Cyber Security Headlines – October 24, 2025

Host: Steve Prentiss, CISO Series
Main Theme: Key cybersecurity incidents and issues spanning cloud exploits, nation-state cyber operations, emerging tech work culture shifts, major service outages, and governmental legal responses.

Episode Overview

This episode offers a rapid-fire roundup of the day's most significant cybersecurity news, including:

The emergence of the "Jingle Thief" exploit targeting cloud environments in retail
North Korean Lazarus Group attacks on European defense companies
The rise of the intense 72-hour workweek in deep tech
Microsoft's survey about bringing Copilot AI to Exchange Server
A technical deep-dive into Amazon Web Services’ DNS outage
A massive uptick in smishing attacks
New cyber incidents affecting U.S. regional governments
Political pressure in the UK for urgency on cyber legislation

Key Discussion Points & Insights

1. Jingle Thief Exploit: Gift Card Theft via Cloud Attacks

[00:06-01:50]

Nature of Attack: Jingle Thief group is actively targeting cloud environments used by retail and consumer service organizations, focusing on gift card systems.
Tactics: Utilizes phishing and smishing (SMS phishing) to steal credentials. Once inside, conducts long-term reconnaissance, lateral movement, and stealthy operations for up to a year.
Attribution: Linked to Atlas Lion and Storm 0539 groups.
Quote:

“…maintains footholds within compromised organizations for extended periods up to a year, conducting extensive reconnaissance to map the cloud environment, moving laterally across the cloud and taking steps to sidestep detection.”
— Steve Prentiss [00:38]

2. Lazarus Group Targets European Defense with Operation Dream Job

[01:51-02:33]

Incident: North Korean threat actors (Lazarus) compromised three European defense firms (UAV developers) using fake job offers to lure staff.
Technique: Posing as recruiters for "high-profile roles," a recurring Lazarus tactic.
Discovery: ESET identified the campaign but has not detailed its full impact yet.
Quote:

“This headhunting approach is a typical technique for Lazarus, in which their agents pose as recruiters and approach employees at organizations of interest with job offers for a high-profile role.”
— Steve Prentiss [02:13]

3. Tech Sector Eyes 72-Hour Workweek (996) in the U.S.

[02:34-03:09]

Trend: US deep tech startups (AI, semiconductors, quantum) are adopting the "996" work culture (9am-9pm, six days a week) already prevalent in China.
Implication: Some startups make acceptance of the 996 schedule a condition for hiring.
Quote:

“Many startups in the US are asking prospective employees if they are willing to commit to the 996 approach and to get the job, the answer needs to be an unequivocal yes.”
— Steve Prentiss [02:58]

4. Microsoft Surveys Admins on Copilot for Exchange Server

[03:10-03:57]

Announcement: Microsoft is asking Exchange Server admins about enabling its AI assistant, Copilot, for on-premises use, which would require sending some data to the cloud.
Concerns: Data privacy, regulatory compliance, and the ability to isolate data are at the forefront.
Key Capabilities Sought: Email summarization, monitoring server health, compliance assurances.
Quote:

“...what requirements are non negotiable such as regulatory compliance, data boundary assurances, admin defined restrictions and complete Internet disconnection.”
— Steve Prentiss [03:46]

5. AWS DNS Outage: DNS Race Condition Identified

[04:25-05:30]

Incident: Last Monday’s AWS US East 1 region outage due to a DNS race condition in DynamoDB’s DNS management.
Technical Details: Empty DNS records were created by a latent defect. This prevented EC2 servers (droplets) from obtaining leases, impacting state changes.
Quote:

“The cause of that DNS failure has now been revealed as a race condition in DynamoDB's automated DNS management system that left an empty DNS record for the service's regional endpoint.”
— Steve Prentiss [04:44]

6. Surge in Smishing Triad Campaigns

[05:31-06:21]

Findings: Researchers highlight a vast, Chinese-managed text phishing (smishing) campaign named Smishing Triad, involving almost 195,000 malicious domains.
Operation: Decentralized, using text lures for personal and financial info; impersonates banks, healthcare, law enforcement.
Scope: Two-thirds of domains registered via Hong Kong-based Dominet Limited, with hosts in the US, China, Singapore.
Quote:

“The fake sites impersonate trusted organizations across industries like finance, healthcare, ecommerce and law enforcement, making the campaign one of the most widespread smishing operations to date.”
— Steve Prentiss [06:14]

7. Wave of Cyber Incidents in U.S. Local Governments

[06:22-07:02]

Victims: Coffman County (TX), La Verne (TN), DeKalb County (IN), and Chester County Library System (PA).
Impacts: Outages affected courthouse systems, city operations, and library services; emergency systems mostly unaffected.
Quote:

“Coffman County, a suburb outside of Dallas, announced a cyber attack that was discovered on Monday, taking down several county systems, including the county courthouse, but not the sheriff’s office or emergency services.”
— Steve Prentiss [06:32]

8. UK Cyber Law Delays Draw Criticism

[07:03-07:50]

Issue: Opposition MPs criticize government for delayed introduction of new cybersecurity laws, especially in wake of recent attacks on major UK brands.
Calls for Action: Parliament may use the "10 minute rule motion" to press for overhaul, mainly as a campaign rather than direct lawmaking.
Quote:

“Describing the process as operating at a glacial pace, Members of Parliament are proposing the little used 10 minute rule motion to call for an overhaul of how the UK handles ransomware attacks.”
— Steve Prentiss [07:31]

Notable Quotes & Memorable Moments

“...maintains footholds within compromised organizations for extended periods up to a year…” [00:38]
“This headhunting approach is a typical technique for Lazarus…” [02:13]
“...the answer needs to be an unequivocal yes.” (re: deep tech work culture) [02:58]
“The cause of that DNS failure has now been revealed as a race condition in DynamoDB’s automated DNS management system...” [04:44]
“...making the campaign one of the most widespread smishing operations to date.” [06:14]

Important Timestamps

Jingle Thief Exploit: [00:06–01:50]
Lazarus Group – Operation Dream Job: [01:51–02:33]
Deep Tech 72-Hour Workweek: [02:34–03:09]
Microsoft Copilot for Exchange: [03:10–03:57]
AWS DNS Race Condition Outage: [04:25–05:30]
Smishing Triad Surge: [05:31–06:21]
US Local Government Cyber Attacks: [06:22–07:02]
UK Cyber Law Delays: [07:03–07:50]

Overall Tone

Informative and urgent, highlighting technical details and underlying policy consequences
Neutral and concise, as is standard in daily cybersecurity newscasts
Occasional commentary on the scale or serious implications of incidents

For full details on any story, visit the episode’s show notes at CISOseries.com

Cyber Security Headlines – October 24, 2025

Episode Overview

This episode offers a rapid-fire roundup of the day's most significant cybersecurity news, including:

The emergence of the "Jingle Thief" exploit targeting cloud environments in retail
North Korean Lazarus Group attacks on European defense companies
The rise of the intense 72-hour workweek in deep tech
Microsoft's survey about bringing Copilot AI to Exchange Server
A technical deep-dive into Amazon Web Services’ DNS outage
A massive uptick in smishing attacks
New cyber incidents affecting U.S. regional governments
Political pressure in the UK for urgency on cyber legislation

Key Discussion Points & Insights

1. Jingle Thief Exploit: Gift Card Theft via Cloud Attacks

[00:06-01:50]

Nature of Attack: Jingle Thief group is actively targeting cloud environments used by retail and consumer service organizations, focusing on gift card systems.
Tactics: Utilizes phishing and smishing (SMS phishing) to steal credentials. Once inside, conducts long-term reconnaissance, lateral movement, and stealthy operations for up to a year.
Attribution: Linked to Atlas Lion and Storm 0539 groups.
Quote:

“…maintains footholds within compromised organizations for extended periods up to a year, conducting extensive reconnaissance to map the cloud environment, moving laterally across the cloud and taking steps to sidestep detection.”
— Steve Prentiss [00:38]

2. Lazarus Group Targets European Defense with Operation Dream Job

[01:51-02:33]

Incident: North Korean threat actors (Lazarus) compromised three European defense firms (UAV developers) using fake job offers to lure staff.
Technique: Posing as recruiters for "high-profile roles," a recurring Lazarus tactic.
Discovery: ESET identified the campaign but has not detailed its full impact yet.
Quote:

“This headhunting approach is a typical technique for Lazarus, in which their agents pose as recruiters and approach employees at organizations of interest with job offers for a high-profile role.”
— Steve Prentiss [02:13]

3. Tech Sector Eyes 72-Hour Workweek (996) in the U.S.

[02:34-03:09]

Trend: US deep tech startups (AI, semiconductors, quantum) are adopting the "996" work culture (9am-9pm, six days a week) already prevalent in China.
Implication: Some startups make acceptance of the 996 schedule a condition for hiring.
Quote:

“Many startups in the US are asking prospective employees if they are willing to commit to the 996 approach and to get the job, the answer needs to be an unequivocal yes.”
— Steve Prentiss [02:58]

4. Microsoft Surveys Admins on Copilot for Exchange Server

[03:10-03:57]

Announcement: Microsoft is asking Exchange Server admins about enabling its AI assistant, Copilot, for on-premises use, which would require sending some data to the cloud.
Concerns: Data privacy, regulatory compliance, and the ability to isolate data are at the forefront.
Key Capabilities Sought: Email summarization, monitoring server health, compliance assurances.
Quote:

“...what requirements are non negotiable such as regulatory compliance, data boundary assurances, admin defined restrictions and complete Internet disconnection.”
— Steve Prentiss [03:46]

5. AWS DNS Outage: DNS Race Condition Identified

[04:25-05:30]

Incident: Last Monday’s AWS US East 1 region outage due to a DNS race condition in DynamoDB’s DNS management.
Technical Details: Empty DNS records were created by a latent defect. This prevented EC2 servers (droplets) from obtaining leases, impacting state changes.
Quote:

“The cause of that DNS failure has now been revealed as a race condition in DynamoDB's automated DNS management system that left an empty DNS record for the service's regional endpoint.”
— Steve Prentiss [04:44]

6. Surge in Smishing Triad Campaigns

[05:31-06:21]

Findings: Researchers highlight a vast, Chinese-managed text phishing (smishing) campaign named Smishing Triad, involving almost 195,000 malicious domains.
Operation: Decentralized, using text lures for personal and financial info; impersonates banks, healthcare, law enforcement.
Scope: Two-thirds of domains registered via Hong Kong-based Dominet Limited, with hosts in the US, China, Singapore.
Quote:

“The fake sites impersonate trusted organizations across industries like finance, healthcare, ecommerce and law enforcement, making the campaign one of the most widespread smishing operations to date.”
— Steve Prentiss [06:14]

7. Wave of Cyber Incidents in U.S. Local Governments

[06:22-07:02]

Victims: Coffman County (TX), La Verne (TN), DeKalb County (IN), and Chester County Library System (PA).
Impacts: Outages affected courthouse systems, city operations, and library services; emergency systems mostly unaffected.
Quote:

“Coffman County, a suburb outside of Dallas, announced a cyber attack that was discovered on Monday, taking down several county systems, including the county courthouse, but not the sheriff’s office or emergency services.”
— Steve Prentiss [06:32]

8. UK Cyber Law Delays Draw Criticism

[07:03-07:50]

Issue: Opposition MPs criticize government for delayed introduction of new cybersecurity laws, especially in wake of recent attacks on major UK brands.
Calls for Action: Parliament may use the "10 minute rule motion" to press for overhaul, mainly as a campaign rather than direct lawmaking.
Quote:

“Describing the process as operating at a glacial pace, Members of Parliament are proposing the little used 10 minute rule motion to call for an overhaul of how the UK handles ransomware attacks.”
— Steve Prentiss [07:31]

Notable Quotes & Memorable Moments

“...maintains footholds within compromised organizations for extended periods up to a year…” [00:38]
“This headhunting approach is a typical technique for Lazarus…” [02:13]
“...the answer needs to be an unequivocal yes.” (re: deep tech work culture) [02:58]
“The cause of that DNS failure has now been revealed as a race condition in DynamoDB’s automated DNS management system...” [04:44]
“...making the campaign one of the most widespread smishing operations to date.” [06:14]

Important Timestamps

Jingle Thief Exploit: [00:06–01:50]
Lazarus Group – Operation Dream Job: [01:51–02:33]
Deep Tech 72-Hour Workweek: [02:34–03:09]
Microsoft Copilot for Exchange: [03:10–03:57]
AWS DNS Race Condition Outage: [04:25–05:30]
Smishing Triad Surge: [05:31–06:21]
US Local Government Cyber Attacks: [06:22–07:02]
UK Cyber Law Delays: [07:03–07:50]

Overall Tone

Informative and urgent, highlighting technical details and underlying policy consequences
Neutral and concise, as is standard in daily cybersecurity newscasts
Occasional commentary on the scale or serious implications of incidents

For full details on any story, visit the episode’s show notes at CISOseries.com

wavePod

Jingle Thief exploit, Lazarus targets jobseekers, the 72 hour workweek

Powered by Wave AI

Summary

Cyber Security Headlines – October 24, 2025

Episode Overview

Key Discussion Points & Insights

1. Jingle Thief Exploit: Gift Card Theft via Cloud Attacks

2. Lazarus Group Targets European Defense with Operation Dream Job

3. Tech Sector Eyes 72-Hour Workweek (996) in the U.S.

4. Microsoft Surveys Admins on Copilot for Exchange Server

5. AWS DNS Outage: DNS Race Condition Identified

6. Surge in Smishing Triad Campaigns

7. Wave of Cyber Incidents in U.S. Local Governments

8. UK Cyber Law Delays Draw Criticism

Notable Quotes & Memorable Moments

Important Timestamps

Overall Tone

Summary

Cyber Security Headlines – October 24, 2025

Episode Overview

Key Discussion Points & Insights

1. Jingle Thief Exploit: Gift Card Theft via Cloud Attacks

2. Lazarus Group Targets European Defense with Operation Dream Job

3. Tech Sector Eyes 72-Hour Workweek (996) in the U.S.

4. Microsoft Surveys Admins on Copilot for Exchange Server

5. AWS DNS Outage: DNS Race Condition Identified

6. Surge in Smishing Triad Campaigns

7. Wave of Cyber Incidents in U.S. Local Governments

8. UK Cyber Law Delays Draw Criticism

Notable Quotes & Memorable Moments

Important Timestamps

Overall Tone