Summary5 min read

Cyber Security Headlines – Episode Summary

Date: October 10, 2025
Host: Steve Prentice
Main Theme:
A rapid-fire news roundup of major information security incidents and trends, including Microsoft Azure outages, a cyberattack on a high-profile US law firm, Russian hacktivist failures, and the intersection of AI-generated content and legal evidence.

Key Stories & Insights

1. Microsoft Azure Outage Impacts Global Access

[00:07 – 01:10]

Incident: An Azure Front Door Content Delivery Network outage blocked access to Microsoft 365 services and admin portals.
Regions Affected: Europe, Africa, and the Middle East experienced delays and timeouts for Azure and Entra portals.
Response:
- Microsoft engineering "restarting Kubernetes instances that were causing capacity loss across AFD instances to bring them back online." (Steve Prentice, [00:36])
- 96% of impacted resources reportedly restored by the time of broadcast.

2. US Law Firm Williams & Connolly Suffers Suspected Nation-State Attack

[01:11 – 02:18]

Breach Details:
- Suspected nation-state actors leveraged a zero-day attack on attorney email accounts at Williams & Connolly.
- Attackers believed to be associated with China, based on intelligence from the New York Times, Google Threat Intelligence Group, and Mandiant.
Target: Law firms and legal sectors tied to US national security and international trade.
Mitigation:
- The firm states, "It does not have evidence that confidential client data was taken from central databases where the files are kept." (Williams & Connolly statement, [02:10])

3. Pro-Russian Hacktivist Group TWO.NET ‘Pwned’ by Decoy Infrastructure

[02:19 – 03:04]

Shift in Tactics: TWO.NET moved from launching DDoS attacks to targeting critical infrastructure.
Incident:
- Believed to have attacked a water treatment plant.
- The “plant” was actually a decoy, used to study attacker actions.
Security Recommendation:
- Forescout urges, “ensure that systems have strong authentication and are not exposed to the public Web.” ([03:00])
Memorable Moment: The attackers “thought was a water treatment plant, but was instead a decoy set up to observe the activities of such groups.” ([02:40])

4. SonicWall Cloud Backup Breach

[03:05 – 03:53]

Incident: Unauthorized party accessed firewall configuration backup files for all SonicWall cloud backup users.
Risk Factors:
- Backups contain encrypted credentials and configuration data.
- Risk increased if devices are internet-facing.
Customer Guidance:
- Impacted device lists and remediation priorities now available on the MySonicWall Portal.
Notable Quote: “Possession of these files could increase the risk of targeted attacks.” ([03:45])

5. Looming Windows 10 End of Life & Market Impact

[04:45 – 05:53]

Scope:
- Of 1.4 billion Windows devices, 550 million are enterprise.
- About half will miss the upgrade deadline due to hardware limits.
Costs for Delay:
- First-year Extended Security Updates: $61 per device, doubling annually to $122, then $244.
Timeline:
- Final Windows 10 updates and fixes end on October 14, 2025.

6. Major WordPress Plugin Vulnerability

[05:54 – 06:29]

Plugin: Service Finder Bookings (up to v6.0).
Flaw:
- Authentication bypass issue allows login as any user, including admins, “due to improper cookie validation.” (Wordfence, [06:20])
Severity: CVSS score 9.8 – critical.

7. Arrests in UK Nursery Ransomware Attack

[06:30 – 07:06]

Incident Recap:
- September attack on Kido nurseries compromised sensitive data, leading attackers to call parents for ransom demands.
Arrests:
- Two 17-year-old boys apprehended.
Ransom Demand: £600,000.

8. ChatGPT-generated Images Used as Evidence in California Arson Case

[07:07 – 08:17]

Case: Jonathan Rindernecht charged with arson for the Palisades wildfire.
Evidence Cited:
- ChatGPT-generated image of a burning city found on suspect's phone.
- Investigators allege this “reflects premeditation.” ([07:30])
- Other incriminating digital and physical evidence presented.
Defense: Argues that “an AI-created image is circumstantial and not proof of action.”
Insight: This case “highlights growing challenges in using generative AI content as criminal evidence.” ([08:10])

Notable Quotes

On Microsoft Azure Outage:
- “Restarting Kubernetes instances that were causing capacity loss across AFD instances to bring them back online.”
  — Steve Prentice quoting Microsoft ([00:36])
On Law Firm Breach:
- “It does not have evidence that confidential client data was taken from central databases where the files are kept.”
  — Williams & Connolly spokesperson ([02:10])
On Hacktivist Decoy Incident:
- “Believing this to be a real target…was instead a decoy set up to observe the activities of such groups.”
  — Steve Prentice ([02:40])
On SonicWall Breach:
- “Possession of these files could increase the risk of targeted attacks.”
  — Steve Prentice ([03:45])
On WordPress Plugin Flaw:
- “An authentication bypass issue allowing attackers to log in as any user including admins due to improper cookie validation.”
  — Wordfence via Steve Prentice ([06:20])
On AI-generated Evidence:
- “A ChatGPT generated image of a burning city found on his phone, which they argue reflects premeditation.”
  — Steve Prentice ([07:30])
- “The defense disputes the interpretation, noting that an AI created image is circumstantial and not proof of action.”
  — Steve Prentice ([07:51])

Timestamps for Important Segments

Azure Outage — [00:07 – 01:10]
Williams & Connolly Hack — [01:11 – 02:18]
TWO.NET Hacktivists Decoyed — [02:19 – 03:04]
SonicWall Backup Breach — [03:05 – 03:53]
Windows 10 End of Life Stats — [04:45 – 05:53]
Service Finder Plugin Flaw — [05:54 – 06:29]
Kido Ransomware Arrests — [06:30 – 07:06]
AI-generated Evidence in Arson Case — [07:07 – 08:17]

Summary & Takeaways

This episode delivers a comprehensive roundup of recent cyber incidents, ranging from large-scale outages (Azure) to targeted attacks (law firms, SonicWall) and the ever-evolving tactics of hacktivist groups. Legal and regulatory themes are increasingly intersecting with technology, as highlighted by the use of ChatGPT-generated evidence in an arson case and the real-world impact of software end-of-life deadlines. The episode concludes by reinforcing cybersecurity best practices and the critical importance of vigilance across the spectrum of IT environments.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Friday, October 10, 2025. I'm Steve Prentice. Azure outage blocks access to Microsoft 365 services and admin portals this outage affected the Microsoft Azure Front Door Content Delivery network and prevented customers from accessing Microsoft 365 services. Delays and timeouts were observed across Europe, Africa and the Middle east yesterday for users connecting to the Azure and Entra portals. Since then, Microsoft Engineering teams have been quote restarting Kubernetes instances that were causing capacity loss across AFD instances to bring them back online, end quote. As of this recording, 96% of impacted resources have been successfully recovered. Major US law firm suffers cyberattack Williams and Conley, a firm that includes some high profile politicians on its client list, said that on Tuesday suspected nation state hackers used a zero day attack to break into email accounts belonging to a small number of attorneys. The firm did not say which nation state, but it is believed to be the same that has recently attacked other law firms and companies, and the New York Times claims its sources see this nation state as being China. The Google Threat Intelligence Group and Mandiant concurs, stating that China Nexus Threat Clusters have been leading a campaign which exploits zero day vulnerabilities to target the US Legal sector and collect information related to US national security and international trade. Spokespeople for Williams and Connolly, the firm in question emphasized that it does not have evidence that confidential client data was taken from central databases where the files are kept, end quote Hacktivists Aiming for Critical Infrastructure get pwned A pro Russian hacktivist group called twonet that is t w o n e t recently changed attck moving from launching DDoS attacks to targeting critical infrastructure. A report from enterprise IT security firm Forescout describes how the group attacked what it thought was a water treatment plant, but was instead a decoy set up to observe the activities of such groups. The full story is available at Bleeping Computer. The link is in the show notes and it describes the various steps the group took. Believing this to be a real target. Forescout recommends that organizations in the critical infrastructure sector ensure that systems have strong authentication and are not exposed to the public Web. Hackers Access SonicWall Cloud Firewall Backups SonicWall stated on Wednesday that an unauthorized party accessed firewall configuration backup files for all customers who have used a cloud backup service. The files contain encrypted credentials and configuration data while encryption remains in place. Possession of these files could increase the risk of targeted attacks. A list of impacted devices is available on the mysonic Wall portal along with a priority level to help customers determine their remediation efforts. Devices with Internet facing services enabled are listed as the highest priority. Huge thanks to our sponsor ThreatLocker. Imagine having the power to decide exactly what runs in your IT environment and blocking everything else by default. That's what ThreatLocker delivers as a zero trust endpoint protection platform. ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats, stop them with ThreatLocker. A quick reminder for fans of the CISO series and New York City based security professionals. You are all welcome to join us for a fun networking event in New York City on October 21st at 5:30pm it's free, so head on over to the events page@cisoseries.com to register hundreds of millions of business PCs are still on Windows 10 as the end day nears. Following up on a story we have been covering regularly throughout this year, some interesting statistics around the expiry of Support for Windows 10, which occurs next Tuesday, October 14th. According to analyst Kieran Jessop of Omdia speaking to the register, there are 1.4 billion Windows devices running worldwide amongst individual consumers and businesses. 550 million of these machines are running in corporations and around half of those will not meet the end of life deadline to Switch to Windows 11. In many cases this is because the devices do not meet the minimum requirements for the upgrade. On October 14, Microsoft will issue the final updates and security fixes, after which business customers will have to pay for extended security updates at $61 for the first 12 months, doubling to $122 for the second year and doubling again for year three. WordPress Plugin Flaw gives hackers access to admin accounts the flaw, which has a CVE number and a CVSS score of 9.8, exists within the Service Finder bookings plugin. According to WordFence, versions of this plugin up to and including versions 6.0 have quote an authentication bypass issue allowing attackers to log in as any user including admins due to improper cookie validation. End quote. The plugin is a built in component designed to let businesses and professionals offer service listings and online booking functionality on their WordPress website. Arrests made in the UK nursery ransomware attack following up on a story we covered in late September, two individuals, both 17 year old boys, have been arrested in connection with the ransomware attack on the Kido chain of children's nurseries that is spelled K I D O. The attack, which had been claimed by a group named Radiant, exposed data such as names, home addresses, parent work locations and images of the children. The hackers had been calling parents directly about the hack in order to pressure Kido into paying the 600,000 pound ransom. ChatGPT image and prompts used as evidence in arrest of Pacific Palisade Eaton fire suspects US Prosecutors have charged Jonathan Rindernecht with arson for allegedly starting the 2025 Palisades wildfire in California, which destroyed homes and forced mass evacuations. Investigators say digital evidence links him to the fire, including a ChatGPT generated image of a burning city found on his phone, which they argue reflects premeditation. Additional data from his phone, online activity and physical evidence allegedly connect him to the blaze's origin, including questions about whether one can be found guilty, a cigarette lighting a fire. The defense disputes the interpretation, noting that an AI created image is circumstantial and not proof of action. The case highlights growing challenges in using generative AI content as criminal evidence. It's Friday, and that means we've got an episode of the week in review coming up at 3:30pm Eastern. If you have never joined us live, you're missing out. Not only do you get to see the smiling faces of our host Rich Stroffolino and the expert CISO guests, but you get to join in on our lively chat. So if you've got 30 minutes to spare to help kick off your weekend, we would love for you to join us later today. As always, just go to the events page@cisoseries.com to register. And if there's a story we've shared on this show that you have used at work, please let us know@feedbackisoseries.com we would love to hear how the show is making a difference. I'm Steve Prentiss reporting for CISO series.
[08:19]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.