Cyber Security Headlines – Episode Summary

Podcast: CISO Series – Cyber Security Headlines
Host: Steve Prentiss
Date: November 24, 2025
Episode Theme:
This episode delivers quick, incisive updates on major cybersecurity incidents, highlighting insider threats, supply chain breaches, AI-driven insurance dilemmas, critical vulnerabilities, and unusual cybercrime cases making headlines worldwide.

Key Stories and Discussion Points

1. CrowdStrike Insider Incident

Summary:
CrowdStrike confirmed that an insider took and leaked screenshots of internal systems, which surfaced on Telegram. However, they stressed no breach of their systems and no customer data compromise.
Key Insights:
- The company did not disclose which hacker group was behind the incident.
- The breach highlights ongoing insider risk, even for top-tier security firms.
Quote:

"CrowdStrike emphasized that its systems were not breached as a result of this incident and that customers data was not compromised." (Steve Prentiss, 00:33)

2. Spanish Airline (Iberia) Data Breach

Summary:
Iberia faced a data breach stemming from unauthorized access to a supplier’s systems. Exposed data includes customer names, email addresses, and loyalty card numbers.
Key Insights:
- No login credentials or banking data were accessed.
- Customers are urged to watch for suspicious communications.
Quote:

"The airline says customers Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed." (Steve Prentiss, 01:04–01:09)

3. AI: 'Too Risky to Insure'?

Summary:
Major insurers, including AIG, Great American, and W.R. Barclay, are lobbying to exclude AI-related liabilities from corporate policies due to the unpredictability of AI-triggered mass claims.
Key Insights:
- Insurers described AI as a "black box" with the potential for catastrophic, simultaneous losses.
- Several real-world lawsuits and deepfake incidents cited as reasons.
Quote:

"What they can't handle is an agentic AI mishap that triggers 10,000 losses at once." (Steve Prentiss quoting Aon executive, 01:49)
- Notable examples referenced:
  - AI Overview from Google causing a $110M lawsuit.
  - Air Canada forced to honor a chatbot-invented discount.
  - $25M deepfake heist at Arup in Hong Kong.

4. Salesforce Data Breach Involving Third-Party App

Summary:
Salesforce reported suspicious activity tied to Gainsight, a third-party app, not due to any Salesforce platform vulnerability.
Key Insights:
- The breach appears to be part of a trend of attacks by Scattered Spider/Shiny Hunters affiliates.
Quote:

"Salesforce emphasized that there was no indication that the issue resulted from any vulnerability in the Salesforce platform." (Steve Prentiss, 02:52)

5. SonicWall SSL VPN Flaw (CVE, CVSS 7.5)

Summary:
A high-severity buffer overflow flaw in SonicWall’s SSL VPN allows attackers to crash Gen7 and Gen8 firewalls, leading to denial-of-service.
Key Insights:
- Urgent patching recommended.
- No exploitation in the wild yet, but exposure risk remains if SSL VPN is enabled.
Quote:

"SonicWall is urging all customers to apply patches immediately." (Steve Prentiss, 04:18)

6. Cox Enterprises Oracle E-Business Suite Breach

Summary:
Cox Enterprises' network was hacked in August via a zero-day in Oracle E-Business Suite, with the breach only detected in September. The Clop Ransomware gang claims responsibility.
Key Insights:
- Details on specific exposed data remain undisclosed.
Quote:

"No attackers have been named, but the Clop Ransomware gang has taken credit for exploiting a CVE numbered zero day vulnerability long before Oracle released a patch..." (Steve Prentiss, 05:03)

7. Law Enforcement Agencies Hit by Ransomware

Summary:
Cyber incidents impacted Oklahoma’s Cleveland County Sheriff’s Office (ransomware) and the city of Attleboro, Massachusetts, affecting police and city services.
Key Insights:
- Essential services remained operational despite system interruptions.
- Online payment and municipal email service were disrupted.
Quote:

"Officials confirmed that there was no interruption to public safety services or 911 service." (Steve Prentiss, 05:40)

8. Wind Farm Worker Turns Turbines into Crypto Mine

Summary:
A technical manager at Nordex (Dutch wind farm operator) illicitly installed crypto mining rigs at two sites, exploiting company resources just after a Conti ransomware recovery.
Key Insights:
- Repeat offense patterns worldwide: Russian nuclear lab scientists and a Chinese headmaster previously caught mining crypto with organization resources.
- The worker received 120 hours of community service.
Quote:

"A technical manager at the Dutch wind farm operator Nordex has been sentenced to 120 hours of community service after it was discovered that he had secretly installed cryptocurrency mining rigs at two wind farm sites..." (Steve Prentiss, 06:09)

Notable Quotes & Memorable Moments

On AI Insurance Risk:

"These liabilities are described by one underwriter as too much of a black box. The fear, they say, is of thousands of simultaneous claims when a widely used AI model makes a mistake." (Steve Prentiss, 01:37)
On Third-Party Supply Chain Attacks:

"The compromised data is alleged to consist of names and surnames of customers, along with the email address and Iberia Club loyalty card identification numbers." (Steve Prentiss, 00:57)
On Insider and Policy Enforcement:

"This is not an isolated case, and he cites a 2018 instance in which several scientists at a top secret Russian nuclear warhead facility in Sarov were arrested for attempting to use one of the country's most powerful supercomputers to mine Bitcoin." (Steve Prentiss, 06:42)

Timestamps for Major Segments

00:21 – CrowdStrike Insider Leak
00:48 – Iberia (Spanish Airline) Data Breach
01:23 – AI Not Insurable: Industry Pushback
02:38 – Salesforce Data Breach via Gainsight App
03:51 – SonicWall SSL VPN Flaw Discovery
04:47 – Cox Enterprises Oracle E-Business Breach
05:33 – Ransomware attacks on US law enforcement and cities
06:09 – Wind Farm Worker's Crypto Mining Scheme

Overall Language and Tone

The tone is concise, urgent, and fact-focused, reflecting the day’s pressing security headlines.
Steve Prentiss provides journalistic clarity, referencing sources and maintaining impartiality while quickly moving through each segment.

For more details and story links, visit cisoseries.com.

Cyber Security Headlines – Episode Summary

Key Stories and Discussion Points

1. CrowdStrike Insider Incident

Summary:
CrowdStrike confirmed that an insider took and leaked screenshots of internal systems, which surfaced on Telegram. However, they stressed no breach of their systems and no customer data compromise.
Key Insights:
- The company did not disclose which hacker group was behind the incident.
- The breach highlights ongoing insider risk, even for top-tier security firms.
Quote:

"CrowdStrike emphasized that its systems were not breached as a result of this incident and that customers data was not compromised." (Steve Prentiss, 00:33)

2. Spanish Airline (Iberia) Data Breach

Summary:
Iberia faced a data breach stemming from unauthorized access to a supplier’s systems. Exposed data includes customer names, email addresses, and loyalty card numbers.
Key Insights:
- No login credentials or banking data were accessed.
- Customers are urged to watch for suspicious communications.
Quote:

"The airline says customers Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed." (Steve Prentiss, 01:04–01:09)

3. AI: 'Too Risky to Insure'?

Summary:
Major insurers, including AIG, Great American, and W.R. Barclay, are lobbying to exclude AI-related liabilities from corporate policies due to the unpredictability of AI-triggered mass claims.
Key Insights:
- Insurers described AI as a "black box" with the potential for catastrophic, simultaneous losses.
- Several real-world lawsuits and deepfake incidents cited as reasons.
Quote:

"What they can't handle is an agentic AI mishap that triggers 10,000 losses at once." (Steve Prentiss quoting Aon executive, 01:49)
- Notable examples referenced:
  - AI Overview from Google causing a $110M lawsuit.
  - Air Canada forced to honor a chatbot-invented discount.
  - $25M deepfake heist at Arup in Hong Kong.

4. Salesforce Data Breach Involving Third-Party App

Summary:
Salesforce reported suspicious activity tied to Gainsight, a third-party app, not due to any Salesforce platform vulnerability.
Key Insights:
- The breach appears to be part of a trend of attacks by Scattered Spider/Shiny Hunters affiliates.
Quote:

"Salesforce emphasized that there was no indication that the issue resulted from any vulnerability in the Salesforce platform." (Steve Prentiss, 02:52)

5. SonicWall SSL VPN Flaw (CVE, CVSS 7.5)

Summary:
A high-severity buffer overflow flaw in SonicWall’s SSL VPN allows attackers to crash Gen7 and Gen8 firewalls, leading to denial-of-service.
Key Insights:
- Urgent patching recommended.
- No exploitation in the wild yet, but exposure risk remains if SSL VPN is enabled.
Quote:

"SonicWall is urging all customers to apply patches immediately." (Steve Prentiss, 04:18)

6. Cox Enterprises Oracle E-Business Suite Breach

Summary:
Cox Enterprises' network was hacked in August via a zero-day in Oracle E-Business Suite, with the breach only detected in September. The Clop Ransomware gang claims responsibility.
Key Insights:
- Details on specific exposed data remain undisclosed.
Quote:

"No attackers have been named, but the Clop Ransomware gang has taken credit for exploiting a CVE numbered zero day vulnerability long before Oracle released a patch..." (Steve Prentiss, 05:03)

7. Law Enforcement Agencies Hit by Ransomware

Summary:
Cyber incidents impacted Oklahoma’s Cleveland County Sheriff’s Office (ransomware) and the city of Attleboro, Massachusetts, affecting police and city services.
Key Insights:
- Essential services remained operational despite system interruptions.
- Online payment and municipal email service were disrupted.
Quote:

"Officials confirmed that there was no interruption to public safety services or 911 service." (Steve Prentiss, 05:40)

8. Wind Farm Worker Turns Turbines into Crypto Mine

Summary:
A technical manager at Nordex (Dutch wind farm operator) illicitly installed crypto mining rigs at two sites, exploiting company resources just after a Conti ransomware recovery.
Key Insights:
- Repeat offense patterns worldwide: Russian nuclear lab scientists and a Chinese headmaster previously caught mining crypto with organization resources.
- The worker received 120 hours of community service.
Quote:

"A technical manager at the Dutch wind farm operator Nordex has been sentenced to 120 hours of community service after it was discovered that he had secretly installed cryptocurrency mining rigs at two wind farm sites..." (Steve Prentiss, 06:09)

Notable Quotes & Memorable Moments

On AI Insurance Risk:

"These liabilities are described by one underwriter as too much of a black box. The fear, they say, is of thousands of simultaneous claims when a widely used AI model makes a mistake." (Steve Prentiss, 01:37)
On Third-Party Supply Chain Attacks:

"The compromised data is alleged to consist of names and surnames of customers, along with the email address and Iberia Club loyalty card identification numbers." (Steve Prentiss, 00:57)
On Insider and Policy Enforcement:

"This is not an isolated case, and he cites a 2018 instance in which several scientists at a top secret Russian nuclear warhead facility in Sarov were arrested for attempting to use one of the country's most powerful supercomputers to mine Bitcoin." (Steve Prentiss, 06:42)

Timestamps for Major Segments

00:21 – CrowdStrike Insider Leak
00:48 – Iberia (Spanish Airline) Data Breach
01:23 – AI Not Insurable: Industry Pushback
02:38 – Salesforce Data Breach via Gainsight App
03:51 – SonicWall SSL VPN Flaw Discovery
04:47 – Cox Enterprises Oracle E-Business Breach
05:33 – Ransomware attacks on US law enforcement and cities
06:09 – Wind Farm Worker's Crypto Mining Scheme

Overall Language and Tone

The tone is concise, urgent, and fact-focused, reflecting the day’s pressing security headlines.
Steve Prentiss provides journalistic clarity, referencing sources and maintaining impartiality while quickly moving through each segment.

For more details and story links, visit cisoseries.com.

wavePod

CrowdStrike insider catch, Spanish airline breach, AI not insurable

Summary

Cyber Security Headlines – Episode Summary

Key Stories and Discussion Points

1. CrowdStrike Insider Incident

2. Spanish Airline (Iberia) Data Breach

3. AI: 'Too Risky to Insure'?

4. Salesforce Data Breach Involving Third-Party App

5. SonicWall SSL VPN Flaw (CVE, CVSS 7.5)

6. Cox Enterprises Oracle E-Business Suite Breach

7. Law Enforcement Agencies Hit by Ransomware

8. Wind Farm Worker Turns Turbines into Crypto Mine

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Overall Language and Tone

Transcript

Summary

Cyber Security Headlines – Episode Summary

Key Stories and Discussion Points

1. CrowdStrike Insider Incident

2. Spanish Airline (Iberia) Data Breach

3. AI: 'Too Risky to Insure'?

4. Salesforce Data Breach Involving Third-Party App

5. SonicWall SSL VPN Flaw (CVE, CVSS 7.5)

6. Cox Enterprises Oracle E-Business Suite Breach

7. Law Enforcement Agencies Hit by Ransomware

8. Wind Farm Worker Turns Turbines into Crypto Mine

Notable Quotes & Memorable Moments

Timestamps for Major Segments

Overall Language and Tone