LG Uplus confirms breach, Conduent attack impacts 10M+, hackers exploit tools against Ukraine - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines - October 30, 2025
Host: Sarah Lane, CISO Series
Episode Theme:
This episode covers major new data breaches, evolving nation-state hacker tactics, and significant changes across the cybersecurity technology landscape, presenting rapid-fire updates for security professionals eager to stay ahead.

Main Discussion Points and Insights

1. LG Uplus Confirms Cybersecurity Incident

Overview:
LG UPlus, a leading Korean telecom, disclosed a cybersecurity breach, the third among major national carriers in six months.
Details:
- Incident reported to KISA (Korea Internet & Security Agency).
- Possible link to Chinese or North Korean threat actors.
- Hackers reportedly accessed data from ~9,000 LG UPlus servers.
- The Ministry of Science and ICT confirms ongoing investigations into both KT and LG Uplus.
Tone/Implications:
The breach highlights the intense targeting of critical communications infrastructure in South Korea.

“This may be linked to Chinese or North Korean hackers who reportedly access data from around 9,000 LG U Plus servers.”
— Sarah Lane [00:11]

2. Conduent Attack Impacts 10M+ Americans

Overview:
US government contractor Conduent disclosed a January cyberattack affecting more than 10 million people across several states.
Details:
- The breach lasted nearly three months undetected.
- Claimed by the SafePay ransomware group.
- Stolen data: 8.5 terabytes tied to government contracts (Medicaid, child support, etc.).
- No stolen data detected on public leak sites so far.
Quote:
“Conduent said a January cyberattack exposed data from more than 10 million people across multiple US states after hackers accessed its network for nearly three months.”
— Sarah Lane [00:41]

Notable:
The breach further underlines supply chain risks in government services.

3. Russian 'Sandworm' Hackers Exploit LOtL Tactics in Ukraine

Overview:
Russian hackers alleged to be tied to the notorious Sandworm group escalated cyber-operations against Ukrainian business and local government targets.
Details:
- Attackers used Living off the Land (LOtL) tactics with legitimate Windows tools and custom malware.
- Incidents (June–August): involved web shells like localolive, credential dumping, and PowerShell backdoors.
- Attribution: Researchers hesitate naming Sandworm outright but highlight characteristic techniques.
Quote:
“Researchers say the attacks bear Sandworm’s hallmarks but stop short of formal attribution.”
— Sarah Lane [01:28]

4. NPM Malware 'Phantom Raven' Infects Open Source Packages

Overview:
Coy Security researchers uncovered a wide-reaching campaign targeting NPM open source software packages.
Details:
- ‘Phantom Raven’ has infected 126 packages (20,000 downloads) since August.
- Steals sensitive developer data (NPM tokens, GitHub credentials, CI/CD secrets).
- Fetches malicious payloads at install to avoid static scans.
- Leverages “AI hallucinations” and typo-squatting to trick developers.
Quote:
“Phantom Raven also exploits AI hallucinations via typo-squatted package names, tricking developers into installing compromised packages.”
— Sarah Lane [02:10]

5. Microsoft Fixes Windows 11 Update Failures

Overview:
Critical bug causing Windows Update to fail, linked to missing language packs/feature payloads, is now fixed.
Guidance:
- Fix available via preview update.
- Workarounds: in-place upgrade/Settings can reinstall components without impacting user files or apps.
Implication:
Admins urged to verify device and policy compliance as the solution rolls out.

6. Cyber Ridge Emerges from Stealth with Photonic Encryption

Overview:
Israeli startup Cyber Ridge unveiled a quantum-secure 'Photonic Encryption' tech with $26M in funding.
Details:
- Transforms transmitted data into encrypted optical signals.
- Employs constantly changing photonic keys, aiming to foil future 'harvest now, decrypt later' quantum attacks.
- Already adopted in European, Australian, Singaporean, and Israeli defense/intelligence sectors.
Quote:
“The system requires a constantly changing photonic key to access data, aiming to block harvest now, decrypt later attacks.”
— Sarah Lane [03:31]

7. Ex-L3Harris Exec Pleads Guilty to Selling US Zero Days

Overview:
Former defense contractor Peter Williams admits to stealing and selling eight US gov zero-day exploits to a Russian broker.
Key Details:
- Sold to ‘Operation Zero’ for millions in cryptocurrency.
- Prosecutors cite $35M in losses; tools possibly exploited by foreign entities.
- Williams faces up to 20 years; sentencing in January.
Quote:
“Prosecutors say the theft caused $35 million in losses and could have given foreign actors advanced hacking tools.”
— Sarah Lane [04:03]

8. Microsoft’s Azure VM Security Change Delayed After Customer Feedback

Overview:
Microsoft announced postponement of a major Azure network security default shift to March 2026.
Details:
- Default private subnets for new virtual networks would break existing workflows depending on legacy public internet access.
- Delay allows organizations to adapt; existing nets unaffected for now.
Warning:
Security leaders advised to review cloud network dependencies before the 2026 deadline to avoid business disruptions.

Memorable Moments & Notable Quotes

“Russian hackers likely tied to Sandworm breached Ukrainian organizations using Living off the Land tactics and legitimate tools to steal data and maintain network access...”
— Sarah Lane [01:19]
“Researchers at Coy Security uncovered an ongoing NPM malware campaign dubbed Phantom Raven... infecting 126 packages with 20,000 downloads.”
— Sarah Lane [01:59]
“Williams faces up to 20 years in prison, with sentencing set for January.”
— Sarah Lane [04:11]

Timestamps for Major Segments

| Segment | Topic | Timestamp | |---------|------------------------------------------------------------|------------| | 1 | LG UPlus confirms breach | 00:10 | | 2 | Conduent’s 10M+ data breach | 00:41 | | 3 | Russian Sandworm hackers attack Ukraine | 01:19 | | 4 | NPM ‘Phantom Raven’ malware | 01:59 | | 5 | Microsoft Windows 11 update patches | 03:01 | | 6 | Cyber Ridge photonic encryption tech | 03:31 | | 7 | Ex-L3Harris exec sells US zero-days | 04:03 | | 8 | Microsoft Azure security changes postponed | 04:38 |

Summary Flow & Utility for the Uninitiated

This rapid daily wrap distills breach headlines, APT (Advanced Persistent Threat) tactics, open source supply chain risk, new defenses from leading-edge startups, and regulatory impacts for cloud users. The concise, urgent reporting mixed with authoritative quotes makes this episode valuable for infosec professionals and anyone monitoring cyber threats to critical services.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Thursday, October 30, 2025. I'm Sarah Lane. LG UPlus confirms cybersecurity incident LG UPlus, one of South Korea's largest telecoms, reported a suspected data breach to the country's cybersecurity agency kisa, joining SK Telecom and KT Telecom as the third major carrier under investigation in six months. This may be linked to Chinese or North Korean hackers who reportedly access data from around 9,000 LG U Plus servers. South Korea's Ministry of Science and ICT told TechCrunch that its investigation into KT and LGU plus is still ongoing. 10 million plus impacted by conduit breach Government contractor Conduent said a January cyber attack exposed data from more than 10 million people across multiple US states after hackers accessed its network for nearly three months. The SafePay ransomware group claimed the breach, saying that it stole 8.5 terabytes of data tied to Conduent's government contracts for the Medicaid, child support and other programs. Conduent says no stolen data has surfaced publicly. Russian hackers exploit tools against Ukrainian targets Russian hackers likely tied to Sandworm breached Ukrainian organizations using Living off the Land tactics and legitimate tools to steal data and maintain network access, according to Symantec and and Carbon Black. The intrusions targeted a major business services firm and a local government from June to August using web shells like localolive, Credential Dumping and powershell Backdoors. Researchers say the attacks bear Sandworms hallmarks but stops short of formal attribution. NPM malware uses invisible dependencies to infect packages Researchers at Coy Security uncovered an ongoing NPM malware campaign dubbed Phantom Raven, active since August, infecting 126 packages with 20,000 downloads. The malware steals npm tokens, GitHub credentials and CICD secrets, fetching malicious code from attacker controlled servers at install time to evade detection. Phantom Raven also exploits AI hallucinations via typo squatted package names, tricking developers into installing compromised packages. At least 80 infected packages currently remain active, huge thanks to our sponsor Conveyor Security reviews don't have to feel like a hurricane. Most teams are buried in back and forth emails and never ending customer requests for documentation or answers. But Conveyor takes all that chaos and turns it into calm. AI fills in the questionnaires. Your trust center is always ready, and sales cycles move without stalls. Breathe easier. Check out conveyor@www.conveyor.com Microsoft Fixes cause Windows Update Failures Microsoft has fixed a known issue causing certain Windows 11 updates to fail. Linked to missing language packs and feature payloads removed during automatic or manual component repair, the latest preview update appears to resolve the problem. Administrators unable to install it can use an in place upgrade via installation media or Windows settings to reinstall missing components without affecting personal files or apps. Cyber Ridge Emerges with Photonic Encryption solution Israeli cybersecurity startup Cyberidge emerged From Stealth with $26 million in funding for its Photonic Encryption system, which transforms transmitted data into encrypted optical noise to prevent interception and quantum decryption. The system requires a constantly changing photonic key to access data, aiming to block harvest now, decrypt later attacks. Founded in 2021, Cyber Ridge already has deployments in defense, intelligence and telecom sectors across Europe, Australia, Singapore and Israel. Ex L3Harris exec pleads guilty to selling zero days to broker Former L3Harris executive Peter Williams pleaded guilty to stealing and selling eight US government zero day exploits to a Russian broker, Operation Zero for millions in cryptocurrency. Prosecutors say the theft caused $35 million in losses and could have given foreign actors advanced hacking tools. Williams faces up to 20 years in prison, with sentencing set for January. Microsoft Security Change for Azure VMS creates Pitfalls Microsoft postponed a planned Azure network security change to March 2026 after feedback from customers concerned it could disrupt apps dependent on public Internet access. The update would make private subnets the default for new virtual networks, blocking automatic outbound connections to the Internet to align with zero trust principles. Existing networks shouldn't be affected, but experts warn firms to prepare now or risk broken workloads once the change does take effect. Do you live in Boston? Do you work in cybersecurity? Maybe both? Maybe you're just studying and you want to work in cyber. If any of these are true, then you must join us on Monday, November 24th for our Boston based CISO Series Meetup. It's happening at the City taphouse Boston from 5 to 7pm Be sure to head over to our events page@cisoseries.com and and register to join us. If you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we want to hear from you. I am Sarah Lane reporting for the CISO Series and thank you for stopping by.
[06:52]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
[07:03]
B
It.