Cyber Security Headlines
Host: Sarah Lane, CISO Series
Episode Date: September 30, 2025
Episode Title: Microsoft blocks AI code, Breach hits WestJet, Harrods suffers new data incident
Episode Overview
This episode delivers concise updates on significant cyber incidents and security trends, including:
- Microsoft halting an AI-powered phishing attack
- Data breaches at WestJet and Harrods
- The evolution of malware tactics, privacy vulnerabilities in tracking technologies, and key policy updates from global cyber authorities.
Key Discussion Points and Insights
1. Microsoft Blocks AI-Generated Phishing Code
[00:07 - 01:11]
- Incident: Microsoft intercepted a sophisticated phishing campaign targeting US organizations. Attackers leveraged AI to generate malicious code, embedding it in SVG files masked as PDFs.
- Detection:
- Defender for Office365 flagged the attack due to anomalies in file structure, email content, and network behavior.
- The code exhibited AI hallmarks: verbose, businesslike comments, “over-engineered” functions, and formulaic code obfuscation.
- Mitigations advised by Microsoft:
- Safe Links
- Zero Hour Auto Purge
- Phishing resistant authentication
- Cloud-delivered antivirus
- Quote: “Microsoft identified AI traits in the code, including verbose business like comments, over engineered functions and formulaic obfuscation.” — Sarah Lane [00:18]
2. WestJet Notifies US Customers of Data Breach
[01:11 - 01:57]
- Breach Details:
- Incident occurred June 13
- Criminal actors accessed some personal info: names, contact info, and reservation documents
- No passwords or payment card data breached
- Response:
- Engaged cybersecurity experts
- Notifying affected individuals
- Advised to remain vigilant for phishing or social engineering
- Company Statement:
- Operational safety was never compromised
- Quote: “WestJet says it's engaged experts to investigate and is informing affected individuals, advising vigilance against phishing or social engineering attempts.” — Sarah Lane [01:32]
3. Phishing Campaign Spoofs Ukrainian Police; Delivers Stealth Malware
[01:57 - 02:38]
- Attack Details:
- Government systems in Kyiv targeted
- Emails spoof national police using malicious SVGs
- Deploy password-protected archive containing:
- Amatera Stealer: harvests credentials, browser data, crypto wallets
- PureMiner: stealth cryptocurrency miner
- Technique: Fileless malware — deployed directly into memory to bypass detection mechanisms
4. Harrods Breach: 430,000 Customer Records Exposed
[02:38 - 03:27]
- Incident:
- Large UK retailer hit via third-party supplier compromise
- Exposed data includes: names, contact info, and loyalty/marketing tags
- No passwords, payment details, or order histories leaked
- Security Notes:
- Unrelated to the May ransomware attack (Scattered Spider, Dragon Force)
- Extortion attempt failed
- Notified customers and relevant authorities
- Advice: Watch for phishing attempts
- Quote: “Harrods has informed affected customers and authorities, warning them to watch for phishing, and confirmed that the threat actor unsuccessfully attempted to engage in extortion.” — Sarah Lane [03:21]
5. Tile Tags Privacy Flaw Enables Stalking and Tracking
[04:07 - 04:44]
- Research:
- Georgia Tech study finds Tile’s tracking tags leak unencrypted, static MAC addresses and unique IDs
- Enables anyone—including Tile—to track users' movements or replay signals to frame someone for stalking
- Vendor Response:
- Parent company Life360 notified in 2024; no public remediation yet
6. Neon Call Recording App Pulled for Major Security Flaws
[04:44 - 05:07]
- Vulnerability:
- Any logged-in user could access others’ calls, phone numbers, transcripts, and recordings
- Action:
- App taken offline, security audit initiated
- Promise to relaunch after thorough review
7. Global Cyber Authorities Release OT Security Guidance
[05:07 - 05:41]
- Participants: Agencies from US, UK, Australia, Germany, Netherlands, and more
- Framework Recommendations:
- Maintain records of OT assets
- Implement information security programs
- Risk-classify assets
- Document connectivity
- Assess third-party risks
- Warning: OT compromises can disrupt critical infrastructure (energy, water, manufacturing)
- Quote: “Officials warn that OT compromises can disrupt critical infrastructure such as energy, water and manufacturing.” — Sarah Lane [05:38]
8. "Evil AI" Campaign Masquerades Trojan Malware as Productivity/AI Tools
[05:41 - 06:29]
- Trend Micro Findings:
- Global campaign uses apps like App Suite, epibrowser, PDF Editor
- Targets: government, healthcare, manufacturing in the US, Europe, Brazil, India
- Malware disguises as legit AI/software, employs professional UIs and stolen code-signing certificates
- Effects: data exfiltration, encrypted C2, payload staging
9. Industry Commentary: Security Vendor Clutter
[06:29 - 07:16]
- Observation:
- Market saturated with vendors using similar marketing/demos
- CISOs seek real solutions, but often lack clear information from vendors
- Upcoming CISO Series Segment: “Time to Choose a Security Vendor: Dartboard or Spin the Wheel”
Notable Quotes & Moments
- "Microsoft identified AI traits in the code, including verbose business like comments, over engineered functions and formulaic obfuscation." — Sarah Lane [00:18]
- "WestJet says it's engaged experts to investigate and is informing affected individuals, advising vigilance against phishing or social engineering attempts." — Sarah Lane [01:32]
- "Harrods has informed affected customers and authorities, warning them to watch for phishing, and confirmed that the threat actor unsuccessfully attempted to engage in extortion." — Sarah Lane [03:21]
- "Officials warn that OT compromises can disrupt critical infrastructure such as energy, water and manufacturing." — Sarah Lane [05:38]
Timestamps for Important Segments
- [00:07] Microsoft AI phishing attack blocked
- [01:11] WestJet breach notification
- [01:57] Ukrainian police spoofing and fileless malware
- [02:38] Harrods customer data breach
- [04:07] Tile tracking tag privacy flaw
- [04:44] Neon app privacy incident
- [05:07] OT (Operational Technology) security guidance
- [05:41] “Evil AI” Trojan malware campaign
- [06:29] Vendor market commentary
Tone and Language
Sarah Lane maintains a factual, concise, and slightly conversational tone, providing clarity and emphasis on practical takeaways without sensationalism.
Useful For:
Those needing a rapid, informed summary of the latest cyber risks, enterprise breaches, supply chain vulnerabilities, and evolving attack techniques—plus context on regulatory activity and security industry trends.
