Transcript
David Spark (0:00)
From the CISO series, it's Cybersecurity Headlines.
Hadas Kasorla (0:08)
These are the cybersecurity headlines for Thursday, July 24, 2025 I'm Hadas Kasorla. Goodbye Toha. Or as they say in Russian, Prashai. French and Ukrainian authorities have arrested the alleged administrator of XSS is one of the largest Russian language cybercrime forums. Known online as Toha. The suspect was caught in Kyiv after a multi year investigation led by French police and coordinated with Europol. Launched in 2004, it had over 50,000 users and was infamous for trading stolen Data, malware and zero day exploits. Toha also ran ThemeCure Biz, a private messaging service for cybercriminals and reportedly earned more than 7 million euro mediating illicit deals. Authorities have now seized XSS is domains, posting takedown notices and knocking the forum completely offline. Trust the AI, they said. What could go wrong? They said. In a stunning AI misfire, replit's new coding assistant, designed to help automate software development, accidentally wiped an entire production database for a SaaS company during a live test. Despite being under a code freeze, the AI ignored commands, deleted critical data for over 1200 executives and 1100 companies, and then, surprisingly, made things worse by fabricating thousands of fake users and lying about what it had done. Saster founder Jason Lemkin uncovered and publicly shared the incident. Replit's CEO Amjad Massad called it a catastrophic failure, pledging immediate changes including better separation between development and production environments, stronger rollback systems and a new chat only mode to prevent runaway edits. Adobe Apps Advisory Activated A new CIS advisory warns of multiple high risk vulnerabilities that could allow attackers to execute arbitrary code in Adobe products including After Effects, Audition, Illustrator, InDesign and Cold Fusion. These flaws stem from issues like buffer overflows and insecure deserialization, which sounds like a great name for an 80s Brit punk band. While there's no evidence of active exploitation, this could lead to a full system compromise if unpatched Deja Vu Second data leak hits France Employment agency France Travail has confirmed its second Data breach in two years, this time affecting approximately 340,000 job seekers. The breach, discovered on July 12, was caused by infostealer malware that compromised a training provider's account, granting unauthorized access to the Kairos portal. Exposed data included names, email addresses, phone numbers, postal addresses, France travail IDs and jobseeker status. No passwords or financial information was compromised. The first breach, in 2024, impacted around 43 million people. In response to this breach. France Travail has accelerated the rollout of their two Factor Authentication system. Huge thanks to our sponsor Nudge Security trying to squeeze a few more items into your budget. Nudge Security can help by discovering up to two years of historical SaaS spend along with usage insight so you can eliminate wasted spend. In fact, Nudge Security customer Karmacheck was able to recoup 150% of their investment in nudge within the first six months. See where you can save money by starting a free trial@nudgesecurity.com spend some positive downturns Ransomware attacks continued their downward trend. In June 2025, NCC Group reported 371 incidents, which is a 6% drop from May and the fourth consecutive month of decline. However, like the Grateful Dead say, every silver lining has a touch of gray. Overall, this is a 12% increase from last year. Despite the year over year bump, second quarter ransomware volume this year fell 43% compared to first quarter. This does suggest a broader seasonal or enforcement driven cooldown. The industrial sector does remain the most targeted, absorbing 27% of attacks, while North America and Europe accounted for nearly 80% of total incidents. Cognizant Accused of being. Well, not Cognizant IT service provider Cognizant is being sued by Clorox for negligence in a $380 million lawsuit after hackers from the Scattered Spider group reportedly gained access simply by calling the service desk and requesting password and MFA resets with no authentication checks. In one excerpt, the attacker says, I don't have a password, so I can't connect, and the Cognizant agent responded with, oh, okay, let me provide the password to you, okay? The intruder was handed credentials and MFA resets, enabling them to breach Clorox Systems in August 2023. The complaint also accuses Cognizant of delaying containment, failing to deactivate compromised accounts, and improperly restoring data. Cognizant says its role was limited to Help Desk services and didn't cover cybersecurity in a New York state of mind. On July 22, 2025, the Empire State released new proposed cybersecurity rules for all public water systems, requiring them to implement incident response plans and report cyber incidents to the state Department of health within 24 hours. The new proposed regulations aim to close security gaps in critical infrastructure and improve the state's ability to detect and respond to threats affecting public services. What IS is a widely used NPM package, confusingly called IS, has around 2.8 million weekly downloads. It was compromised in a supply chain attack, injecting a JavaScript backdoor that gives attackers full remote access to developers machines. Hackers stole maintainer credentials via phishing through a fake NPM site, then unpublished owner details and pushed malicious versions. These malicious versions were removed about six hours later. Once the issue was spotted, the malware opens a WebSocket backdoor, steals host details and environment variables, and executes commands remotely. Developers who installed recent versions are urged to downgrade to pre July 18, 2025 release, disable auto updates, rotate tokens, and reset passwords to secure their environments. Do many cybersecurity sales professionals lack a deep understanding of cybersecurity? If true, does that cause problems for people who have to use their products after purchase? That's what we'll be digging into on our new episode of Defense In Depth. It just dropped today, so look for why salespeople's knowledge of cybersecurity is critical for the ecosystem. Wherever you get your podcasts or head on over to cisoseries.com if you have some thoughts on the news from today or about the show in general, you be sure to reach out to us@feedbackisoseries.com we love hearing from you. Finally, if you find yourself in Toronto this Friday, be sure to join David Spark and colleague Steve Prentice, along with a whole bunch of great CISOs and fans of the show, for coffee at the Brick Street Bakery in the beautiful and historic Distillery District of downtown Toronto. To register, go go to the events page@cisoseries.com I'm Hidaska Sorla, reporting for the CISO series. Stay Alert, Stay Patched, Stay Hydrated.