According to Bloomberg, “ViaSat discovered the Salt Typhoon breach earlier this year and has been working with federal authorities to investigate the attack” ([02:11]). This incident highlights the persistent threat posed by state-sponsored cyber espionage groups targeting vital communication services.
Key Takeaway: Organizations in critical sectors must remain vigilant against sophisticated state-backed cyber threats and ensure robust security measures are in place.
The well-known donut company, Krispy Kreme, has publicly addressed a cyberattack that occurred in November, impacting over 160,000 individuals. The breach compromised sensitive data including Personally Identifiable Information (PII), financial details such as credit and debit card information, email addresses, passwords, biometric data, and even US Military ID numbers.
The Co-Host remarked, “Some experts question the company's need to collect this much data as well as the quality of their pre-breach security” ([03:03]). This extensive breach raises concerns about data minimization practices and the necessity of robust preemptive security measures.
Key Takeaway: Companies must evaluate the data they collect to ensure it is necessary and implement stringent security protocols to protect sensitive information.
Researchers from Trend Micro and Reversing Labs have identified malicious campaigns targeting red teams, novice cybercriminals, and developer environments by injecting malware into open source repositories. Notable groups include Water Curse and Banana Squad.
Water Curse has been linked to 76 GitHub accounts with repositories containing malicious payloads aimed at stealing credentials, browser data, and session tokens, facilitating persistent remote access ([04:05]). Similarly, Banana Squad has compromised over 67 GitHub repositories, disguising Trojanized versions of legitimate Python-based hacking tools ([04:49]).
Steve Prentiss emphasized the threat, stating, “These payloads are intended to steal credentials... and provide the threat actor with persistent remote access” ([04:05]).
Key Takeaway: Developers and security teams must rigorously vet open source tools and monitor repositories for signs of tampering to prevent malware infections.
A recent report from the Cyber Resilience Corps underscores the urgent need for improved cybersecurity in community organizations such as hospitals, schools, utilities, and municipal governments. Authors Sarah Pawacek and Grace Mena highlight that these organizations are often resource-poor and target-rich, making them vulnerable to cyberattacks.
Derek Johnson from Cyberscoop echoes this sentiment, describing these entities as the “soft underbelly of America’s cybersecurity problem,” pointing out that their disruption could lead to significant real-world harms ([05:35]).
Steve Prentiss notes, “Community organizations are falling through the cracks and current efforts are not enough” ([05:01]).
Key Takeaway: Enhanced support and tailored cybersecurity strategies are essential to protect community organizations from becoming easy targets for malicious actors.
An alarming rise in Android malware activity has been detected with the emergence of Antidot, a sophisticated malware service operated by the financially motivated threat actor known as larva398. Antidot has already compromised nearly 4,000 devices through 273 unique campaigns.
Antidot is marketed as a 3-in-1 solution, offering functionalities to record device screens, intercept SMS messages, and extract sensitive data from third-party applications. It is typically delivered via malicious advertising and tailored phishing campaigns ([06:12]).
Steve Prentiss highlighted, “Antidot is advertised as a 3 in 1 solution... to record the device screen, intercept SMS messages...” ([06:12]).
Key Takeaway: Android users and organizations should implement robust mobile security measures and educate users about the dangers of malicious ads and phishing attempts to mitigate the risk posed by Antidot.
A new form of social engineering scam involving deepfakes has been reported by security firm Huntress. In this sophisticated attack, an employee from a cryptocurrency foundation was tricked into joining a Zoom call with deepfake representations of senior company executives.
During the call, the employee’s microphone was reportedly silenced, and the deepfake personas shared a compromised Zoom extension designed to stealthily download a next-stage payload from a remote server ([07:00]).
Steve Prentiss referred to this technique as a "Click Fake interview," drawing parallels to traditional “click fix” scams ([07:30]).
Key Takeaway: Organizations must enhance their verification processes for virtual meetings and train employees to recognize and respond appropriately to potential deepfake threats.
This episode of Cybersecurity Headlines by CISO Series provides a comprehensive overview of recent significant events in the cybersecurity realm, from high-severity vulnerabilities and arrests within ransomware gangs to sophisticated malware campaigns and emerging deepfake threats. The discussions emphasize the ongoing need for robust security measures, proactive threat intelligence, and enhanced support for vulnerable organizations to mitigate the evolving landscape of cyber threats.
For more detailed insights and the full stories behind these headlines, visit cisoseries.com.