Cyber Security Headlines – September 19, 2025
Host: Steve Prentiss (CISO Series)
Episode Focus:
This episode delivers concise updates on the latest cybersecurity incidents and trends, including Google patching a critical Chrome zero-day, Microsoft forcing installation of its Copilot app, notable arrests in the Scattered Spider hacking group, and broader topics related to data privacy, infrastructure vulnerabilities, and the environmental impact of cloud computing.
Key Discussion Points & Insights
1. Google Patches Sixth Chrome Zero-Day of the Year
- Summary:
Google has released an emergency security update to patch the sixth Chrome zero-day exploitable vulnerability so far in 2025.- The flaw, a type confusion issue in the V8 JavaScript and WebAssembly engine, has been actively exploited since early in the year (CVE number not specified in the episode).
- Google’s Threat Analysis Group confirmed the existence of a public exploit, typically signaling ongoing in-the-wild exploitation.
- Notable Quote:
“Emergency security updates were released to patch this sixth one, which has been active since the start of the year.” – Steve Prentiss [00:08]
2. Microsoft 365 Copilot App: Forced Installation Coming in October
- Summary:
Microsoft will automatically install the Microsoft 365 Copilot app on Windows devices outside the European Economic Area starting in October, provided they have the Microsoft 365 desktop apps.- Admins are encouraged to proactively inform help desks and users to reduce confusion.
- The app will appear in the Windows Start menu and be enabled by default, though admins can opt out via the admin center.
- Notable Quote:
“The company is advising admins to notify their organization’s help desk teams and users before the app is forcibly installed on their devices to reduce confusion and support requests.” – Steve Prentiss [00:34]
3. Scattered Spider: Two More Teen Suspects Arrested
- Summary:
Two teenagers, aged 18 and 19, have been arrested in connection with the cyber attack on Transport for London last year.- The eldest is also suspected of attempts against US healthcare firms SSM Healthcare Corporation and Sutter Health.
- Charges were brought under the UK’s Computer Misuse Act and announced by Britain’s National Crime Agency.
- Notable Quote:
“The elder of the two may also have been involved in attempted attacks against US healthcare companies.” – Steve Prentiss [01:06]
4. ChatGPT Data Theft: Shadow Leak Attack
- Summary:
Web security researchers at Radware unveiled a server-side data theft attack named “Shadow Leak” targeting ChatGPT’s deep research feature.- The exploit leveraged a specially crafted email; no user interaction required.
- The malicious email instructed the agent to collect sensitive data and transmit it to the attacker.
- OpenAI addressed the vulnerability after being notified.
- Notable Quote:
“It simply sent a specially crafted email that instructed the Deep Research agent to silently collect valuable data and send it back to the attacker.” – Steve Prentiss [01:39]
5. WatchGuard: Critical Vulnerability in Firebox Firewalls
- Summary:
WatchGuard issued security updates to patch a remote code execution vulnerability impacting Firebox firewalls running Fireware OS 11X and some 12 series.- Caused by an out-of-bounds write weakness.
- Only vulnerable if using a certain VPN configuration, but a residual risk exists for sites with static gateway peers.
- Notable Quote:
“While Firebox firewalls are only vulnerable…if they are configured to use a specific VPN, WatchGuard said that they may still be at risk of compromise if a branch office VPN to a static gateway peer is still configured.” – Steve Prentiss [03:15]
6. Russian Ransomware: Multi-Version Malware Loader Emerges
- Summary:
Silent Push researchers have detected “Count Loader,” a malware loader used by Russian ransomware gangs such as LockBit, Black Basta, and Qilin.- Loader comes in .NET, PowerShell, and JavaScript flavors.
- Targeted phishing campaigns, notably against Ukrainians, frequently impersonate the National Police of Ukraine via fake PDFs.
- Notable Quote:
“Researchers say it is deployed either by initial access brokers or ransomware affiliates linked to LockBit…but Black, Basta, and Qilin.” – Steve Prentiss [03:57]
7. Cloudflare’s September 12 Outage: Root Cause Revealed
- Summary:
Cloudflare attributed its recent outage to a React coding error involving misuse of auseEffecthook.- The error caused unnecessary API calls, which led to the company effectively DDoSing itself.
- Outage disrupted the platform’s dashboard and many APIs for over an hour.
- Notable Quote:
“The consequence was that the hook ran repeatedly during a single render…the function ran so often that the API was overloaded, causing the outage.” – Steve Prentiss [04:38]
“…the company to DDoS itself.” – Steve Prentiss [05:02]
8. Google's New UK Data Center: Environmental Concerns
- Summary:
Google’s planned Thurrock Hyperscale Data Center in Essex, England, has drawn criticism due to its projected carbon footprint, estimated at over half a million tons of CO₂ annually—equivalent to 500 short-haul flights per week.- The issue underscores the growing environmental impact of data centers, particularly as AI workloads scale up.
- Notable Quote:
“A topic we don’t talk much about in the world of cybersecurity and data but one that still exists is the amount of CO₂ that data centers produce…” – Steve Prentiss [05:19]
Notable Quotes & Memorable Moments
- “Google patches sixth Chrome zero day exploited in attacks this year.” – Steve Prentiss [00:08]
- “Microsoft to force install the Microsoft 365 copilot app in October.” – Steve Prentiss [00:32]
- “Two more Scattered Spider teen suspects arrested…” – Steve Prentiss [01:05]
- “ChatGPT targeted in server-side data theft attack.” – Steve Prentiss [01:36]
- “Cloudflare explains self-own in September 12 outage.” – Steve Prentiss [04:38]
- “…amount of CO₂ that data centers produce…a number destined to increase significantly as AI becomes more ubiquitous.” – Steve Prentiss [05:21]
Timestamps for Important Segments
- 00:08 — Google Chrome zero-day patch
- 00:32 — Microsoft Copilot forced installation
- 01:05 — Scattered Spider arrests
- 01:36 — ChatGPT Shadow Leak attack
- 03:15 — WatchGuard Firebox firewall vulnerability
- 03:57 — Russian ransomware loader
- 04:38 — Cloudflare outage explanation
- 05:19 — Google’s UK data center environmental impact
Conclusion
This episode brings essential news for cybersecurity professionals, highlighting new vulnerabilities, law enforcement actions, and emerging trends in malware and infrastructure risks.
- Google and WatchGuard respond quickly to critical vulnerabilities.
- Enterprises should prepare for forced deployments of tools like Copilot.
- Environmental impact from continued AI and data growth receives overdue attention.
For full details and extended articles, listeners are directed to visit CISOseries.com.