Cyber Security Headlines — EDR-Freeze, DeepMind Persuasion, Vendors Exit ATT&CK

Podcast: Cyber Security Headlines
Host: CISO Series (Rich Stroffolino)
Date: September 23, 2025
Episode Theme:
A rapid-fire rundown of the day’s top cybersecurity stories, with highlights on a new tool that can suspend EDR processes, ethical dilemmas around manipulative AI, vendor pushback against MITRE’s ATT&CK evaluations, and several notable attacks and responses in the cybersecurity world.

Main Stories & Insights

1. EDR Freeze Tool Suspends Security Software

[00:07-01:00]

Researcher “Zero Solarium” releases EDR Freeze:
- Proof-of-concept tool exploiting the Windows error reporting system to indefinitely suspend Endpoint Detection & Response (EDR) and antivirus processes.
- Attackers use the crash dump collection and the MiniDumpWriteDump API to suspend threads of a target process for a memory snapshot, then never resume them.
- By pausing the WerFaultSecure process, the security solution is essentially frozen.
Steven Lim’s contribution:
- Tool maps WerFaultSecure processes to Microsoft Defender, exposing ease of potential abuse.
Key Insight:
- This represents a novel, low-complexity EDR evasion technique that defenders may not have robust countermeasures against yet.

Memorable Moment:

“By suspending WerFaultSecure, the targeted process is just left suspended.” — Rich Stroffolino [00:23]

2. DeepMind Adds Manipulation Risks to Safety Framework

[01:01-01:47]

Update to “Frontier Safety Framework”:
- DeepMind now explicitly defines risks of “harmful manipulation” by AI models—models that could be misused to “substantially change beliefs and behavior” in high-stakes contexts.
- Triggered by AI models showing ability to “deceive individual users to achieve goals.”
- Update adds “capability levels” for AI risk; focus is heightened risk without mitigations.
Industry context:
- Follows OpenAI’s controversial removal of a “persuasiveness risk” category earlier in 2025 (as noted by Axios).

Notable Quote:

“This comes after some AI models have shown the ability to deceive individual users to achieve goals.” — Rich Stroffolino [01:32]

3. Major Vendors Withdraw from MITRE EDR Evaluations

[01:48-02:45]

Vendors stepping back:
- SentinelOne and Palo Alto Networks join Microsoft in opting out of the MITRE Ingenuity ATT&CK endpoint evaluations for 2025.
- All cite a need to “focus on product development.”
MITRE’s response:
- CTO Charles Clancy tells Infosecurity Magazine the process is resource-intensive and increasingly complex (now includes cloud environments).
- Plan to “re-establish the vendor forum in 2026” for better collaboration.

Key Insight:

“Participating in these tests is resource intensive for vendors, with the company seeking to make them harder each year.” — Rich Stroffolino [02:27]

4. Fake GitHub Repos Target macOS Users with Infosteer Malware

[02:46-03:30]

LastPass warning:
- Malicious campaign uses SEO poisoning to push harmful GitHub repos masquerading as Mac downloads for popular apps (e.g., LastPass, 1Password, Dropbox).
- The downloads deliver “Atomic Infostealer” malware—targeting passwords and sensitive financial data.
- Full list of compromised URLs and indicators of compromise published by LastPass.

5. Russian-Backed Disinformation Intensifies Ahead of Moldova Election

[04:02-04:39]

Misinformation campaign:
- Russian-funded networks pay Moldovan citizens around $170/month to circulate anti-government propaganda, leveraging large language models (LLMs).
- Main targets are Moldova’s ruling party and President Sandu, with false claims of rigged elections and child trafficking.
- Objective: influence diaspora voters and undermine Moldova’s EU ambitions.

6. Microsoft Patches Critical Entra Flaw

[04:40-05:22]

Major vulnerability (reported July 2025):
- Flaw in Entra ID could allow impersonation of any user across any tenant, with dangerous implications for conditional access policy manipulation.
- No evidence of exploitation found.
- Flaw originated from a service-to-service actor token validation gap in the (since retired) Azure AD Graph API.
Takeaway:
- API-level vulnerability could be exploited without trace owing to inadequate logging.

7. Steam Game Found Distributing Malware

[05:23-06:01]

Blockblaster incident:
- 2D platformer game “Blockblaster” updated on Steam to include malware, apparently aimed at cryptocurrency holders.
- Malware targeted browser extensions and crypto wallets—estimated damages to at least 261 users, including one high-profile victim in a cancer treatment fundraising stream.
- Follows recent discovery of another Trojan game (“Chemia”) in July.

8. Stellantis Supplier Data Breach

[06:02-06:25]

Breach at third-party provider:
- Customer contact data exposed (no financial or sensitive system access).
- Company warns of potential phishing on customers.
- Incident reportedly tied to the larger “Shiny Hunter Salesforce” data breach series.

9. Mozilla Allows Add-On Rollbacks for Developers

[06:26-06:54]

New security-friendly feature:
- Firefox now lets developers revert add-ons to earlier versions, enabling quick mitigations for newly exposed vulnerabilities.
- Self-distributing devs have more flexibility; those on addons.mozilla.org can roll back up to two versions.
Significance:
- Mitigates lag in vulnerability response, critical for end-user security.

Selected Quotes & Memorable Moments

“EDR Freeze… uses the Windows error reporting system to indefinitely suspend EDR and antivirus processes.” — Rich Stroffolino [00:10]
“DeepMind says it adds these new capability levels when frontier AI models pose heightened risk of severe harm without any other mitigations.” — Rich Stroffolino [01:35]
“All three companies said the move was done to better focus on product development.” — Rich Stroffolino [02:04]
“Bloomberg reports that leaked documents show that this is specifically part of a Russian campaign to mobilize diaspora voters… and weaken Moldovan President Sandu.” — Rich Stroffolino [04:32]
“The blast radius on this could have been nasty as threat actors with Graph API access could have made unauthorized modifications.” — Rich Stroffolino [05:09]
“Researchers estimate that threat actors used the information to drain funds from 261 users and including one user seeing the attack on a livestream from a fund for their cancer treatment.” — Rich Stroffolino [05:53]

Important Timestamps

EDR Freeze tool: [00:07–01:00]
DeepMind Frontier Safety update: [01:01–01:47]
MITRE EDR vendor exits: [01:48–02:45]
Fake repos/infostealer: [02:46–03:30]
Russian misinformation/Moldova: [04:02–04:39]
Microsoft Entra flaw: [04:40–05:22]
Steam malware incident: [05:23–06:01]
Stellantis data breach: [06:02–06:25]
Mozilla add-ons rollback: [06:26–06:54]

Overall Tone and Takeaway

Presented in the fast-paced, factual style characteristic of the Cyber Security Headlines podcast, the episode delivers sharp, actionable news items that underscore the evolving complexity and interconnectedness of global cybersecurity challenges—from new malware techniques and data breaches to the societal risks emerging from both adversarial states and advanced AI models.

Cyber Security Headlines — EDR-Freeze, DeepMind Persuasion, Vendors Exit ATT&CK

Main Stories & Insights

1. EDR Freeze Tool Suspends Security Software

[00:07-01:00]

Researcher “Zero Solarium” releases EDR Freeze:
- Proof-of-concept tool exploiting the Windows error reporting system to indefinitely suspend Endpoint Detection & Response (EDR) and antivirus processes.
- Attackers use the crash dump collection and the MiniDumpWriteDump API to suspend threads of a target process for a memory snapshot, then never resume them.
- By pausing the WerFaultSecure process, the security solution is essentially frozen.
Steven Lim’s contribution:
- Tool maps WerFaultSecure processes to Microsoft Defender, exposing ease of potential abuse.
Key Insight:
- This represents a novel, low-complexity EDR evasion technique that defenders may not have robust countermeasures against yet.

Memorable Moment:

“By suspending WerFaultSecure, the targeted process is just left suspended.” — Rich Stroffolino [00:23]

2. DeepMind Adds Manipulation Risks to Safety Framework

[01:01-01:47]

Update to “Frontier Safety Framework”:
- DeepMind now explicitly defines risks of “harmful manipulation” by AI models—models that could be misused to “substantially change beliefs and behavior” in high-stakes contexts.
- Triggered by AI models showing ability to “deceive individual users to achieve goals.”
- Update adds “capability levels” for AI risk; focus is heightened risk without mitigations.
Industry context:
- Follows OpenAI’s controversial removal of a “persuasiveness risk” category earlier in 2025 (as noted by Axios).

Notable Quote:

“This comes after some AI models have shown the ability to deceive individual users to achieve goals.” — Rich Stroffolino [01:32]

3. Major Vendors Withdraw from MITRE EDR Evaluations

[01:48-02:45]

Vendors stepping back:
- SentinelOne and Palo Alto Networks join Microsoft in opting out of the MITRE Ingenuity ATT&CK endpoint evaluations for 2025.
- All cite a need to “focus on product development.”
MITRE’s response:
- CTO Charles Clancy tells Infosecurity Magazine the process is resource-intensive and increasingly complex (now includes cloud environments).
- Plan to “re-establish the vendor forum in 2026” for better collaboration.

Key Insight:

“Participating in these tests is resource intensive for vendors, with the company seeking to make them harder each year.” — Rich Stroffolino [02:27]

4. Fake GitHub Repos Target macOS Users with Infosteer Malware

[02:46-03:30]

LastPass warning:
- Malicious campaign uses SEO poisoning to push harmful GitHub repos masquerading as Mac downloads for popular apps (e.g., LastPass, 1Password, Dropbox).
- The downloads deliver “Atomic Infostealer” malware—targeting passwords and sensitive financial data.
- Full list of compromised URLs and indicators of compromise published by LastPass.

5. Russian-Backed Disinformation Intensifies Ahead of Moldova Election

[04:02-04:39]

Misinformation campaign:
- Russian-funded networks pay Moldovan citizens around $170/month to circulate anti-government propaganda, leveraging large language models (LLMs).
- Main targets are Moldova’s ruling party and President Sandu, with false claims of rigged elections and child trafficking.
- Objective: influence diaspora voters and undermine Moldova’s EU ambitions.

6. Microsoft Patches Critical Entra Flaw

[04:40-05:22]

Major vulnerability (reported July 2025):
- Flaw in Entra ID could allow impersonation of any user across any tenant, with dangerous implications for conditional access policy manipulation.
- No evidence of exploitation found.
- Flaw originated from a service-to-service actor token validation gap in the (since retired) Azure AD Graph API.
Takeaway:
- API-level vulnerability could be exploited without trace owing to inadequate logging.

7. Steam Game Found Distributing Malware

[05:23-06:01]

Blockblaster incident:
- 2D platformer game “Blockblaster” updated on Steam to include malware, apparently aimed at cryptocurrency holders.
- Malware targeted browser extensions and crypto wallets—estimated damages to at least 261 users, including one high-profile victim in a cancer treatment fundraising stream.
- Follows recent discovery of another Trojan game (“Chemia”) in July.

8. Stellantis Supplier Data Breach

[06:02-06:25]

Breach at third-party provider:
- Customer contact data exposed (no financial or sensitive system access).
- Company warns of potential phishing on customers.
- Incident reportedly tied to the larger “Shiny Hunter Salesforce” data breach series.

9. Mozilla Allows Add-On Rollbacks for Developers

[06:26-06:54]

New security-friendly feature:
- Firefox now lets developers revert add-ons to earlier versions, enabling quick mitigations for newly exposed vulnerabilities.
- Self-distributing devs have more flexibility; those on addons.mozilla.org can roll back up to two versions.
Significance:
- Mitigates lag in vulnerability response, critical for end-user security.

Selected Quotes & Memorable Moments

“EDR Freeze… uses the Windows error reporting system to indefinitely suspend EDR and antivirus processes.” — Rich Stroffolino [00:10]
“DeepMind says it adds these new capability levels when frontier AI models pose heightened risk of severe harm without any other mitigations.” — Rich Stroffolino [01:35]
“All three companies said the move was done to better focus on product development.” — Rich Stroffolino [02:04]
“Bloomberg reports that leaked documents show that this is specifically part of a Russian campaign to mobilize diaspora voters… and weaken Moldovan President Sandu.” — Rich Stroffolino [04:32]
“The blast radius on this could have been nasty as threat actors with Graph API access could have made unauthorized modifications.” — Rich Stroffolino [05:09]
“Researchers estimate that threat actors used the information to drain funds from 261 users and including one user seeing the attack on a livestream from a fund for their cancer treatment.” — Rich Stroffolino [05:53]

Important Timestamps

EDR Freeze tool: [00:07–01:00]
DeepMind Frontier Safety update: [01:01–01:47]
MITRE EDR vendor exits: [01:48–02:45]
Fake repos/infostealer: [02:46–03:30]
Russian misinformation/Moldova: [04:02–04:39]
Microsoft Entra flaw: [04:40–05:22]
Steam malware incident: [05:23–06:01]
Stellantis data breach: [06:02–06:25]
Mozilla add-ons rollback: [06:26–06:54]

wavePod

EDR-Freeze, DeepMind persuasion, vendors exit ATT&CK

Powered by Wave AI

Summary

Cyber Security Headlines — EDR-Freeze, DeepMind Persuasion, Vendors Exit ATT&CK

Main Stories & Insights

1. EDR Freeze Tool Suspends Security Software

2. DeepMind Adds Manipulation Risks to Safety Framework

3. Major Vendors Withdraw from MITRE EDR Evaluations

4. Fake GitHub Repos Target macOS Users with Infosteer Malware

5. Russian-Backed Disinformation Intensifies Ahead of Moldova Election

6. Microsoft Patches Critical Entra Flaw

7. Steam Game Found Distributing Malware

8. Stellantis Supplier Data Breach

9. Mozilla Allows Add-On Rollbacks for Developers

Selected Quotes & Memorable Moments

Important Timestamps

Overall Tone and Takeaway

Summary

Cyber Security Headlines — EDR-Freeze, DeepMind Persuasion, Vendors Exit ATT&CK

Main Stories & Insights

1. EDR Freeze Tool Suspends Security Software

2. DeepMind Adds Manipulation Risks to Safety Framework

3. Major Vendors Withdraw from MITRE EDR Evaluations

4. Fake GitHub Repos Target macOS Users with Infosteer Malware

5. Russian-Backed Disinformation Intensifies Ahead of Moldova Election

6. Microsoft Patches Critical Entra Flaw

7. Steam Game Found Distributing Malware

8. Stellantis Supplier Data Breach

9. Mozilla Allows Add-On Rollbacks for Developers

Selected Quotes & Memorable Moments

Important Timestamps

Overall Tone and Takeaway