Cyber Security Headlines
Host: Sarah Lane, CISO Series
Episode Date: September 30, 2025
Episode Title: Microsoft blocks AI code, Breach hits WestJet, Harrods suffers new data incident

Episode Overview

This episode delivers concise updates on significant cyber incidents and security trends, including:

• Microsoft halting an AI-powered phishing attack
• Data breaches at WestJet and Harrods
• The evolution of malware tactics, privacy vulnerabilities in tracking technologies, and key policy updates from global cyber authorities.

Key Discussion Points and Insights

1. Microsoft Blocks AI-Generated Phishing Code

[00:07 - 01:11]

• Incident: Microsoft intercepted a sophisticated phishing campaign targeting US organizations. Attackers leveraged AI to generate malicious code, embedding it in SVG files masked as PDFs.
• Detection:
  • Defender for Office365 flagged the attack due to anomalies in file structure, email content, and network behavior.
  • The code exhibited AI hallmarks: verbose, businesslike comments, “over-engineered” functions, and formulaic code obfuscation.
• Mitigations advised by Microsoft:
  • Safe Links
  • Zero Hour Auto Purge
  • Phishing resistant authentication
  • Cloud-delivered antivirus
• Quote: “Microsoft identified AI traits in the code, including verbose business like comments, over engineered functions and formulaic obfuscation.” — Sarah Lane [00:18]

2. WestJet Notifies US Customers of Data Breach

[01:11 - 01:57]

• Breach Details:
  • Incident occurred June 13
  • Criminal actors accessed some personal info: names, contact info, and reservation documents
  • No passwords or payment card data breached
• Response:
  • Engaged cybersecurity experts
  • Notifying affected individuals
  • Advised to remain vigilant for phishing or social engineering
• Company Statement:
  • Operational safety was never compromised
• Quote: “WestJet says it's engaged experts to investigate and is informing affected individuals, advising vigilance against phishing or social engineering attempts.” — Sarah Lane [01:32]

3. Phishing Campaign Spoofs Ukrainian Police; Delivers Stealth Malware

[01:57 - 02:38]

• Attack Details:
  • Government systems in Kyiv targeted
  • Emails spoof national police using malicious SVGs
  • Deploy password-protected archive containing:
    • Amatera Stealer: harvests credentials, browser data, crypto wallets
    • PureMiner: stealth cryptocurrency miner
  • Technique: Fileless malware — deployed directly into memory to bypass detection mechanisms

4. Harrods Breach: 430,000 Customer Records Exposed

[02:38 - 03:27]

• Incident:
  • Large UK retailer hit via third-party supplier compromise
  • Exposed data includes: names, contact info, and loyalty/marketing tags
  • No passwords, payment details, or order histories leaked
• Security Notes:
  • Unrelated to the May ransomware attack (Scattered Spider, Dragon Force)
  • Extortion attempt failed
  • Notified customers and relevant authorities
• Advice: Watch for phishing attempts
• Quote: “Harrods has informed affected customers and authorities, warning them to watch for phishing, and confirmed that the threat actor unsuccessfully attempted to engage in extortion.” — Sarah Lane [03:21]

5. Tile Tags Privacy Flaw Enables Stalking and Tracking

[04:07 - 04:44]

• Research:
  • Georgia Tech study finds Tile’s tracking tags leak unencrypted, static MAC addresses and unique IDs
  • Enables anyone—including Tile—to track users' movements or replay signals to frame someone for stalking
• Vendor Response:
  • Parent company Life360 notified in 2024; no public remediation yet

6. Neon Call Recording App Pulled for Major Security Flaws

[04:44 - 05:07]

• Vulnerability:
  • Any logged-in user could access others’ calls, phone numbers, transcripts, and recordings
• Action:
  • App taken offline, security audit initiated
  • Promise to relaunch after thorough review

7. Global Cyber Authorities Release OT Security Guidance

[05:07 - 05:41]

• Participants: Agencies from US, UK, Australia, Germany, Netherlands, and more
• Framework Recommendations:
  • Maintain records of OT assets
  • Implement information security programs
  • Risk-classify assets
  • Document connectivity
  • Assess third-party risks
• Warning: OT compromises can disrupt critical infrastructure (energy, water, manufacturing)
• Quote: “Officials warn that OT compromises can disrupt critical infrastructure such as energy, water and manufacturing.” — Sarah Lane [05:38]

8. "Evil AI" Campaign Masquerades Trojan Malware as Productivity/AI Tools

[05:41 - 06:29]

• Trend Micro Findings:
  • Global campaign uses apps like App Suite, epibrowser, PDF Editor
  • Targets: government, healthcare, manufacturing in the US, Europe, Brazil, India
  • Malware disguises as legit AI/software, employs professional UIs and stolen code-signing certificates
  • Effects: data exfiltration, encrypted C2, payload staging

9. Industry Commentary: Security Vendor Clutter

[06:29 - 07:16]

• Observation:
  • Market saturated with vendors using similar marketing/demos
  • CISOs seek real solutions, but often lack clear information from vendors
• Upcoming CISO Series Segment: “Time to Choose a Security Vendor: Dartboard or Spin the Wheel”

Notable Quotes & Moments

• "Microsoft identified AI traits in the code, including verbose business like comments, over engineered functions and formulaic obfuscation." — Sarah Lane [00:18]
• "WestJet says it's engaged experts to investigate and is informing affected individuals, advising vigilance against phishing or social engineering attempts." — Sarah Lane [01:32]
• "Harrods has informed affected customers and authorities, warning them to watch for phishing, and confirmed that the threat actor unsuccessfully attempted to engage in extortion." — Sarah Lane [03:21]
• "Officials warn that OT compromises can disrupt critical infrastructure such as energy, water and manufacturing." — Sarah Lane [05:38]

Timestamps for Important Segments

• [00:07] Microsoft AI phishing attack blocked
• [01:11] WestJet breach notification
• [01:57] Ukrainian police spoofing and fileless malware
• [02:38] Harrods customer data breach
• [04:07] Tile tracking tag privacy flaw
• [04:44] Neon app privacy incident
• [05:07] OT (Operational Technology) security guidance
• [05:41] “Evil AI” Trojan malware campaign
• [06:29] Vendor market commentary

Tone and Language

Sarah Lane maintains a factual, concise, and slightly conversational tone, providing clarity and emphasis on practical takeaways without sensationalism.

Useful For:
Those needing a rapid, informed summary of the latest cyber risks, enterprise breaches, supply chain vulnerabilities, and evolving attack techniques—plus context on regulatory activity and security industry trends.