Summary5 min read

Cyber Security Headlines

Episode: Cyber laws reprieved, Microsoft screen capture, FBI highlights Akira
Date: November 14, 2025
Host: Steve Prentiss

Overview

This episode delivers a rapid-fire summary of the latest developments in cybersecurity, covering topics from the temporary reinstatement of key US cyber laws to the FBI’s warnings about the Akira ransomware, significant vulnerabilities, corporate responses to ransomware, major law enforcement actions, and new security technology rollouts. Each story highlights changing threat landscapes and evolving defenses.

Main Discussion Points & Insights

1. US Cybersecurity Laws Temporarily Revived

[00:13] The US President signed a government funding bill ending a 43-day shutdown, restoring two major cybersecurity laws through January 30th:
- 2015 Cybersecurity and Infrastructure Security Act
- State and Local Cybersecurity Grant Program
This fix is temporary: “Congress must now find a more permanent fix before another funding deadline.”
- Quote: “Two key cyber laws are back as President signs bill to end shutdown … Congress must now find a more permanent fix.” (Steve Prentiss, 00:13)
Impact: Leaves law enforcement and state/local agencies in limbo until a longer-term solution is found.

2. Microsoft Teams Rolls Out Screen Capture Prevention

[01:09] Microsoft is releasing “Prevent screen capture,” a new premium security feature for Microsoft Teams:
- Blocks screenshots/recordings during meetings (Windows Desktop only).
- Displays a “black rectangle around the meeting window” where not supported.
- Forces audio-only mode for attendees.
- Disabled by default; organizers must enable per meeting.
Significance: Responds to long-standing privacy concerns for sensitive meetings.

3. FBI Ranks Akira Ransomware as a Top 5 US Threat

[02:03] Akira ransomware group highlighted as a “top five” variant by the FBI.
- Active since March 2023, uses double extortion: data theft + encryption.
- Over $244 million extorted, targeting SMBs in manufacturing, education, IT, healthcare, finance, and agriculture.
- Possible ties to the infamous Conti gang.
- FBI notes: “Ransomware overall remains its leading cybercrime threat, with more than 130 active variants attacking US organizations.”
Quote: “Akira … uses double extortion attacks that steal and encrypt data to pressure victims…The FBI ranks Akira amongst its top five most consequential ransomware variants.” (Steve Prentiss, 02:03)

4. Fortinet FortiWeb Critical Flaw Exploited Globally

[02:47] Path traversal vulnerability in FortiWeb is being used to generate unauthorized admin users on internet-exposed devices:
- Fixed in FortiWeb version 8.0.2.
- Exploit observed since October 6; “attacks have increased globally.”
- Exploited by sending HTTP POST requests with payloads for admin access.
Advice: Urgent patching and review of all appliances for evidence of compromise.

5. Checkout.com Refuses Ransom, Donates to Cyber Research

[04:08] After a ransomware incident by Shiny Hunters, payment provider Checkout.com:
- Publicly refused to pay ransom.
- Donated the ransom-equivalent to Carnegie Mellon University and the University of Oxford Cybersecurity Centre.
- CTO Mariano Albera: “takes full responsibility for the security incident and apologized for the circumstances that allowed the breach to happen.” (Steve Prentiss quoting Albera, 04:30)
- Breach cause: Legacy third-party cloud storage not properly decommissioned (last used in 2020+).
Significance: Highlights a defiant, transparent stance and support for the research community.

6. Akira Ransomware Targets Nutanix VMs

[05:12] Akira expands Linux encryptor to attack Nutanix AHV virtual machines:
- Started June 2025 onwards.
- Expands from prior focus on VMware ESXi and HyperV.
- Joint advisory issued by CISA, FBI, DoD Cybercrime Center, HHS.
- Leverages CVE vulnerability in Nutanix’s AHV platform.
Emergence: Represents ransomware’s evolving attacks on virtualization infrastructure.

7. Major Police Operation Ends Three Infamous Cybercrime Tools

[05:51] Authorities from Europe, US, UK & Canada announce Operation Endgame’s third phase:
- Dismantled “RATamanthus” infostealer, “Venom RAT” remote access trojan, and “Elysium” botnet.
- Coincides with arrest in Greece of Venom RAT’s main suspect.
- Impact: “Hundreds of thousands of victims worldwide.”
Law enforcement’s coordinated international response delivers a major blow to cybercriminal toolsets.

8. Washington Post Data Breach Impacts Nearly 10,000 Employees

[06:37] Data theft/extortion from Oracle E-Business Suite used by The Washington Post:
- HR data of 9,720 current/former staffers stolen (names, bank details, SSNs).
- Believed to be the work of the Cl0p ransomware gang.
- Incident occurred September 29.
Reveals rising trend of attacks targeting widely used business platforms and high-profile organizations.

Notable Quotes & Memorable Moments

On ransomware’s pervasiveness:
“Ransomware overall remains its leading cybercrime threat, with more than 130 active variants attacking US organizations.” – Steve Prentiss, 02:35
Transparency in breach response:
"[Checkout.com] takes full responsibility for the security incident and apologized for the circumstances that allowed the breach to happen.” – CTO Mariano Albera (quoted by Steve Prentiss, 04:30)
On global law enforcement action:
“Authorities from numerous European countries, along with Canada, the US and the UK have announced that the takedown affects...hundreds of thousands of victims worldwide with malware.” – Steve Prentiss, 05:59

Key Timestamps

[00:13] - US government shutdown ends; major cyber laws temporarily revived
[01:09] - Microsoft Teams introduces screen capture protection
[02:03] - FBI identifies Akira as top ransomware threat
[02:47] - FortiWeb vulnerability exploited globally
[04:08] - Checkout.com refuses ransom, donates to research
[05:12] - Akira ransomware targets Nutanix VMs
[05:51] - Operation Endgame: Global takedown of cyber tools
[06:37] - Washington Post Oracle data breach

Tone & Language

Steve Prentiss maintains the brisk, matter-of-fact style customary for the CISO Series, emphasizing critical facts with clarity, but also pausing to highlight both the sobering scale of cyber threats and the positive steps being taken by the security community and law enforcement.

Summary

This concise episode spotlights how cybersecurity remains central in US governance, the accelerating arms race between defenders and ransomware actors, emerging risks from software vulnerabilities, and a shift toward bold, transparent risk responses. Notably, both authorities and private sector actors are taking innovative measures—from international police takedowns to philanthropic stances on ransom demands—against a growing tide of sophisticated threats.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Friday, November 14, 2025. I'm Steve Prentiss. Two key cyber laws are back as President signs bill to end shutdown On Wednesday, the President signed a government funding bill that ended the record 43 day government shutdown and which temporarily revives two major cybersecur laws that lapsed at the end of September, being the 2015 Cybersecurity and Infrastructure Security act and the State and Local Cybersecurity grant program through January 30th. Congress must now find a more permanent fix before another funding deadline. Microsoft's Screen capture prevention for Teams users is finally rolling out Microsoft has a new Teams feature for premium customers that will automatically block screenshots and recordings during meetings. This had first been announced in May 2025. Named prevent screen Capture, it restricts access to visual meeting content on Windows Desktop devices. Screenshots will show a black rectangle around the meeting window on platforms that don't support it. Meeting attendees will join in audio only mode. This feature is disabled by default and must be manually enabled by organizers for each meeting via meeting options. FBI calls Akira top 5 ransomware variant out of 130 targeting US businesses Akira, a major ransomware group active since March 2023, uses double extortion attacks that steal and encrypt data to pressure victims. US cyber authorities say the group has earned more than $244 million and mainly targets small and medium sized businesses across manufacturing and education, it, healthcare, finance and agriculture. Akira is linked to several other threat groups and may have ties to the former Conti Gang. The FBI ranks Akira amongst its top five most consequential ransomware variants and notes that ransomware overall remains its leading cybercrime threat, with more than 130 active variants attacking US organizations. Fortinet FortiWeb flaw with public POC exploited to create admin users the FortNet 40 web path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in 40 web 8.0.2 and admins are urged to update as soon as possible and to check for signs of unauthorized access. The threat intelligence company defused spotted the exploitation on October 6 and since then attacks have increased globally. Threat actors are sending HTTP post requests to a specific endpoint on this path, containing payloads that create local admin level accounts on the targeted device. Huge thanks to our sponsor vanta. What's your 2am Security worry? Is it Do I have the right controls in place or are my vendors secure? Or the really scary one? How do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready to all the time. With Vanta, you get everything you need to move faster, scale confidently and get back to sleep. Get started at vanta.com headlines that is V A N T A dot com headlines checkout.com refuses to pay Shiny Hunters ransom, donates the cash to research instead the payment services provider checkout.com having recently been attacked by the Shiny Hunters Ransomware Group, has stated publicly that not only has it refused to pay the ransom, it has instead donated the demanded amount to Carnegie Mellon University and the University of Oxford Cybersecurity Centre to fund cybercrime research. In addition, the company's Chief Technology officer, Mariano Albera, says that his company takes full responsibility for the security incident and apologized for the circumstances that allowed the breach to happen, end quote the company's investigation showed that the criminals had broken into a quote, legacy third party cloud file storage system end quote that wasn't properly decommissioned and was used in 2020 and prior years. Akira Ransomware Linux encryptor targeting Nutanix VMS in further Akira news, a joint advisory from cisa, the FBI, the Department of Defense Cybercrime center and the Department of Health and Human Services is warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. These attacks started in June and continue up to the present. This means the group has expanded beyond VMware, ESXi and hyper V by leveraging a CVE numbered vulnerability. Nutanix's AHV platform is a Linux based virtualization solution that runs and manages virtual machines on Nutanix Mechanics infrastructure. Operation Endgame Police reveal takedowns of three key cybercrime tools Authorities from numerous European countries, along with Canada, the US and the UK have announced that the takedown affects the Ratamanthus Infostealer, the Venom Rat Remote Access Trojan and the elysium botnet. This third phase of Operation Endgame, which started in 2024, focused on these tools, which the authorities say have been responsible for inf infecting hundreds of thousands of victims worldwide with malware. This action also coincides with the recent arrest in Greece of the main suspect behind the venom rat. Washington Post Confirms data Stolen from its Oracle Environment this act of data theft and extortion was performed on the media company's Oracle E business suite, compromising human resources Data on nearly 10,000 current and former employees and contractors, the Post said. It confirmed that the September 29th attack resulted in the theft of personal information on 9,720 people, including names, bank account numbers and routing numbers, and Social Security numbers. The Klopp gang is believed to be behind this attack. Have you set a calendar reminder to join us for the Department of no. On Monday at 4pm? If not, stop this podcast and do it right now if you haven't caught it yet. The Department of Know is your weekly standup to help you kick off your week in cybersecurity and we want you to join us live. Get in on the chat, ask questions of our guests, and have some fun with the rest of our audience. It all happens over on the CISO Series YouTube channel every Monday at 4:00pm Eastern Time. Just subscribe to the channel and join us this Monday to join in on the fun. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[08:06]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.
[08:17]
B
It.