Cyber Security Headlines – November 6, 2025
Host: Sarah Lane, CISO Series
Main Theme: Rapidly evolving threat landscape: AI-adaptive malware, newly exploited vulnerabilities, high-profile incidents, and regulatory news.
1. Google Uncovers PROMPFLUX: AI-Driven Malware
[00:07]
-
Key Discussion:
- Google identified an experimental malware named PROMPFLUX, which leverages the Gemini AI to rewrite and obfuscate its VBScript code in real-time, evading detection.
- The malware queries the Gemini API for new obfuscation instructions, storing revised scripts to persist and move laterally.
- While PROMPFLUX is currently in limited testing and not yet weaponized, it signals a broader trend of threat actors employing AI to create adaptable malware.
-
Insight:
- This discovery highlights a “broader trend of threat actors using AI systems to dynamically adapt malware during execution.”
(Sarah Lane, [00:25])
- This discovery highlights a “broader trend of threat actors using AI systems to dynamically adapt malware during execution.”
2. CISA Warns of Critical CentOS WebPanel Bug
[00:45]
- Key Discussion:
- CISA issued an urgent alert regarding a critical remote code execution (RCE) vulnerability in CentOS WebPanel (CWP), enabling attackers with only a valid username to run arbitrary shell commands.
- Vulnerability exists in all versions before 0.9.8.1204; patch 1205 addresses the issue.
- Federal agencies have until November 25 to patch or discontinue using CWP.
- Flaw linked to unsanitized input in the “file manager change perm endpoint,” allowing for shell injection and reverse shell attacks.
3. New Threat Group Targets Academics and Think Tanks
[01:32]
- Key Discussion:
- Proofpoint identified “Unk Smudge Serpent,” a previously unknown threat group targeting academics and foreign policy experts focused on Iran (June–August).
- Attackers initiated benign email conversations, then switched to credential theft and malware delivery by impersonating think tank staff and using spoofed health-themed infrastructure.
- Tactics overlap with Iranian-linked clusters, but attribution remains uncertain due to insufficient evidence.
4. Operational Technology (OT) Security Risks in Manufacturing
[02:02]
- Key Discussion:
- Despite increased security awareness, manufacturers face ongoing OT risks: legacy systems, complex access points, human error, and integration of cloud/AI tech expand attack surfaces.
- Recent ransomware (e.g., on Asahi) underscores financial and supply chain disruption.
- Security experts urge identity-focused strategies, robust governance, and “full visibility across OT assets” to improve resilience.
5. [Advertisement Skipped]
(ThreatLocker sponsor segment omitted.)
6. Google Advances $32B Acquisition of Wiz
[03:03]
- Key Discussion:
- Google’s $32 billion purchase of cloud security startup Wiz cleared U.S. antitrust review (DOJ), moving toward completion in early 2026.
- Initial $23B offer in 2024 rejected; final deal reached in March 2025 after renegotiation.
- Quote:
- “While the DOJ approval is a milestone, the acquisition is not finalized but expected to close in early 2026.”
(Sarah Lane, [03:25])
- “While the DOJ approval is a milestone, the acquisition is not finalized but expected to close in early 2026.”
7. AMD Bug Undermines Cryptographic Security
[03:40]
- Key Discussion:
- AMD releasing microcode patch for critical bug in Zen 5, Ryzen, Epyc CPUs; flaw in 16/32-bit red seed instruction can return 0 instead of random numbers, undermining cryptographic key generation.
- Exploitable only with local privileges, i.e., attackers must already have significant access.
- Workarounds: use 64-bit red seed or disable the vulnerable instruction.
- Fixes available for Epyc 9005; others expected by January.
8. Capital One Hacker Resentenced
[04:17]
- Key Discussion:
- Federal judge reimposed Paige Thompson’s sentence for the 2019 Capital One breach affecting over 100 million.
- After time served, new sentence includes five years’ supervised release, three years of home confinement, 250 hours community service, and $40.7M restitution.
- Sentence reissued after Ninth Circuit vacated the earlier 2022 sentence.
9. Cyberattack Erodes Marks & Spencer’s Profits
[04:54]
- Key Discussion:
- UK retailer Marks & Spencer suffered a devastating cyberattack (April), causing profits to fall from £391.9M to just £3.4M.
- Attack closed the website, disrupted systems, and led to inventory/food waste; direct cost was £1.6M, partially offset by £100M in insurance.
- Linked to the “Scattered Lapsus Hunters” gang, which also targeted Co-op, Harrods, and Jaguar Land Rover.
- Quote:
- “How much does a cyber attack affect the bottom line? Well, a dramatic example is UK retailer Marks & Spencer...”
(Sarah Lane, [05:08])
- “How much does a cyber attack affect the bottom line? Well, a dramatic example is UK retailer Marks & Spencer...”
10. WordPress Plugin Vulnerability Affects 400K+ Sites
[05:50]
- Key Discussion:
- POST SMTP plugin, used by over 400,000 sites, has a critical flaw—missing capability checks allow unauthenticated password resets (even for admins), enabling total site takeover.
- Exploitation began Nov 1; over 4,500 attacks blocked so far.
- Version 3.6.1 released October 29 fixes the issue—users advised to update immediately amid ongoing attack campaigns.
11. Security Principle in the Spotlight: “Is Least Privilege Dead?”
[06:32]
- Key Discussion:
- Brief mention of the enduring challenge in implementing the principle of “least privilege” in real-world environments.
- Teaser for deeper analysis in the latest Defense in Depth podcast:
- “Despite being around for decades, everyone still seems to be struggling with it. So if we can't realize this principle, is it worth chasing in the first place?”
(Sarah Lane, [06:37])
- “Despite being around for decades, everyone still seems to be struggling with it. So if we can't realize this principle, is it worth chasing in the first place?”
Notable Quotes & Memorable Moments
-
On AI Malware Evolution:
- “The discovery reflects a broader trend of threat actors using AI systems to dynamically adapt malware during execution.”
(Sarah Lane, [00:25])
- “The discovery reflects a broader trend of threat actors using AI systems to dynamically adapt malware during execution.”
-
On Cyberattack Impact:
- “How much does a cyber attack affect the bottom line? Well, a dramatic example is UK retailer Marks & Spencer, whose pre tax profits fell from 391.9 million pounds to 3.4 million pounds after an April attack...”
(Sarah Lane, [05:08])
- “How much does a cyber attack affect the bottom line? Well, a dramatic example is UK retailer Marks & Spencer, whose pre tax profits fell from 391.9 million pounds to 3.4 million pounds after an April attack...”
-
On Least Privilege:
- “Despite being around for decades, everyone still seems to be struggling with it. So if we can't realize this principle, is it worth chasing in the first place?”
(Sarah Lane, [06:37])
- “Despite being around for decades, everyone still seems to be struggling with it. So if we can't realize this principle, is it worth chasing in the first place?”
Summary Table: Key Segments and Timestamps
| Segment | Timestamp | |-----------------------------------------------|------------| | PROMPFLUX AI-Driven Malware | 00:07 | | CentOS WebPanel Bug Alert | 00:45 | | New Threat Group Attacks Academics | 01:32 | | OT Security Risks in Manufacturing | 02:02 | | Google-Wiz $32B Acquisition | 03:03 | | AMD Cryptography Bug | 03:40 | | Capital One Hacker Resentenced | 04:17 | | Marks & Spencer Cyberattack Losses | 04:54 | | WordPress POST SMTP Critical Flaw | 05:50 | | The Fate of Least Privilege | 06:32 |
For more details or to revisit any headline, check out CISOseries.com.